Our society has become increasingly dependent on smartphones for a wide variety of personal and professional tasks. Smartphones, with their host of available applications and features, even go so far as to replace laptops and desk computers, PDAs and day planners. But when a doctor or nurse is recording and relaying sensitive information, such as personal patient data or treatment and diagnostic ideas, using a smartphone may not be the best way to go, healthcare attorneys in Fort Lauderdale say, given the risky potential for security breaches. This is especially true if the device is a personal one, and has not been issued by the hospital or private practice.
The Health Insurance Portability and Accountability Act (HIPAA) allows healthcare providers such as doctors, nurses, administrators, and specialists, to share private patient information for the purposes of treatment, diagnostics, study, and payment, but this information must be shared responsibly and confidentially. HIPAA considers protected health information to include any “individually identifiable health information transmitted or maintained in any form by a covered entity or a covered entity’s business associate.” In order to comply with all of HIPAA’s requirements, medical professionals need to consider the privacy and confidentiality of the patient before using a smartphone to communicate information with others.
Using a smartphone to take photos of a patient’s symptoms, injuries, or other indicative images, whether for the healthcare professional’s own purposes or to pass along to another professional, is risky, experts say. In this case, the patient’s privacy needs to be considered first and foremost.
For example, if a nurse is taking a picture of a bruise or mark on a patient’s arm, and does not include in the photo any identifying information – tattoos, jewelry, birthmarks, patient’s name or social security number in an attached note – this would not constitute a violation of the HIPAA standards, because the arm in the photo is unremarkable, and could not be identified as specifically belonging to one particular person. But if the photo is sent with a name, even a generic first name, the sender may be sanctioned for transmitting sensitive information in an unsecure manner. The patient must also consent to the photo being taken.
If the photo in question is being used with a patient’s name to be sent out to another professional for treatment purposes, HIPAA standards require that this information be transmitted via an encrypted format, usually in a secure email. If a family physician is sending over a patient’s information and a photo of his or her broken arm to a physical therapist to discuss options for therapy and treatment, this photo is allowable with the identifying information, provided it is sent securely to the correct recipient. If the photo is missent, or sent via regular email, it is in violation of HIPAA requirements.
The Florida healthcare attorneys at law firm Lubell Rosen say that use of smartphones can speed things up, and help doctors connect with the best possible individuals to discuss medical opinions, diagnoses, and treatment options. But smartphones must be used carefully in order to prevent sensitive information from being disclosed to the wrong people, and to avoid HIPAA violations. If you have questions regarding your smartphone usage or that of colleagues in your office, contact a Lubell Rosen attorney for a consultation today. We have offices in New York, New Jersey, Florida and Georgia.