Q. I am starting to use a smartphone and medical apps like Epocrates more and more. What are some risk management suggestions to keep in mind?
A. A 2013 study by Kantar Media indicates almost 75 percent of physicians are using smartphones for professional purposes. Therefore, it’s wise to be concerned about potential risk management implications. While medical apps are great tools, inherent risks do exist with unsecured smartphones.
Don’t forget your free access to HIPAA-compliant DocbookMD.
Risk management experts recommend evaluating the types of information stored on your personal device. Research apps such as Epocrates should not be subject to HIPAA risks. However, apps allowing mobile dictation of information that can be transferred to an electronic medical record may be, because those apps may contain confidential patient health information.
Security should be another consideration since apps that transmit information may be vulnerable to hacking. Some medical apps are promoted as HIPAA-compliant.
Regardless of whether a smartphone app transmits, stores or simply accesses patient health information, physicians should insure the apps are HIPAA and HITECH compliant. Here are some tips to keep in mind:
- HIPAA requires data security and proper destruction and/or file retention of patient health information when appropriate.
- Physicians should remove patient health information from devices with apps before discarding or replacing the device.
- Wireless apps should be reviewed to ensure security at all levels.
- A practice security policy addressing mobile devices and apps should be in place to cover appropriate use and destruction of patient health information.
- Security issues should be addressed by working closely with information technology personnel.
Physicians insured by ProAssurance may contact our Risk Management department for prompt answers to liability questions by calling (800) 292-1036 or via email.