Upload File

how to stay hipaa compliant with mobile …...disclosure rikesh t. parikh, m.d. co-founder of mobile...

  • Home
  • Documents
  • HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for
18
HOW TO STAY HIPAA COMPLIANT WITH MOBILE DEVICES EMERGING TRENDS COMMITTEE HOT TOPICS M.E.D.X App Presentation

Upload: others

Post on 03-Jul-2020

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

HOW TO STAY HIPAA COMPLIANT WITH MOBILE DEVICES

EMERGING TRENDS COMMITTEE HOT TOPICS

M.E.D.X App Presentat ion

Page 2: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

DISCLOSURE R IKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X)

A peer-to-peer, HIPAA-compliant, mobile app for Android and iOS used to secure texting, photo, video, and document communications.

Page 3: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

SUMMARY • BACKGROUND OF CURRENT REGULATIONS REGARDING HIPAA WITH MOBILE DEVICES

• THE RISING USE OF THE SMARTPHONES IN THE WORKPLACE

• RISE IN MOBILE DEVICE BREACHES • EXAMPLES OF HIPAA TECHNOLOGICAL BREACHES AND FINES

• HOW PROTECTED HEALTH INFORMATION (PHI) IS STORED AND TRANSFERRED ON THE MOBILE DEVICE

• SECURING THE SMARTPHONE WITH ENCRYPTED APPS & A COMPARISON OF DIFFERENT APPS IN THE MARKET

• OVERVIEW OF HOW TO STAY SECURE ON THE MOBILE DEVICE

Page 4: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

BACKGROUND > LEGAL – PRIVACY AND SECURITY

THE HIPAA SECURITY RULE: ESTABLISHES A NATIONAL SET OF SECURITY STANDARDS FOR THE

CONFIDENTIALITY, INTEGRITY, AND AVAILABILITY OF ELECTRONIC PROTECTED HEALTH INFORMATION (ePHI). THE HIPAA SECURITY RULES APPLY TO COVERED ENTITIES.

COVERED ENITY: ANY ENTITY INCLUDING HEALTH CARE PROVIDERS AND PROFESSIONALS SUCH AS DOCTORS, NURSES WHO TRANSMIT HEALTH INFORMATION IN ELECTRONIC FORM IN CONNECTION WITH CERTAIN TRANSACTIONS MUST COMPLY WITH THE RULES' REQUIREMENTS TO PROTECT THE PRIVACY AND SECURITY OF HEALTH INFORMATION, EVEN WHEN USING MOBILE DEVICES.

BUSINESS ASSOCIATE: A PERSON OR ENTITY WHO PERFORM CERTAIN FUNCTIONS OR ACTIVITIES

THAT INVOLVE THE USE OR DISCLOSURE OF ePHI ON BEHALF OF OR PROVIDE SERVICES TO A COVERED ENTITY. A MEMBER OF THE COVERED ENTITY'S WORKFORCE IS NOT AN BUSINESS ASSOCIATE.

Page 5: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

BACKGROUND >

EMERGING TRENDS

• RISE IN MOBILE DEVICE USE IN THE HEALTHCARE WORKFLOW

• RISE IN HIPAA AUDITING (PHASE 2)

• RISE IN HIPAA VIOLATIONS AND FINES

BEING “HIPAA COMPLIANT” IS A MISNOMER

IT IS REALLY ABOUT CONSTANTLY MITIGATING RISK IN YOUR WORKPLACE

Page 6: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

BACKGROUND > EMERGING TRENDS RISE OF MOBILE DEVICE USE IN HEALTHCARE

*Data comes Wolters Kluwer 2013 Physician Outlook Survey conducted by Ipsos.

Page 7: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

BACKGROUND > LEGAL – GAME CHANGER

FINAL OMNIBUS RULE: WENT INTO EFFECT ON MARCH 26, 2013

◦ ENHANCED PATIENT PRIVACY PROTECTION WITH NEW RIGHTS TO PATIENT HEALTH INFORMATION

◦ STRENGTHENED THE GOVERNMENT'S ABILITY TO ENFORCE THE LAW

◦ POTENTIAL FINES INCREASED TO A MAXIMUM OF $1.5 MILLION PER VIOLATION

“THESE CHANGES STRENGTHEN THE ABILITY OF MY OFFICE TO ENFORCE THE HIPAA PRIVACY AND SECURITY PROTECTIONS, REGARDLESS OF WHETHER THE INFORMATION IS BEING HELD BY A HEALTH PLAN, HEALTHCARE PROVIDER, OR ONE OF THEIR BUSINESS ASSOCIATES.” LEON RODRIGUEZ FORMER DIRECTOR OF THE HHS OFFICE FOR CIVIL RIGHTS

Page 8: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

BACKGROUND > LEGAL – GAME CHANGER

Page 9: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

RISING BREACHES AND FINES >

HHS INVESTIGATIONS SINCE 2003

Omnibus Rule 2013

Page 10: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

RISING BREACHES AND FINES >

MAJOR SETTLEMENTS: 2008-2016

THESE MAJOR SETTLEMENTS ARE QUITE HIGH: THE AVERAGE AMOUNT FOR THE 10 issued IN 2016 IS MORE THAN $2 MILLION.

