In an era where over 847 million individual records have been compromised by some type of data breach since 2005 (according to the Identity Theft Resource Center), data security in general is more important than ever. A factor that is increasingly complicating things are the number of mobile devices in workplaces like law firms and businesses - each one representing a potential vulnerability if they aren't monitored actively in exactly the right way. Now, federal regulators have issued new HIPAA guidelines governing exactly that - situations when patients and employees are using smartphones and similar types of devices to collect, store or transmit personal health data.
What Are the New HIPAA Regulations?
The HIPAA Umbrella
One of the most important security vulnerabilities that these new HIPAA regulations are designed to close involves a careful definition of exactly who does and does not have to follow HIPAA regulations in the first place. Experts indicate that many developers are still not sure whether they have to adhere to HIPAA, which can leave a potentially massive door open for improper use and the unregulated disclosure of patient information.
HIPAA Mobile Health App Guidelines
The new guidelines, developed by the Department of Health and Human Services' Office for Civil Rights, outlines a variety of examples of common situations where patients may be using a mobile device for health-related purposes and specifically outlines what type of action, if any, a software developer needs to be taking in that situation in order to maintain HIPAA compliance. By going through these scenarios on a case-by-case basis, developers can find out whether they would technically be a part of the healthcare infrastructure (and therefore must act accordingly) and whether or not they are considered a "business associate" of a larger healthcare organization and thus fall under HIPAA oversight.The primary goal of these new guidelines is to clear up as much confusion as possible, taking the admittedly complex standards dictated by HIPAA and translating into real-world situations where they are likely to apply. It specifically discusses the use of PHI and electronic health records for healthcare treatment, business operations, payment and more.
It's important to note that this is only one such action that the Department of Health and Human Services' Office for Civil Rights has taken in recent months in order to help guide an industry towards the safest possible situation in terms of data security. They group also started a "cyber-awareness initiative" earlier in 2016 designed to help guide not only healthcare providers but also their various associates in terms of how they can prevent ransomware attacks, technical support scams and other types of situations that are on the rise in the United States.