Healthcare providers across the country are scrambling to bring their technology, processes, and policies up to compliance with the Health Insurance Portability and Accountability Act (HIPAA). But many institutions are not prepared for the consequences
Healthcare providers across the country are scrambling to bring their technology, processes, and policies up to compliance with the Health Insurance Portability and Accountability Act (HIPAA). But many institutions are not prepared for the consequences of the spread of wireless devices used for note taking or data storage.
"Some choose to simply ignore the problem, while others look to ban the devices completely," said Nathan Clevenger, chair of Mobile Development Association, an organization campaigning to educate the business public about mobile computing technology. "There is a correct solution, but only very few are looking to implement it."
In terms of HIPAA, wireless devices differ from wired devices in two key areas, according to Clevenger.
First, wireless devices have inherent security risks due to the fact they are often easily lost and slow to be missed. They can provide unfettered access to confidential information unbeknownst to IT staff or administration.
Second, the majority of handheld wireless devices currently in use in the healthcare industry were not formally deployed within an organization or institution, but rather were brought into the workplace as personal devices.
"This wave of informal yet widespread adoption did not have the standard IT safeguards traditionally deployed, such as standardized hardware and software, security policies, usage policies, and centralized support and maintenance," he said. "These differences simply highlight the HIPAA privacy and security risks associated with wireless devices."
Clevenger recommends the following HIPAA compliance strategy for wireless devices:
?Wireless networks must be installed and maintained by IT personnel, who should issue usage guidelines for what kind of functions may be performed and limits of private and confidential data that may be stored locally on the device.
?Centralized security and auditing policies for wireless devices must be implemented, to include power-on passwords, data storage encryption, and a self-destruct data mechanism upon security breach, as well as biometric measures since many of these devices now have integrated biometric fingerprint authentication mechanisms.
?Policies and mechanisms for reporting lost or stolen devices should be implemented to block them from all access to wireless networks and databases.
Establishment of security measures can sometimes exceed the time it takes to design a wireless application.
"Designing the database took six months," said Dr. Dennis Fowler, an assistant professor of surgery at Cornell University. "Meeting HIPAA requirements for patient confidentiality, satisfying institutional IT requirements, and ensuring connectivity required an additional eight months before the functional system was complete."
New Interventional Radiology Research Shows Merits of Genicular Artery Embolization for Knee OA
December 3rd 2024In a cohort of over 160 patients with knee osteoarthritis (OA), including grade 4 in nearly half of the cases, genicular artery embolization led to an 87 percent improvement in the quality of life index, according to research presented at the
Siemens Healthineers Debuts New Photon-Counting CT Systems at RSNA
December 2nd 2024Debuting at the Radiological Society of North American (RSNA) conference, the new photon-counting computed tomography (PPCT) scanners Naeotom Alpha.Pro and Naeotom Alpha.Prime reportedly combine rapid scan times with high-resolution precision.