“We hope this settlement sends a strong message to covered entities that they must engage in a comprehensive risk analysis and risk management to ensure that individuals’ ePHI is secure.”

Page 11: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

RISING BREACHES AND FINES > CASE STUDIES

June 9, 2016 – AN OREGON PSYCHIATRIST

USED A CELL PHONE TO PHOTOGRAPH A

PATIENT CENSUS SHEET (WITH MULTIPLE

INSTANCES OF PHI) AND ACCIDENTALLY SENT IT

TO SIX PEOPLE.

April 17, 2014 – A STOLEN iPHONE THAT WAS

NOT ENCRPYTED OR PASSWORD PROTECTED

HAD THE ePHI OF 412 PATIENTS. FURTHER

INVESTIGATION REVEALED THAT CATHOLIC

HEALTH SERVICES OF PHILADELPHIA HAD NOT

COMPLETED A RISK ANALYSIS OR RISK

MANAGEMENT PLAN. ON JUNE 29, 2016, THEY

SETTLED FOR $650,000.00

Page 12: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

PHI STORAGE ON THE MOBILE DEVICE

80% OF DOCTORS AND NURSES USE THEIR SMARTPHONE FOR WORK PURPOSES RESULTING IN POTENTIAL STORAGE AND TRANSFER OF ePHI

Page 13: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

PHI TRANSMISSION ON THE MOBILE

1 2 3 4 5 6 7

0 0 0 0

Page 14: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

WHO IS SENDING PHI? “A LARGE PART OF THE APPEAL OF MOBILE APPLICATIONS TO PHYSICIANS IS THAT APPS ARE EASILY INTEGRATED INTO THEIR WORKFLOW -- DELIVERING INFORMATION WHEN AND WHERE THEY NEED IT.” - COMMONWEALTHFUND.ORG

Page 15: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

NOW WHAT?

IGNORE BE PREPARED RESIST THE TREND

Page 16: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

STEP 1: Protecting Yourself and your Office

INCLUDE MOBILE DEVICES IN YOUR ONGOING RISK ASSESSMENTS

ASSESS HOW MOBILE DEVICES AFFECT THE RISKS (THREATS AND VULNERABILITIES) TO THE HEALTH INFORMATION IN YOUR ORGANIZATION.

IDENTIFY YOUR MOBILE DEVICE RISK MANAGEMENT STRATEGY, INCLUDING PRIVACY AND SECURITY SAFEGUARDS.

DEVELOP, DOCUMENT, AND IMPLEMENT THE ORGANIZATION’S MOBILE DEVICE POLICIES AND PROCEDURES TO SAFEGUARD HEALTH INFORMATION.

TRAIN ON MOBILE DEVICE PRIVACY AND SECURITY AWARENESS.

Page 17: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

STEP 2: PROTECTING THE MOBILE DEVICE

USE A PASSWORD OR OTHER USER AUTHENTICATION

INSTALL AND ENABLE ENCRYPTION

ACTIVATE REMOTE WIPING AND/OR REMOTE DISABLING

START USING SECURE, BYOD APPS TO HELP MANAGE RISK

4 THINGS YOU AND YOUR STAFF CAN IMMEDIATELY IMPLEMENT

Page 18: HOW TO STAY HIPAA COMPLIANT WITH MOBILE …...DISCLOSURE RIKESH T. PARIKH, M.D. CO-FOUNDER OF MOBILE ENCRYPTED DATA XCHANGE (M.E.D.X) A peer-to-peer, HIPAA-compliant, mobile app for

MESSENGING APP FEATURES TO LOOK FOR

• ENCRYPTION* (IN-TRANSIT AND AT-REST)

• REMOTE WIPE & LOGOUT*

• SECURE DRIVE (FOR PHOTOS, VIDEOS, AND DOCUMENTS)

• SECURE CAMERA (DIRECTLY TO SECURE LOCATION)

