How Mobile Devices May Be Violating HIPAA Compliance

How Mobile Devices May Be Violating HIPAA Compliance

Gadgets. We all love them. We all use them every day.

When cell phones integrated with smart technology, we jumped at the chance to bring the Internet with us anywhere. We bought phones and tablets at record speed, downloading apps and programs as fast as they could be created.

And while most of these apps and programs made our lives a little easier, gave us more functionality, or simply allowed us to have a little fun, they also brought risk into our lives in new ways.

Technology is almost always ahead of the law. We invent things. We push the limits. And when there are consequences, that’s when we ask the law to step in. Policies are set. Laws are made. And then it’s up to both providers and to consumers to make sure they comply.

While compliance issues may not be difficult in some industries and niches, healthcare isn’t one of them. Providers are faced with unique challenges with complying with HIPAA laws, which is exacerbated when transferring those laws for use on mobile devices. As smartphones were developed, little thought was put into HIPAA because the perception was smartphone devices were mere phones. Yet smart technology put the power of a computer into the hands of every consumer in the marketplace, and that’s where trouble began.

Because we all lead busy lives, we take our devices and our work with us everywhere. We stop for coffee in the morning. We have lunch with a friend. We take our kids to after school activities. And while we’re sitting and waiting, we do what comes naturally; we check email, connect with a client, and work on a file or two.

But unsecured mobile networks can be more than a problem. Accessing private information on an unsecured network can leave the data vulnerable. It also violates privacy. And what if you accidentally leave your phone or tablet on the table and walk away? Theft increases the problem tenfold.

People should not download an app and assume HIPAA laws are in place. Very few health related apps are. As a health care provider, it’s important to verify that an app meets all HIPAA requirements before recommending it to a patient. In general, HIPAA does not apply to apps that allow patient to track fitness goals, yet does apply to apps that deal with PHI or allow providers and/or patients to communicate with each other.

If you like an app, ask the developer if HIPAA rules are in place. You can ask them to show their credentials or certifications to make sure you are fully covered.

You should also protect yourself by keeping all mobile devices password protected and encrypted in accordance with HIPAA standards. You can also install remote wiping and disabling programs that allow a user to quickly clear and disable mobile devices when they notice they are missing.

Under HIPAA, providers can face financial penalties for breaches. If enforced, penalties range from $100 to $50,000 per violation with a cap of $1.5 million per calendar year. However, if violations occur year after year, even with the cap in place the settlement can be substantial.

It’s not only penalties that can be detrimental to a business; a provider’s reputation is also at stake. One breach can cost a business everything.

Are you fully HIPAA compliant with your mobile devices? How about the apps you recommend to your clients?

Developing A Successful API Economy

Developing A Successful API Economy

In simple terms, an API economy describes the process used by a business or enterprise to connect it’s customer interfaces with technology and software components already used internally for business practices. It requires effective management in order to achieve a smooth transition to integrate the two together. However, even highly tech-oriented companies that understand the real value of APIs often treat them as an afterthought rather than a core development feature of projects they develop internally.

APIs are often poorly designed and wind up costing thousands of dollars in undue maintenance and reengineering costs. Which is one of the reasons cloud-based application integration can bring in welcome solutions. They provide consistency and centralization that can be key to creating, managing and monitoring APIs and their performance. It’s also a way to expand your current marketplace and use these same applications to syndicate to new channels, markets and audiences.

When a company no longer has to look at each application as a separate and unique entity, it makes implementing and tracking integration that much easier. And more effective for the overall welfare of the company.

Technology is no longer tasked and controlled by the CIO and his team. Instead, we’re finding technology is now moving throughout the organization and impacting various teams at different levels. The CMO is soon predicted to be spending more on IT than the CIO. They understand that the most effective way to reach potential business is by giving prospects and customers what they want most: Ease of use.

Yet as much as the CMO wants and needs effective technology to allow his team to do the job efficiently, it will always remain a part of the CIOs job to ensure the safety and security of data flow within the company.

It’s now up to the CIOs to listen and understand what the entire business structure needs to run productively. There is no one size fits all solution and there never will be. What works for a large tech company will not be best for a small medical firm. The easiest approach will be to work with outside IT experts and industry analysts to help determine the best approach for the organization.

Especially as we move into new platforms, smarter technology, and faster moving systems, the key will be to consistently tailor a strategy for everything a company does, to make sure full integration isn’t just in the tech department, but exists throughout the organization.

3 Reasons It May Be Time To Adopt Electronic Health Records

3 Reasons It May Be Time To Adopt Electronic Health Records

Head back in time and you’ll find that the future of technology may have been a little clearer than we imagined. A decade ago, the Office of the National Coordinator for Health IT was established to create a secure, nationwide interoperable network that allows authorized users to access medical records from anywhere in the US. Paired with a comprehensive overhaul to the health insurance industry, the idea was designed to control all aspects of health care services and make it easier to manage and maintain on both sides of the equation, patient and practice.

Head a decade into the future and, if anything, the waters have been muddied. For a program originally sought to increase efficiency, reduce costs, and improve quality of care, the lackluster results show it has a long way to go.

Ask any physician or medical office personnel today what their leading cause for anxiety is and chances are they will hint at using electronic health records (EHRs). Many EHR products have little meaning to a physician, and therefore fall to the wayside when dealing with a busy practice. Only one in two physicians have adopted any type of electronic health record system at all, with less than one in five using a software program for control.

Government funding has all but dried up for promoting a more efficient EHR system within the American health care system. As we move forward, it will be private companies and health care agencies that take control and make the transition more beneficial for all. Yet that can be little consultation to the physicians who are still working with patients in old school format, with paper charts filed in the filing cabinet at the end of the day.

What will it take to bring the other fifty percent of the medical world online and running with an efficient EHR system?

Better EHR systems to meet the demands of small practices

With the original goals set by executive order, a free-for-all moved through the technology world with start ups jumping after the largest health organizations. They bypassed the small practices in order to reap the rewards and financial benefits of working with the masses. Now that the large health organizations have EHR systems in place, the smaller organizations are left with little clue as how to navigate the waters. This is where the greatest opportunity lies … and also the greatest amount of confusion. It can be complicated for a small practice to not only dedicate the time for researching which systems are best, but also how to integrate it into an already busy environment. When EHR companies make easy to use systems on a smaller scale, it will jumpstart the desire in smaller practices.

Change the way we operate health care practices

As our health care system continues to morph and change, small practices will change right along with it. Many will merge and combine with other practices to run smoother offices. Many will adopt the practices of the larger organizations in which they are affiliated with. When something works for one, its easier to morph and adopt it for those around you as well. While individual practices may not find substantial value in making the conversion in-house, they will quickly discover that coordinating patient care and managing risks and insurance claims can’t occur without it.

Make the systems more meaningful

For many individual practices, they choose not to upgrade because they realize today’s EHR systems have little if any benefit to their practice. It simply transfers what was on paper to an electronic format. That will change in the coming years, especially as artificial intelligence continues to increase. The health care industry is quickly moving from data collection to data analysis. As doctors begin seeing tangible benefits to using EHRs and more complicated technology tools, it will open up the playing field for making support systems that truly help daily routines. That’s when the most effective changes will occur.

That’s when the biggest improvements will be made.

Are you using EHRs in your practice? What’s holding you back?