Healthcare providers across the country are scrambling to bring their technology, processes, and policies up to compliance with the Health Insurance Portability and Accountability Act (HIPAA). But many institutions are not prepared for the consequences
Healthcare providers across the country are scrambling to bring their technology, processes, and policies up to compliance with the Health Insurance Portability and Accountability Act (HIPAA). But many institutions are not prepared for the consequences of the spread of wireless devices used for note taking or data storage.
"Some choose to simply ignore the problem, while others look to ban the devices completely," said Nathan Clevenger, chair of Mobile Development Association, an organization campaigning to educate the business public about mobile computing technology. "There is a correct solution, but only very few are looking to implement it."
In terms of HIPAA, wireless devices differ from wired devices in two key areas, according to Clevenger.
First, wireless devices have inherent security risks due to the fact they are often easily lost and slow to be missed. They can provide unfettered access to confidential information unbeknownst to IT staff or administration.
Second, the majority of handheld wireless devices currently in use in the healthcare industry were not formally deployed within an organization or institution, but rather were brought into the workplace as personal devices.
"This wave of informal yet widespread adoption did not have the standard IT safeguards traditionally deployed, such as standardized hardware and software, security policies, usage policies, and centralized support and maintenance," he said. "These differences simply highlight the HIPAA privacy and security risks associated with wireless devices."
Clevenger recommends the following HIPAA compliance strategy for wireless devices:
?Wireless networks must be installed and maintained by IT personnel, who should issue usage guidelines for what kind of functions may be performed and limits of private and confidential data that may be stored locally on the device.
?Centralized security and auditing policies for wireless devices must be implemented, to include power-on passwords, data storage encryption, and a self-destruct data mechanism upon security breach, as well as biometric measures since many of these devices now have integrated biometric fingerprint authentication mechanisms.
?Policies and mechanisms for reporting lost or stolen devices should be implemented to block them from all access to wireless networks and databases.
Establishment of security measures can sometimes exceed the time it takes to design a wireless application.
"Designing the database took six months," said Dr. Dennis Fowler, an assistant professor of surgery at Cornell University. "Meeting HIPAA requirements for patient confidentiality, satisfying institutional IT requirements, and ensuring connectivity required an additional eight months before the functional system was complete."
Stay at the forefront of radiology with the Diagnostic Imaging newsletter, delivering the latest news, clinical insights, and imaging advancements for today’s radiologists.
The Reading Room Podcast: A Closer Look at Remote MRI Safety, Part 2
July 25th 2025In the second of a multi-part podcast episode, Emanuel Kanal, M.D. and Tobias Gilk, MRSO, MRSE, share their perspectives on remote MRI safety protocols for ensuring screening accuracy and adherence to conditional implant guidelines as well as a rapid and effective response to adverse events.
The Reading Room Podcast: Current and Emerging Insights on Abbreviated Breast MRI, Part 2
July 23rd 2025In the second part of a multi-part podcast episode, Stamatia Destounis, MD, Emily Conant, MD and Habib Rahbar, MD, discuss key sequences for abbreviated breast MRI and how it stacks up to other breast cancer screening modalities.
Chest CT for Post-COVID-19 Abnormalities: Nine Takeaways from a Multi-Society Consensus Statement
July 22nd 2025Developed by 21 thoracic radiologists, the new international consensus statement addresses appropriate indications, scan acquisition and keys to reporting for the use of chest CT imaging in evaluating for residual lung abnormalities from COVID-19.