The Rheumatologist
COVID-19 NewsACR Convergence
  • Connect with us:
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Feed
  • Home
  • Conditions
    • Rheumatoid Arthritis
    • SLE (Lupus)
    • Crystal Arthritis
      • Gout Resource Center
    • Spondyloarthritis
    • Osteoarthritis
    • Soft Tissue Pain
    • Scleroderma
    • Vasculitis
    • Systemic Inflammatory Syndromes
    • Guidelines
  • Resource Centers
    • Axial Spondyloarthritis Resource Center
    • Gout Resource Center
    • Psoriatic Arthritis Resource Center
    • Rheumatoid Arthritis Resource Center
    • Systemic Lupus Erythematosus Resource Center
  • Drug Updates
    • Biologics & Biosimilars
    • DMARDs & Immunosuppressives
    • Topical Drugs
    • Analgesics
    • Safety
    • Pharma Co. News
  • Professional Topics
    • Ethics
    • Legal
    • Legislation & Advocacy
    • Career Development
      • Certification
      • Education & Training
    • Awards
    • Profiles
    • President’s Perspective
    • Rheuminations
    • Interprofessional Perspective
  • Practice Management
    • Billing/Coding
    • Quality Assurance/Improvement
    • Workforce
    • Facility
    • Patient Perspective
    • Electronic Health Records
    • Apps
    • Information Technology
    • From the College
    • Multimedia
      • Audio
      • Video
  • Resources
    • Issue Archives
    • ACR Convergence
      • Gout Resource Center
      • Axial Spondyloarthritis Resource Center
      • Psoriatic Arthritis
      • Abstracts
      • Meeting Reports
      • ACR Convergence Home
    • American College of Rheumatology
    • ACR ExamRheum
    • Research Reviews
    • ACR Journals
      • Arthritis & Rheumatology
      • Arthritis Care & Research
      • ACR Open Rheumatology
    • Rheumatology Image Library
    • Treatment Guidelines
    • Rheumatology Research Foundation
    • Events
  • About Us
    • Mission/Vision
    • Meet the Authors
    • Meet the Editors
    • Contribute to The Rheumatologist
    • Subscription
    • Contact
  • Advertise
  • Search
You are here: Home / Articles / HIPAA Cautions: The Problem with Personal Devices in Medical Practices

HIPAA Cautions: The Problem with Personal Devices in Medical Practices

August 12, 2016 • By Richard Quinn

  • Tweet
  • Email
Print-Friendly Version / Save PDF

dreamstime_Generic_DoctorCellPhone_500x270Personal devices, such as iPhones, Androids and tablets, are basically extensions of ourselves these days, with most of us syncing our professional and personal email accounts and regularly using such apps as text, iMessage and Hangouts. But all that connectivity and convenience come with great risk, according to a veteran compliance officer.

You Might Also Like
  • Healthcare Providers Must Get Compliant with HIPAA Privacy Practices
  • Email & Text in the World of HIPAA
  • Cyber Safety in the HIPAA Age
Also By This Author
  • Backlog Slows Medicare Appeals Process for Hospitals, Physicians

“I understand cell phones are important, and most people have them superglued to their persons. But 10–15 years ago, smartphones were unheard of—and we survived,” says Sean M. Weiss, partner and vice president of compliance for Doctors Management, a healthcare consultancy in Knoxville, Tenn. “It can seem totally innocent, but people just don’t realize how damaging having patient information on your phone can be.”

ad goes here:advert-1
ADVERTISEMENT
SCROLL TO CONTINUE

Mr. Weiss and his team specialize in audit and appeal representation and provide consultative compliance services to medical practices as small as one provider to health systems with thousands. He’s seen his share of mistakes. He’s also witnessed the devastation a violation of the Health Insurance Portability and Accountability Act HIPAA can have on a medical practice.

One recent, “egregious” example involved a nurse at a subspecialist’s office. Sensitive information, including the patient’s name, date of birth and medical record number, was relayed via text message between the front desk and triage nurse. When the nurse got home, she left her phone on the kitchen counter, and her daughter read her mom’s text message. The daughter recognized the patient name and determined the patient was the mother of a girl at school whom she didn’t like. The daughter took a screenshot of the texts and posted it to Facebook with unflattering words.

ad goes here:advert-2
ADVERTISEMENT
SCROLL TO CONTINUE

“Talk about a perfect storm,” Mr. Weiss says, noting that the Office of Civil Rights (OCR) levied a $250,000 fine. “But the medical practice had no policies in place to regulate mobile devices and communications. It was a pure violation. … On top of that, the patient is suing the practice.”

To protect a rheumatology practice, Mr. Weiss suggests:

  • Ensure your current compliance program has policies in place that speak to usage of personal devices in the workplace;
  • Do not allow staff to have or use a personal email account on a work computer;
  • If you don’t have an effective compliance program in place, consider a gap analysis. “That is how you know whether you have a problem or not,” he says;
  • Do not allow personal devices at work, because they are “a vulnerability medical practices should not be willing to assume;” and
  • Practice leaders need to set the example. If you don’t follow your own rules, “how can you expect your staff to respect and follow the rules?”

“If you are working around patients in a medical practice, you shouldn’t have a personal smartphone or mobile device around you, at all,” Mr. Weiss says. “It just removes the temptation to do something stupid. … Use your in-office instant messenger or send a secure email when you are conveying private, protected health information.”

ad goes here:advert-3
ADVERTISEMENT
SCROLL TO CONTINUE

Pages: 1 2 | Single Page

Filed Under: Practice Management, Technology Tagged With: cell phone, HIPAA, Office of Civil Rights, personal, Practice Management, privacy, Technology

You Might Also Like:
  • Healthcare Providers Must Get Compliant with HIPAA Privacy Practices
  • Email & Text in the World of HIPAA
  • Cyber Safety in the HIPAA Age
  • Digital Healthcare Devices, Sensors Gaining Ground as Portable Personal Coaches

ACR Convergence

Don’t miss rheumatology’s premier scientific meeting for anyone involved in research or the delivery of rheumatologic care or services.

Visit the ACR Convergence site »

Rheumatology Research Foundation

The Foundation is the largest private funding source for rheumatology research and training in the U.S.

Learn more »

American College of Rheumatology

Visit the official website for the American College of Rheumatology.

Visit the ACR »

The Rheumatologist newsmagazine reports on issues and trends in the management and treatment of rheumatic diseases. The Rheumatologist reaches 11,500 rheumatologists, internists, orthopedic surgeons, nurse practitioners, physician assistants, nurses, and other healthcare professionals who practice, research, or teach in the field of rheumatology.

About Us / Contact Us / Advertise / Privacy Policy / Terms of Use / Cookie Preferences

  • Connect with us:
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Feed

Copyright © 2006–2023 American College of Rheumatology. All rights reserved.

ISSN 1931-3268 (print)
ISSN 1931-3209 (online)