Developing a Smartphone Policy for Health Care ProvidersHealthcare Training Resource
May 6, 2013 — 949 views
The trend in many workplaces is to move away from company-issued mobile phones and toward a BYOD, or "Bring Your Own Device" program. These programs allow employees to use a smartphone of their choosing, which they're comfortable operating, while performing company tasks and engaging with clients. In a health care environment, this allows employees to use devices that are more advanced, with patient interaction tools, innovative methods of communication, and a number of other major benefits.
Smartphones, though, inherently threaten the strict privacy polices of HIPAA that govern medical practices. With the wrong swipe or a misfired text message, patient-physician can be easily breached and the practice can find itself staring down a HIPAA lawsuit for major privacy violations. There are some key ways to avoid such a reality, however, all of which are tied to a strict but sensible smartphone policy for workers on the job.
Smartphone Policies: A Look at What they Seek to Accomplish
Most businesses develop a smartphone policy with the goal of boosting their own information security, ensuring that workers remain productive while using phones that they've brought to the job, and ensuring that any legal restrictions or privacy regulations are easily met. This is the goal of health care administrators, as well, who must work within both state and HIPAA privacy regulations while interacting with their patients.
The goal of a smartphone policy in medical environments is twofold. The first goal, and perhaps the primary one, is to lock down any features that might actually lead to the release or accidental disclosure of privileged patient information. The second goal, which is more common among a larger segment of the business community, is to ensure that the device is used for work-related purposes while it's in the office. Both of these can be accomplished with some of the same tools and controls.
Setting a Smartphone Policy for the Medical Workplace
The good thing about today's smartphones is that virtually all of them are equipped with enterprise tools, ranging from the limitation of application access to restrictions on web browsing and visits to certain kinds of websites. This gives medical professionals a few key ways to ensure that privacy guidelines and other regulations are met while on the job.
1. Establish a Virtual Private Network
A virtual private network, or VPN, requires all phones to connect through the company's private network protocol. This protocol can then filter websites, block certain smartphone apps from accessing the Internet, and otherwise control the flow of information while the phone is in the medical office.
2. Enterprise Controls
Controls on today's smartphones allow certain applications to be locked down and out of reach for employees. This might sound like a parent control policy, and it's certainly similar, but the goal of these policies is simply to limit access to apps that might record audio or video, enable the sharing of information via apps, or perform other actions that threaten HIPAA compliance.
3. Written Rules and Regulations
A sensible smartphone policy begins with an honest disclosure of the medical office's expectations of its employees. Let employees know that sharing personal information is against the law, that they're expected to remain productive while they're smartphones accompany them, and that a zero-tolerance policy is in effect for any violations while on company time.
From Written Guidelines to Manual Controls, Smartphones Can Be Reigned In
The key thing for medical administrators to remember is that today's smartphones are shipped with the tools needed to do business and stay above the fray. By using enterprise controls and VPNs, and releasing a well-known, company-wide set of smartphone rules and limits, potential HPIAA pitfalls can be easily avoided.