Posted on: November 22, 2017 by Manchester Specialty
Health care organizations of all types, including home health care providers, hospice and others, are increasingly using mobile devices – apps on tablets and smart phones – to improve operational efficiencies and patient health outcomes, access clinical information, enhance staff communications, and serve as an additional educational resource. However, although many health care organizations claim to have a fully implemented mobile strategy, almost all also claim to have concerns over the security of their mobile applications, with end-to-end HIPAA (Health Insurance Portability and Accountability Act) compliance as their greatest security concern.
HIPAA was enacted in 1996 in order to protect patients/individuals’ medical records and other personal health information (PHI). Today, after 21 years since HIPAA was enacted, covered entities and their business associates face the very real challenge of keeping protected health information private, and out of the hands of those who wish to exploit it – made even more vulnerable with the use of mobile technology in the health care industry. Maintaining the confidentiality and privacy of patient information should be the number-one priority for all health care organizations, as a failure to do so can result in civil penalties up to $1.5 million, criminal penalties, and considerable reputational damage.
The concern over the security of the use of mobile apps is indeed a valid one: According to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR), mobile devices are commonly involved in data breaches. Between January 2015 and the end of October 2017, a total of 71 data breaches have been reported to the OCR that have involved mobile devices such as laptops, smartphones, tablets, and portable storage devices.
Every organization should carefully consider how the use of its mobile devices affects the risk to PHI. This assessment will help to determine the steps needed to adequately protect an organization from potential threats. Following are several tips, courtesy of the OCR, to help health care organizations reduce their mobile security risks:
Also important in a home health care organization’s security strategy is having the right insurance program in place should a loss occur. This includes carrying Cyber Liability insurance with coverage that helps an organization mitigate risk exposure by offsetting costs involved with recovery after a cyber-related security breach or similar event.. Manchester Specialty provides home health care providers, hospice organizations, Visiting Nurse Associations (VNAs) and miscellaneous medical facilities with a suite of insurance products including Cyber coverage. For more information about our programs and coverages, you or your local insurance agent can contact us today at toll free 1-855-972-9399.