Evolving technology gives mobile health platforms increasing power to analyze and utilize large amounts of patient data; however, electronic security measures can lag innovation. Is mobile health technology keeping up with the electronic health information requirements of the Health Insurance Portability and Accountability Act of 1996?
ePHI standards
To ensure the confidentiality of electronic protected health information (ePHI), health IT companies covered by HIPAA are required to implement strong data security safeguards, according to the U.S. Department of Health and Human Services (HHS). Violating these HIPAA electronic security standards can mean thousands, if not millions, of dollars of penalties.
Risks of mobile health technology
In an article published in Managed Healthcare Executive, Bob Pieper writes that companies covered under HIPAA are not only liable for the security of ePHI located on their own servers but could also be liable if an insecure app design exposes the information.
According to the article, one such scenario is that an app “could be used as a public-facing gateway by hackers to impermissibly obtain protected health information. The purpose of the app generally does not matter–for example, a customer service app likely is covered by HIPAA in the same way as a wellness app.”
Risk analysis requirements
Companies that take the responsibility of protecting ePHI seriously, like RxEOB, invest heavily in ensuring the HIPAA compliance of their software and products. According to a summary of the HIPAA security rule provided by the HHS, covered entities are required to perform risk analysis as part of their security management processes. This should be an ongoing process of analyzing their records to track access to e-PHI and detect security incidents as well as evaluating the effectiveness of their network security.
According to HHS, the risk analysis process includes activities such as:
- Evaluating the likelihood and impact of potential risks to ePHI.
- Implementing appropriate security measures to address the risks identified in the risk analysis.
- Documenting the chosen security measures and, where required, the rationale for adopting those measures.
- Maintaining continuous, reasonable, and appropriate security protections.
RxEOB continues to work with health care organizations to use mobile health technology to create member engagement programs to increase adherence and to drive better patient health care outcomes. RxEOB®MercuryMessaging™, for example, uses in-depth analytics, enabling real-time member targeting with branded, personalized, and timely communications.
For more information, visit www.rxeob.com, or call 804-643-1540.
- April 2020
- March 2020
- December 2018
- November 2018
- July 2018
- April 2018
- March 2018
- February 2018
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015 View More