Protecting Patients and Data When Using mHealth Products and Services“mHealth” generally refers mobile health and includes the practice of medicine or communications involving medical data via mobile devices. California Healthcare entities such as private practices, hospitals, health plans, pharmacies, or medical spas, must consider Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH) and the California Civil Code among other regulation to protect patient data when using mobile devices.Best practices for physicians, nurses, administrators and other healthcare providers who use mobile devices for work related tasks are evolving as technology continues to penetrate healthcare markets. It is strongly advisable to carefully manage mobile communications in healthcare markets, and minimize risk of undue privacy or security breach in violation of HIPAA, HITECH or other state and federal regulations. Some of the best practices in protecting patients and their data when using mHealth devices in medical practice include:
- Passcodes and other method of authentication to access a device.
- Encryption of email, billing, text messaging, and other programs containing protected health data or personal information.
- Secure Cellular Networks must be utilized. Public wi-fi are notoriously unsecure.
- Patient consent to use unsecure mobile device communications.
- Docketing informal messages and conversations with patients.
- Maintaining professionalism in electronic communications and avoidance of using medical shorthand or typos which can have significant medical consequences.
- Firewall, anti-malicious software (malware) should be installed and maintained routinely.
- Data back up.