Healthcare News & Insights

The new legal risks created by mobile devices in health care

Mobile devices like smartphones and tablets are becoming popular in healthcare, in part because they give doctors easy and convenient access to the information they need to make fast decisions. But those devices also create new security and legal risks for healthcare organizations. 

In all industries, more employees are beginning to work with mobile devices, often using their own smartphones and tablets that they bring in and connect to the organization’s network.

Health care is no different. In fact, 85% of healthcare organizations allow doctors and staff members to use their own mobile devices at work, according to one recent survey. In addition, many facilities are supplying mobile devices for doctors, especially tablet PCs, which are becoming popular in the medical field.

But one thing that sets health care apart from other industries is the way those mobile devices are being used. Often, smartphones and tablets in a medical setting will be used to store or access patients’ sensitive health information. For example, 60% of hospitals are planning to support electronic health record (EHR) applications on mobile devices.

Storing sensitive health information on smartphones and tablets can open organizations up to a lot of security risks – after all, medical data is highly valuable for criminals, and mobile devices provide an easy way for information to get lost or stolen.

But aside from the security risks, organizations must also consider the legal dangers of mobile devices in health care, the American Health Information Management Association (AHIMA) recently warned.

When it comes to health information, security dangers also have a legal side, thanks to HIPAA privacy regulations. That means as mobile devices make it easier for data to be lost or stolen, they also make it easier for organizations to be fined under HIPAA. Organizations should treat devices carrying medical information with care, taking measures such as encrypting those devices.

Making that data mobile also creates another issue many organizations may not have considered: It’s possible that data on a mobile device will one day need to be collected as evidence in a court case.

For example, in a malpractice suit, the organization will have to preserve all data related to a patient’s care — including the health records stored on a smartphone or tablet. Therefore, organizations must have a plan in place so they’re ready to collect those devices in the event of a subpoena, audit or a lawsuit that triggers a litigation hold under electronic discovery regulations. It’s also important to keep track of all computers, gadgets and devices that hold that kind of information.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.