Health Care Law Blog
Smartphone usage has skyrocketed in the past few years. Physicians are no exception to the trend - with more than 81% of physicians using smartphones. Disturbingly, the number of health data breaches has risen in tandem with increased smartphone usage, and most experts agree that the increase is no coincidence.
Recent reports have indicated that 96% of all health care organizations have experienced at least one data breach during the past two years. Although the report did not detail the number of data breaches attributable to mobile devices, there is agreement that the widespread use of mobile devices is putting patient data at risk.
Smartphones create a security risk in two ways. First, data can reside on the device and be accessed by unintended users (e.g., thieves). Secondly, the device can be used as an avenue to gain access to data stored on a remote system. Experts agree that the advances in smartphone technology and increased usage have outpaced efforts to ensure security.
So, what can physicians and health care organizations do to combat smartphone data breaches?
Physicians should ensure that their smartphones are encrypted. Encryption means that information is sent in a non-readable form which is "unlocked" by the recipient of the information. Encryption software is readily available and economical. Moreover, encryption offers a safe harbor under the HIPAA privacy and security regulations in the event that a smartphone is lost or stolen.
In addition to taking security measures, we also advise that health care organizations establish policies on smartphone usage. For example, guidelines regarding password protection and antivirus protection should be in place.
For assistance on protecting your organization from data breaches and other security risks, please contact one of the health care law or information technology law experts at Foster Swift.
Shareholder and Firm TreasurerNicholas focuses his practice in the areas of Michigan non-property tax disputes, business entity selection, corporate transactions, and information technology.
