As BYOD (bring your own device) continues to gain in popularity among employers, some industries may face serious risk—particularly the health care industry.
According to a survey released last year by Aruba Networks, 85 percent of hospitals allow BYOD among their employees. But some warn, with the new rules under the Health Insurance Portability and Accountability Act (HIPAA), hospitals are walking a fine line with regard to possible violations—each of which could mean a $50,000 fine.
The new rules, which went into effect earlier this week, requires business associates that handle patient health information as part of the services they provide to these covered entities to adhere to all HIPAA rules. Additionally, they increase patient privacy protections, explain new rights to people to access their health information, and give the Department of Human Services greater ability to enforce the law.
But some experts believe hospitals are at the greatest risk of violating the new law.
“Most hospitals are grossly noncompliant,” Ryan Kalember, chief product officer at WatchDox, told the Wall Street Journal (WSJ). “All clinical staff and most administrative staff are just doing what they can to get things done … sharing information and not having any sort of an audit trail is really problematic. That is a HITECH violation and a HIPAA violation.”
The responsibility that health care providers use proper precautions and technology—such as secured and encrypted systems—when allowing BYOD in the workplace lies on the employer, Kalember explained.
While the updated rules are new, experts say now is the time for hospitals to update their systems to ensure compliance.
Stephen Li, chief information officer at Jersey City Medical Center, told the WSJ that the key is to make sure records are protected but implement a system that is easy to use, as doctors and nurses need to spend their time focusing on the needs of their patients and not on whether their emails are secure.
Read more about this and best practices around the new HIPAA rules on the WSJ.
For more HIPAA stories on InsideCounsel, see: