HHS launches privacy campaign
December 21, 2012 in Medical Technology
The Department of Health and Human Services has launched a mobile health privacy and security education campaign, aimed at giving a framework for providers just starting to use mobile devices.
Called “Know the RISKS,” the campaign features recommendations and materials, including a short YouTube video explaining the intersection of HIPAA and mobile devices.
The agency has a five-point recommendation plan for providers: “Decide, assess, identify, develop and train.”
The agency says providers should first “decide whether mobile devices will be used to access, receive, transmit or store patients’ health information, or (be) used as part of your organization’s internal networks or (EHR) systems.”
Next, providers need to perform a risk analysis to determine potential data loss or breach threats and scenarios. In addition to developing organization-wide mobile policies and procedures, training staff is crucial.
“Safeguards will not protect health information unless the workforce is aware of its role in following and enforcing those safeguards,” the agency says.
Large health systems may be ahead of the HHS on all of this, but as smaller providers start using mobile devices as part of clinical care and documentation, HHS officials say it’s important that they know what they’re getting into.
“The use of mobile health technology holds great promise in improving health and healthcare,” said Joy Pritts, chief privacy officer for the Office of the National Coordinator for Health IT. “But the loss of health information can have a devastating impact on the trust that patients have in their providers. Healthcare providers, administrators and their staffs must create a culture of privacy and security across their organizations to ensure the privacy and security of their patients’ protected health information.”
[See also: One CIO’s call to action.]
While privacy and security risks still plague healthcare, for mobile devices and IT systems in general, healthcare organizations are starting to embrace prevention tools. Nearly 90 percent of health organizations surveyed in the 2012 HIMSS mobile technology report said they use data encryption for their mobile devices — up from 73 percent in 2011.