Eighty-one percent of physicians use mobile tools to collect, store, or transmit patient information, and 49 percent of those do nothing to protect the devices they use, according to a report in MDnews.com.
The report cites a study by Ponemon Institute, which found that patient data loss at healthcare organizations went up 32 percent from 2010 to 2011. Forty-one percent of those surveyed claimed careless mistakes by employees were one reason for data breaches. Also, small size and portability can make the devices easily stolen or lost.
The Department of Health and Human Services also found that nearly 40 percent of larger breaches are linked to lost or stolen devices.
The Health Insurance Portability and Accountability Act of 1996 can charge as much as $50,000 per violation and up to $1.5 million for violations of identical requirements in the same calendar year. Not only that, but HIPAA violations can also mean criminal penalties of up to $250,000 and as many as 10 years in prison.
State attorneys can bring civil actions in federal court on behalf of residents who have been affected by HIPAA violations. Damages can equate up to $100 a violation and up to $25,000 for violations of identical requirements in the same calendar year.
Last September’s Texas patient privacy law means that violators are accountable for up to $1.5 million annually. Both this new Texas privacy law and HIPAA regulations require doctors to notify patients when a data breach that affects them occurs. The physicians may even have to publish notice in a media outlet and report the breach to HHS.
The HHS Office of the National Coordinator for Health Information Technology is expected to release guidelines for mobile devices to help physicians avoid such issues. Additionally, physicians can use remote access systems to access patient information outside the office. Any information transferred on a mobile device should be fully de-identified or encrypted according to HIPAA standards. These mobile devices should also be password protected.