Using Mobile Devices and HIPAA — Managing Security in a Smart Phone World

Event Information
Product Format
Prerecorded Event
Conference Date
Tue, Jun 14, 2016
60 minutes
Product Description

HIPAA Regulations for Portable Devices: Tools for Staff and Means of Communication with Patients

The HIPAA regulations entails the use of the mode of communication requested by the individual, if the provider has the capability to reasonably do so, and also require the consideration of secure technologies for communications and storage of data. The consequence is that the use of portable devices by patients and staff can be complicated and requires careful consideration of the regulations—how the devices will be used and secured, and patient desires.

In recent years, there is an increase in HHS compliance audit activity and enforcement penalties, especially in instances of willful neglect of compliance. Since mobile devices are a leading source of breaches of PHI, it is critical to consider these devices and how their use affects the privacy and security of PHI, because not doing so is inviting enforcement action by HHS.

Join healthcare compliance and HIPAA expert Jim Sheldon-Dean in this session, where he will review the current issues relating to mobile devices and suggest ways on how to meet patient desires and stay within the regulations, including processes for managing portable devices, policies needed for ensuring secure communications and storage where needed, and procedures for meeting and documenting patient requests. He will review the recent guidance from the National Institute of Standards and Technology on the use of mobile technologies with EHR data and share practical ways of using mobile devices securely.

In this 60-minute session, Jim will explain the HIPAA regulations that apply to the use of portable devices, both as tools for staff to use, and as a means of communication with patients. Proper use of portable devices requires consideration of a variety of purposes: for personal use, for business use not involving any identifiable patient information, for business use that does involve identifiable patient information, and for communications with patients. Each type of use requires careful consideration of the rules and the risks to the confidentiality, integrity, and availability of information.

For business uses with no patient information, the constraints are few, so long as you are sure there is no patient information involved with those uses. But if you include any patient information, you need to ensure the information is protected. Even so, patients are allowed to ask to communicate with you in any way you can reasonably handle. Learn just what is reasonable and what is allowed according to guidance from HHS in this session.

Once patient information is involved, the devices used by a provider or their staff must be properly secured through the use of good passcodes and encryption with remote wiping of data if lost or stolen, and if you allow staff to use their own devices for business work, what happens when they trade in their old phone when the new one comes out? If you communicate with patients using portable devices, you need to consider the issues of privacy and security, as well as those of triaging incoming communications and documenting conversations.  Just plain texting is not readily adaptable to the requirements of patient care and documentation, but secure, appropriate solutions are available.
Finally, Jim will discuss the enforcement of HIPAA rules and how they relate to mobile devices, the issues that can lead to enforcement, and the impacts of enforcement actions, including monetary settlements and corrective action plans.

Session Highlights:

  • Regulatory requirements, typical situations, and appropriate responses to patient communications requests.
  • Developing understanding of the rules surrounding patient communications and access of information under HIPAA.
  • Insights on information security issues related to communications and the risks associated with insecure communications.
  • Mobile devices, texting, email and risk analysis.
  • Know how to explain the risks of insecure communications to patients.
  • Review of NIST guidance on using mobile technology with EHR data.
  • Review of policies and procedures for managing and auditing the use of insecure communications including communications made at the request of patients.
  • Insights on requirements for encryption according to best practices.
  • Know when secure communications are required and what must be done to secure communications and devices.
  • Technologies that can provide encryption and security.
  • BOYD and mobile device: Policies and procedures.
  • Find out how training and education can help your staff use portable health information properly and does not risk exposure of PHI.

Key Takeaways:

  • Learn how mobile devices and HIPAA can get along together
  • Find about the risks to privacy and security
  • Know how to handle patient communications and how e-mail and texting can work under HIPAA
  • Learn how to protect and secure health information when using a mobile device
  • Get guidance on creating a mobile device policy
  • Learn the 5 steps to manage mobile devices used by providers and professionals
  • Understand the proper implementation of mobile devices
  • Identify HHS guidance on patient communication and access
  • Understand the HIPAA issues that must be dealt with
  • Identify HIPAA policies that may be need to be updated
  • Learn how to prepare for enforcement and auditing

Who Should Attend

Compliance Manager, HIPAA Officer, Chief Information Officer, Health Information Manager, Medical Office Manager, Medical Practice Lawyer, CFO, CEO, COO. Privacy Officer, Information Security Officer

Ask a question at the Q&A session following the live event and get advice unique to your situation, directly from our expert speaker.

Order Below or Call 1-866-458-2965 Today

You can also order through:




About Our Speaker

Jim Sheldon Dean - HIPAA Compliance & Regulations Expert

Jim Sheldon-Dean is a healthcare compliance and HIPAA expert in the areas of privacy and security regulatory compliance and business process analysis. He is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities. Jim is a frequent speaker regarding HIPAA...   More Info
More Events By The Speaker

Why AudioEducator?
  • Save money on travel.
  • Meet your specific training needs.
  • Keep learning after the event.
  • Save time training your whole staff.
Join Our Mailing List
Our Accreditation Partners
Facebook Twitter Linkedin Youtube RSS Feeds Google Plus