HIPAA and the Evolution of Portable Devices


[author: ]

Bond . . . James Bond has always been the epitome of cool gadgets (and bikini babes) but the gizmos of Sean Connery have passed into the era of Daniel Craig. Mr. Connery's lasers, spy cameras and recorders are like dinosaurs and stone tablets. Interesting, but clunky. Many practitioners feel the same way about the desk top and "computer station". New medicine is mobile, miniature and you can play angry birds on it. But what does that mean for security and privacy?

The VA rolled out a pilot project with iPads and almost immediately picked up a complaint and an investigation regarding data security.

There were 7 key takeaways from this investigation into mobile devices:

  • Have certified encryption with strong passwords;
  • Have an accurate inventory;
  • Encrypt backup files;
  • Auto destruct for lost or missing devices;
  • Ensure consistent security configuration;
  • Minimum baseline standards for all mobile devices must be established and implemented;
  • Centrally log/manage distribution of devices.

If only the Massachusetts Eye and Ear Infirmary (MEEI) had taken the lessons of the VA to heart, they might have avoided significant costs. On September 17, the OCR announced that it had reached a 1.5 Million Dollar settlement with MEEI to settle potential HIPAA security violations. A key component of the investigation was MEEI's failure to analyze the risks, and take action in regard to portable devices.

The moral of the story is you can't be Sean Connery in a Daniel Craig world.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Brown Law Firm | Attorney Advertising

Written by:


Davis Brown Law Firm on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.