Protecting Patients and Data When Using mHealth Products and Services
“mHealth” generally refers mobile health and includes the practice of medicine or communications involving medical data via mobile devices. California Healthcare entities such as private practices, hospitals, health plans, pharmacies, or medical spas, must consider Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH) and the California Civil Code among other regulation to protect patient data when using mobile devices.
Best practices for physicians, nurses, administrators and other healthcare providers who use mobile devices for work related tasks are evolving as technology continues to penetrate healthcare markets. It is strongly advisable to carefully manage mobile communications in healthcare markets, and minimize risk of undue privacy or security breach in violation of HIPAA, HITECH or other state and federal regulations. Some of the best practices in protecting patients and their data when using mHealth devices in medical practice include:
- Passcodes and other method of authentication to access a device.
- Encryption of email, billing, text messaging, and other programs containing protected health data or personal information.
- Secure Cellular Networks must be utilized. Public wi-fi are notoriously unsecure.
- Patient consent to use unsecure mobile device communications.
- Docketing informal messages and conversations with patients.
- Maintaining professionalism in electronic communications and avoidance of using medical shorthand or typos which can have significant medical consequences.
- Firewall, anti-malicious software (malware) should be installed and maintained routinely.
- Data back up.
Mobile communication has profound impacts on efficiencies and cost savings in virtually every sector of healthcare. But practitioners must balance emerging technical capabilities with the sensitive nature of patient data, the importance of providing accurate health-related information to patients, and the evolving regulatory environment.
Author: Suzanne Natbony, Esq. is a Los Angeles business and healthcare technology attorney with focuses in entertainment law, eCommerce, NonProfit, and privacy law. She is a member of the Women Lawyers Association of Los Angeles, an entrepreneur, and Of Counsel at L.A. Tech & Media Law Firm. Office: Ph: 310-478-6251; firstname.lastname@example.org.
Disclaimer: The content above is a discussion of legal issues and general information; it does not constitute legal advice and should not be used as such without seeking professional legal counsel. Reading the content above does not create an attorney-client relationship.