Mobile device theft constitutes a major source of HIPAA breaches in senior living communities. According to a PubMed study, most HIPAA breaches are caused by the theft or loss of mobile devices on which Protected Health Information (PHI) is stored. The online journal Perspectives in Health Information Management reports that mobile technology is revolutionizing healthcare. Providers who work in the LTPAC industry are increasingly using mobile devices such as smartphones, laptops, and tablets at the point of care. This is good news for residents and staff alike, but it also means that administrators and employees must be extra-vigilant about sensitive patient data to make sure it cannot be compromised by stolen or lost devices.
The Role of MDM
Mobile Device Management (MDM) is an indispensable tool to prevent HIPAA breaches of PHI that can otherwise occur in the event of theft or loss. Under an effective MDM solution, mobile devices utilized by caregivers are secured so that the data on these devices is protected. MDM works through a combination of measures that can be performed remotely. These tasks include limiting the use of features and apps that pose security risks, tracking a device's location, and locking or wiping a stolen or lost device.
Standards for PHI Security
When mobile devices are stolen or lost, the most important consideration is whether those devices pose a risk of security breach. To avoid high HIPAA fines and protect sensitive patient information, administrators and employees of LTPAC facilities must work with knowledgeable IT experts to establish and maintain high standards for information security. Risks and vulnerabilities to data security exist on numerous levels. Therefore, you must implement data protection measures from perspectives that address multiple types of risk. Hand-in-hand with an effective MDM solution, you need to enable basic functions on your organization's mobile devices to shore up the integrity of your Electronic Health Records (EHR) in the event of theft or loss.
- Encryption: Make sure the mobile devices used in your LTPAC facility are all encrypted. This simple step could protect against a data breach if a device is lost or stolen.
- Access to Mobile Devices: All mobile devices used in your organization should be protected by strong passwords that include a mix of lower-case and upper-case letters, numbers, and characters. Biometrics such as fingerprints can also be used on mobile devices to restrict access.
High Cost of Data Breaches
HIPAA violations can be extremely costly since they result in loss of trust from patients and their families and a negative impact to your bottom line. In 2014, the theft of an iPhone containing healthcare records from 400 residents resulted in a nursing home paying $650,000 in settlement costs. In 2017, the Ponemon Institute and IBM conducted a study which found that healthcare breaches are more costly than breaches in any other industry, coming in at $380 per record. Other costs of data breaches, according to the HIPAA Journal, can include the need to remediate losses, class action lawsuits, and even damage to your organization's reputation and a resulting loss of business.
Don't risk not being fully in compliance with HIPAA. It's not worth it. No matter how careful your administrators and employees might be, it is an unfortunate fact that sometimes mobile devices wind up lost or stolen. Proactivity is the key to ensuring that when loss or theft occurs, you don't also have to worry about a data breach. If you put in place strong, proactive measures to protect the security of your organization's mobile devices, you can feel confident that PHI can't be compromised even in the event of theft or loss.