Last month in this column, I addressed the new HIPAA rule, which significantly expands certain obligations for health care providers and their business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In that article, I discussed the importance of updating your (or adopting a) HIPAA Compliance Plan. In light of the new HIPAA rule, the move into the technology age and the prevalent use of mobile devices, developing policies and procedures as part of your HIPAA Compliance Plan to address the security of patient information on your iPhone, iPad, Blackberry, etc., has become increasingly important if you are (or you represent) a health care provider or business associate.
The first step is deciding whether or not you will allow the use of mobile devices within your business for accessing, receiving, transmitting or storing patient health information. In making such determination, you should thoroughly review the risks (e.g., increased risk of theft of patient information) and benefits (e.g., convenience) associated with using mobile devices for such purposes.