In the press release relating to this matter, the OCR made a special point to highlight the need to adopt and implement policies to address the special risks involved with using mobile devices in the health care industry. OCR made a rather strong comment regarding the need to address mobile devices risks stating “[f]ailure to implement mobile device security by Covered Entities and Business Associates puts individuals’ sensitive health information at risk. This disregard for security can result in a serious breach, which affects each individual whose information is left unprotected.”
Lesson 1 – Adopt and implement policies and procedures addressing security risks associated with the use of mobile devices.
Lesson 2 – Make sure your policies and procedures are in final form and have been adopted and implemented as active policies.
Lesson 3 – Many providers focus on HIPAA privacy policies and overlook HIPAA security standards. Do not make this mistake.