Refresher Course: Patient Privacy and Technology

The ubiquitous use of mobile devices and social media networks has created new concerns regarding privacy, both as it pertains to patient information and the patient-provider relationship.

The “Security Rule,” a component of the Health Insurance Portability and Accountability Act (HIPAA), established specifically to protect health information stored or transferred electronically. Mobile devices such as smartphones, tablets, and laptops must comply with privacy and security parameters.

To ensure this:

    • In order to avoid a breach of security, offsite use of electronic personal health information is limited to cases of necessity.
    • All documents containing electronic patient health information should be password-protected.
    • Electronic patient health information should not be downloaded to public computers.
    • Devices with electronic patient health information should be kept in a secure space with the information securely stored.
    • Virus protection, when possible, is critical to avoid outside access to patient information.
  • Health information should ordinarily not be transmitted via an unsecured wireless network.

Finally, there needs to be a plan in place if electronic personal health information is breached. The patient should be notified if such a breach occurs.