Healthcare compliances training and discussion blog

There have been many recent and public events involving security breaches of electronic medical records and other patient data in hospitals. The unfortunate event in Tucson, Arizona where a Congresswoman was shot, led to the firing of three curious clinical support staff members for improperly accessing EMRs at  the University Medical Center where the Congresswoman was being treated. In Iowa, five total hospital employees were disciplined (three fired) for violating federal law by viewing the medical records of hospitalized University of Iowa Hawkeye football players.

Beyond curiosity, one would think that people want to access medical records information from newsworthy people and events to try and sell the stories to the media who obviously would pay large sums of money to be the first to break the story about something like Michael Jackson’smedical past. But, then I wonder why a Las Vegas man, would go through the trouble of organizing a patient records scheme where he used private hospital files to solicit business and clients for a personal injury attorney. He obviously has some decent planning skills and would be better off in Wall Street, where schemes such as this go largely unnoticed, and can go on for quite some time.

I began to think about the possible issues stemming from physicians rapidly adopting mHealth applications on tools such as iPads, Android devices, Blackberries, and others. I posed the question on a Center for Democracy and Technology forum about Health 2.0 and HIPAA, as I thought about physicians moving around a medical facility with a device in hand containing lots of private patient medical information.
Barry Chaiken, MD, former chair of HIMSS and chief medical officer for Imprivata, shared 5 Key Considerations for Hospitals to Ensure Mobile Device Security in Becker’s Hospital Review.
Here they are:
  1. Keep data in a cloud: Perhaps none of the data can be saved on the actual devices, because of their portability.
  2. Get creative with passwords: More sophisticated authentication is evolving, so its necessary to have a unique password.
  3. Limit how devices are utilized: Hospitals and medical centers should configure access so that the hospitals control what is seen and accessed through a cloud.
  4. The ultimate goal should be zero breaches: Hospitals are at risk for losing not only patients, but also lots of money in remedying security breaches.
  5. Keep up with trends in technology: Hospitals should stay updated on the latest trends in technology and security applications.

Outlining preventative steps such as Dr. Chaiken’s will help reduce the risk of security breaches as the mHealth market continues to grow, and physicians adopt mobile devices as a convenient way to help deliver efficient and accurate patient care.

This article was originally posted at


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Tag Cloud

%d bloggers like this: