The U.S. Department of Health & Human Services has a webpage entitled, Your Mobile & Health Information Privacy and Security.The site is for consumers as well as health care practitioners, and notes:
The HIPAA Privacy Rule establishes national standards for giving patients the right to access and request amendment of their protected health information (PHI) as well as requesting restrictions on the use or disclosure of such information. The HIPAA Security Rule establishes a national set of security standards for the confidentiality, integrity, and availability of electronic protected health information. The HIPAA Privacy and Security Rules apply to covered entities. Covered entities include health care providers and professionals such as doctors, nurses, psychologists, dentists, and chiropractors. Individuals and organizations that meet the definition of a covered entity and who transmit health information in electronic form in connection with certain transactions must comply with the Rules’ requirements to protect the privacy and security of health information, even when using mobile devices.
HHS also provides tips about privacy and security for using a mobile device at work. In a segment for physicians and other healthcare providers, HHS states: “Dr. Anderson’s Office Identifies a Risk focuses on one provider’s office and one mobile device risk. The video explains the importance of performing a risk analysis, developing a risk management strategy, developing and implementing policies and procedures, and privacy and security training and education when using mobile devices in a health care setting.”
For those interested, in training, HHS involves Privacy & Security Training Games, its Web-based security training module, CyberSecure: Your Medical Practice.
Note that even if HIPAA does not apply to a physician or other healthcare practice, state-based privacy and security laws can still apply. Contact our legal experts familiar with HIPAA and other privacy and security laws as they apply to hard copies, faxes, emails, mobile devices, and other information platforms. Develop a HIPAA-compliant set of policies and procedures today.