About Careers Contact Client Portal
Services Industries Knowledge Center People

About Our Services

We offer tailored solutions — whether private company or owner; public or private fund, adviser or fund service provider; or Fortune 1000 enterprise. Learn how we can help you.

Learn More

Assurance Services

Employee Benefit Plan Audits Investment Company Audits Private Company Audits SOC Readiness & Compliance

Tax Services

Federal Tax Planning & Compliance High Net Worth & Wealth Transfer International Filings & Structuring Investment Company Tax State & Local Tax Tax Credits & Incentives Transaction Tax Planning

Advisory Services

Accounting & Finance Solutions Business Valuations Data & Insights Family Office Services IT Strategy & Implementation M&A Advisory Risk Assurance & Advisory Transaction Services Turnaround & Restructuring

Our Industry Expertise

Our industry experience means you can find professionals who speak your language and bring earned insights to the table. Learn how we can help you.

Learn More

Key Industries

Digital Assets Investment Companies Manufacturing Private Companies Private Equity Real Estate & Construction Technology & Life Science
VIEW THE COMPLETE LIST

Knowledge Center

Our team wants to help your team stay up to date. Browse our thought leadership, events and news for insights and a point of view on business-critical topics.

Learn More

Insights

Browse valuable articles and publications our experts have written to help you and your organization answer key questions — and consider new ones.

Read Our Insights

Events

Join us in person and online for events that address timely topics and key business considerations.

Explore Our Events

News

Find out what is happening at Cohen & Company, from industry recognitions and growth updates, to where we are contributing to important media stories.

Read Our News
People
About Careers Contact Client Portal
Back to Insights

Privacy Protections: Making Mobile Devices More Secure

July 01, 2016 Healthcare

In our technologically sophisticated society, private information is more vulnerable than ever before. At the same time, physicians increasingly use some type of mobile device to access health care data. This raises a number of security and privacy concerns.

Following the Rules

Title II of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), known as the Administrative Simplification (AS) provisions, created national standards for electronic health care transactions. Title II covers a lot of ground, but two aspects are particularly relevant to mobile security:

  1. The Privacy Rule. This concerns the use and disclosure of Protected Health Information (PHI) held by “covered entities.” According to the rule, covered entities include insurers, medical service providers, and various health care clearinghouses and employer-sponsored health plans, as well as their business associates.

  2. The Security Rule. Unlike the Privacy Rule, which applies to all PHI (both paper and electronic), the Security Rule applies specifically to electronic PHI. It describes three types of security safeguards: administrative, physical and technical.

Understanding HIPAA and Mobile Devices

Mobile devices usually transmit and receive PHI via public Wi-Fi and email applications or through unsecure mobile networks, which place PHI at risk of interception. In addition, most mobile devices now can take and store photographs — but photos may violate patient privacy, thus raising compliance concerns. Phones in particular, and often tablets, don’t store data — instead, they use some sort of cloud storage.

The primary concern is how a doctor accesses patient information. If a physician uses a smartphone, tablet or laptop to access an Electronic Health Record (EHR), he or she generally is in compliance with HIPAA security and network security. But if the physician saves EHR data or photos to a computer, tablet or phone, and those devices are stolen or lost, he or she might be liable for the HIPAA breach. Liability can be costly — though, if the PHI isn’t identifiable, it’s probably nothing to worry about.

Data pulled via browsers is generally encrypted, especially through an EHR portal. But physician-to-patient emails outside the portal can be a problem, because the Internet service provider might not be secure — thus, the email communication might fail to meet HIPAA standards.

Taking Basic Security Precautions

The three standards of the HIPAA Security Rules are: confidentiality, integrity and access. Access typically refers to passwords. Physicians need to fully evaluate which staff members require access and provide training in security protocols.

Part of physical and technological security involves encrypting patient data. It also involves setting up monitor protection to prevent people who shouldn’t have PHI access from reading information off a computer screen — for example, over the shoulder of someone with access.

For most practices, it’s a good idea to document each device’s purpose and limit access to it. The next step is to determine how each device should be programmed to make it compliant. Doing so may require hiring a HIPAA compliance expert in addition to an information technology expert.

Physician offices also need to develop policies regarding staff use of cell phones — especially now that almost all smartphones have cameras. The policies should answer such questions as: How and where can employees use their phones? One suggestion is to instruct staff members to keep their cell phones in the break room and out of patient treatment rooms.

For instance, a staffer might take a photograph of something in the office with a recognizable patient in the background and post it on social media. That could be a HIPAA breach, with financial and legal consequences for the practice.

Discovering More Recommendations

For more information and further recommendations regarding protecting and securing PHI, visit https://www.healthit.gov, which offers many useful suggestions. It also provides physician best practices for mobile devices and EHR.
 
Contact Kathy Walsh at kwalsh@cohencpa.com for more information.

Sign Up for Our Emails & Events

Receive insights from our specialists in a variety of areas and timely information on upcoming events directly to your inbox as they go live in our online Knowledge Center.

Subscribe Today
Subscribe to our newsletter
About Contact Submit RFP Privacy Policy
LinkedIn Twitter Facebook
© 2022 Cohen & Company