Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


BYOD allowed in hospitals presents challenges

New HIPAA rules pose risk

As BYOD (bring your own device) continues to gain in popularity among employers, some industries may face serious risk—particularly the health care industry.

According to a survey released last year by Aruba Networks, 85 percent of hospitals allow BYOD among their employees. But some warn, with the new rules under the Health Insurance Portability and Accountability Act (HIPAA), hospitals are walking a fine line with regard to possible violations—each of which could mean a $50,000 fine.

The new rules, which went into effect earlier this week, requires business associates that handle patient health information as part of the services they provide to these covered entities to adhere to all HIPAA rules. Additionally, they increase patient privacy protections, explain new rights to people to access their health information, and give the Department of Human Services greater ability to enforce the law.

But some experts believe hospitals are at the greatest risk of violating the new law.

“Most hospitals are grossly noncompliant,” Ryan Kalember, chief product officer at WatchDox, told the Wall Street Journal (WSJ). “All clinical staff and most administrative staff are just doing what they can to get things done … sharing information and not having any sort of an audit trail is really problematic. That is a HITECH violation and a HIPAA violation.”

The responsibility that health care providers use proper precautions and technology—such as secured and encrypted systems—when allowing BYOD in the workplace lies on the employer, Kalember explained.  

While the updated rules are new, experts say now is the time for hospitals to update their systems to ensure compliance.

Stephen Li, chief information officer at Jersey City Medical Center, told the WSJ that the key is to make sure records are protected but implement a system that is easy to use, as doctors and nurses need to spend their time focusing on the needs of their patients and not on whether their emails are secure.

Read more about this and best practices around the new HIPAA rules on the WSJ.

For more HIPAA stories on InsideCounsel, see:

Regulatory: Securing information stored on mobile devices

New HIPAA privacy laws take effect after grace period for the newly regulated

E-Discovery: Is BYOD a B-A-D idea?

A quick guide to staying “cloud compliant” with new HIPAA rules


Cathleen Flahardy

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.