• NO CACHED INFO (NO DATA ON THE DEVICE)

• AUDIT TRAIL REPORTING*

• COST (SOME SOLUTIONS REQUIRE THIRD-PARTY TOOLS)

*REQUIRED BY HIPAA SECURITY RULES


Connectria Hosting- HIPAA Compliant Hosting Services

HIPAA-COMPLIANT PRIVATE CLOUD DELIVERS LIFE-SAVING … · 2020. 4. 4. · recovery and business continuity planning for HIPAA-compliant organizations •Highly responsive approach

WHITE PAPER A Practical Guide to HIPAA-Compliant ...€¦ · A Practical Guide to HIPAA-Compliant Virtualization Executive Summary| Summary Healthcare enterprises have achieved major

HIPAA-Compliant Answering Services are Available 24/7

New Uses for ROCKET: HIPAA Compliant Workspaces and Other Developments

How to develop HIPAA Compliant Applications

Hipaa Compliant Data Centers

Hipaa compliance templatewhy it is required to become hipaa compliant

Hipaa Compliant Data Centers White Paper

HIPAA Compliant Cloud Computing, An Overview

GAIN HIPAA-COMPLIANT CLOUD SOLUTIONS WITH COGNIZANT AND AWS · cognizant aws cloud services hipaa-compliant cloud solutions gain hipaa-compliant cloud solutions with cognizant and

HIPAA Compliant Records Management - ARC...ARC has created a compliant physical and digital infrastructure that will better equip you to meet and maintain HIPAA Compliance. These regulations

Migrating Your HIPAA Compliant Healthcare Analytics to AWS

Being HIPAA Compliant takes Work!

HIPAA-COMPLIANT OFFICE PAPER RECYCLING PROGRAM

Towards HIPAA-compliant Healthcare Systems in …...Towards HIPAA-compliant Healthcare Systems in Cloud Computing Ruoyu Wu, Arizona State University, USA Gail-Joon Ahn, Arizona State

HIPAA AND LAW ENFORCEMENT - OAHHS · HIPAA and Law Enforcement: ... Authorization forms used by law enforcement must be HIPAA compliant. ... hair and eye color,

10 simple steps to be HIPAA Compliant

HIPAA Compliant BYOD: After the MDM Honeymoon

How to be hipaa compliant

HIPAA-compliant Therapy Notes - ZANDER NURSING · Davis’s Notes Your Handheld Clinical Companions Combining commonly used but rarely memorized clinical information with HIPAA-compliant,

7 Advantages of HIPAA Compliant Texting Apps - Zinccontent.zinc.it/Ebook_eBook-7-advantages-of-HIPAA-complaint... · 7 Advantages of HIPAA Compliant ... we’ll also touch on the

Towards HIPAA-compliant healthcare systemsTowards HIPAA-compliant Healthcare Systems ∗∗ Ruoyu Wu, Gail-Joon Ahn and Hongxin Hu Arizona State University Tempe, AZ 85287, USA {ruoyu.wu,

L ea tHe HiPaa-comPLiant aPProacH H to emr transitiondocs.media.bitpipe.com/io_10x/io_101823/item_456153/US_HC_DCS … · tHe HiPaa-comPLiant aPProacH to emr transition iron mountain

Next Slide Secure, Virus-Immune & HIPAA-Compliant Health …€¦ · Secure, Virus-Immune & HIPAA-Compliant Health Care IT Systems Dr. Steve G. Belovich Next Slide. C 2005 IQware,

L ea HiPaa-comPLiant soLutions H tHat ... - Business Services

Geo-Medical HIPAA Compliant Audience Targeting

Hipaa Compliant Answering Service

Runners Health HIPAA Compliant Solution for Marathons and Events

University of Louisville School of Dentistry Deploys …...HIPAA Compliant The Solution Lua offered the University their first HIPAA compliant, cloud-based communication solution

“Mobile Health – Enhancing Care Delivery with Intelligent · 2014. 8. 19. · “Mobile Health – Enhancing Care ... HIPAA compliant text messaging Cloud-based SaaS offering

5 Reasons to be HIPAA Compliant

HIPAA Compliant IT Infrastructure Guide - Atlantic · to your HIPAA-compliant infrastructure Tech support available 24/7 This e-book looks at healthcare law and what organizations

AWS Re:Invent - Securing HIPAA Compliant Apps in AWS

LUA HIPAA COMPLIANT MESSAGING Home Health Solutionfor+Home... · Home Health Use Cases LUA HIPAA COMPLIANT MESSAGING Home Health professionals are the most mobile healthcare workers