Personal devices, such as iPhones, Androids and tablets, are basically extensions of ourselves these days, with most of us syncing our professional and personal email accounts and regularly using such apps as text, iMessage and Hangouts. But all that connectivity and convenience come with great risk, according to a veteran compliance officer.
Also by this Author
“I understand cell phones are important, and most people have them superglued to their persons. But 10–15 years ago, smartphones were unheard of—and we survived,” says Sean M. Weiss, partner and vice president of compliance for Doctors Management, a healthcare consultancy in Knoxville, Tenn. “It can seem totally innocent, but people just don’t realize how damaging having patient information on your phone can be.”
Mr. Weiss and his team specialize in audit and appeal representation and provide consultative compliance services to medical practices as small as one provider to health systems with thousands. He’s seen his share of mistakes. He’s also witnessed the devastation a violation of the Health Insurance Portability and Accountability Act HIPAA can have on a medical practice.
One recent, “egregious” example involved a nurse at a subspecialist’s office. Sensitive information, including the patient’s name, date of birth and medical record number, was relayed via text message between the front desk and triage nurse. When the nurse got home, she left her phone on the kitchen counter, and her daughter read her mom’s text message. The daughter recognized the patient name and determined the patient was the mother of a girl at school whom she didn’t like. The daughter took a screenshot of the texts and posted it to Facebook with unflattering words.