Keeping Up with HIPAA Electronic Health Information Requirements

Keeping Up with HIPAA Electronic Health Information Requirements

Evolving technology gives mobile health platforms increasing power to analyze and utilize large amounts of patient data; however, electronic security measures can lag innovation. Is mobile health technology keeping up with the electronic health information requirements of the Health Insurance Portability and Accountability Act of 1996?

ePHI standards

To ensure the confidentiality of electronic protected health information (ePHI), health IT companies covered by HIPAA are required to implement strong data security safeguards, according to the U.S. Department of Health and Human Services (HHS). Violating these HIPAA electronic security standards can mean thousands, if not millions, of dollars of penalties.

Risks of mobile health technology

In an article published in Managed Healthcare Executive, Bob Pieper writes that companies covered under HIPAA are not only liable for the security of ePHI located on their own servers but could also be liable if an insecure app design exposes the information.

According to the article, one such scenario is that an app “could be used as a public-facing gateway by hackers to impermissibly obtain protected health information. The purpose of the app generally does not matter–for example, a customer service app likely is covered by HIPAA in the same way as a wellness app.”

Risk analysis requirements

Companies that take the responsibility of protecting ePHI seriously, like RxEOB, invest heavily in ensuring the HIPAA compliance of their software and products. According to a summary of the HIPAA security rule provided by the HHS, covered entities are required to perform risk analysis as part of their security management processes. This should be an ongoing process of analyzing their records to track access to e-PHI and detect security incidents as well as evaluating the effectiveness of their network security.

According to HHS, the risk analysis process includes activities such as:

RxEOB continues to work with health care organizations to use mobile health technology to create member engagement programs to increase adherence and to drive better patient health care outcomes. RxEOB®MercuryMessaging™, for example, uses in-depth analytics, enabling real-time member targeting with branded, personalized, and timely communications.

For more information, visit www.rxeob.com, or call 804-643-1540.