Mobile HIPAA Solutions for Hospital & Health Systems

Join Our Mailing List 

New-Wave Health Information Technology

Carol S. Miller[By Carol Miller RN MBA] 

To help hospitals and health systems comply with Health Insurance Portability and Accountability Act regulations, best practices are emerging for securing all electronic communication – cloud, wireless, and texting – of protected health information.

These new technologies will continually be evolving with hospitals, providers and patients move to new means of communication.

Below is a description of how mobility solutions are impacted by HIPAA

The recent launches of Apple Health and Google Fit have stirred a lot of interest in health application development.  It is important that hospitals and providers understand the laws around PHI and HIPAA compliance for any healthcare-focused mobile application or software.  While not all healthcare applications fall under HIPAA rules, those that collect, store, or share personally identifiable health information with covered entities (such as hospitals and providers) must be HIPAA-compliant.

Enter PCs in the Examination Room

For years, hospitals have wanted to bring computers into exam rooms, waiting rooms, and treatment rooms to eliminate hard-to-read patient charts, making sure everyone treating the patient was seeing the same information, assuring that everything was recorded as it occurred, and enabling doctors, nurses, and technicians to stay connected to vital information and services wherever they were throughout the hospital.

Many hospitals have adopted Computer on Wheels (COWs) or tablets but many of these were hard to use, had poor touch-screen interface and did not last long on a battery.  Ipads seem to be the logical replacement as long as the iPad can comply with HIPAA rules.




HIPAA Not Aging Well?

HIPAA was written nearly 20 years ago, before mobile health applications were ever envisioned. Because of this, some areas of the law make it hard to determine which applications must be HIPAA- compliant and which are exempt.  Considering the numerous ways security breaches can occur with a mobile device, it is no wonder that HHS is very leery about how PHI is handled on smartphones, wearables, and portable devices.


If the applications are going to send or share health data to a hospital, doctor or other covered entity, it MUST be HIPAA-compliant.  Adhering to the Privacy and Security Rules of HIPAA is essential, especially considering the dangers that come with handling protected health data on a device.

Examples include:

  • Phones, tablets, and wearables can be easily stolen and lost, meaning PHI could be compromised
  • Social media and email are easily accessible by the device, making it easy for users to post information that breaches HIPAA privacy laws.
  • Push notifications and other user communications can violate HIPAA laws if they contain PHI
  • Users may intentionally or unintentionally share personally identifiable information, even if the application’s intended use doesn’t account for it
  • Not all users take advanage of the password-protected screen-lock feature, making data visible and accessible to anyone who comes in contact with the device
  • Devices like the iPhone do not include physical keyboards, so users are more likely to use basic passwords that are not as safe as complex options.
  • This protected health information can include everything from medical records and images to scheduled appointment dates.





Regardless of the device, it is important to take all the steps possible to comply with HIPAA guidelines.



Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact:


Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™  Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™



4 Responses

  1. M-Health

    “While patients have access to an exponentially increasing number of apps, the research literature has not kept pace. But this lack of data has not held back the high level of industry and consumer interest.”

    Peter Yellowlees MD
    [UC Davis Professor of Psychiatry]


  2. m-Health

    “Patients today are choosing their providers, in part, based on how well they use technology to communicate with them and manage their health. Care providers who build deeper patient relationships through care-from-anywhere options, the use of wearables and better communications post-discharge, will be in a strong position to be successful today — and into the future.”

    Joshua Newman MD
    [Chief Medical Officer]
    Salesforce Healthcare and Life Sciences


  3. Smartphones

    “With US smartphone adoption at 68%, now is the time for businesses that have a stake in the healthcare industry to push to develop approachable, intuitive mobile tech offerings that help the ever-increasing mobile user population improve something as personal and important as their health”

    Lisa Sullivan
    [Executive vice president and North American technology practice leader]


  4. New Guidance Lays out HIPAA Obligations for Cloud Computing

    The Department of Health and Human Services has published new guidance on complying with HIPAA privacy, security, and breach notification rules when using cloud computing technology. The guidance gives insights for providers, business associates, and cloud computing vendors. Some of the guidance is basic and well-known to many HIPAA-covered entities.

    The first question, for instance, considers if a HIPAA-covered entity or business associate may use a cloud service to store or process electronic protected health information (ePHI). The answer is yes, provided the vendor enters into a business associate agreement that specifies how HIPAA compliance will be maintained. Also under HIPAA, providers can use mobile devices to access ePHI from a cloud platform as long as appropriate safeguards and BAAs are in place.

    Source: Joseph Goedert, Health Data Management [10/13/16]


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: