Question

1. In your own words, articulate the challenge of accessing, transmitting, receiving and storing protected health information while using mobile health technology.

Answer 1

Q: 1. In your own words, articulate the challenge of accessing, transmitting, receiving and storing protected health information while using mobile health technology.

A: There are several US laws such as the US Privacy Right of 1974, the Gramm-Leach-Bliley Act (GLBA) of 1999, the Right to Financial Privacy Act of 1978 (RFPA), the Computer Fraud and Abuse Act in 1986 (CFAA), the Electronic Communications Privacy Act of 1986 (ECPA), the Children's Online Privacy Protection Act of 1998 (COPPA), the Privacy Rule of 2000 which strengthens HIPAA, etc., covering the areas of individual/private citizens' data security and data privacy which includes data received, stored, accessed, and transmitted both in the written/hardcopy as well as the online media.

But, the main law pertaining to protection and security of patients in the sensitive domain of health care is the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Privacy Rule of 2000.

Thus, there are several data privacy and data security laws in the U.S.

These include and are not restricted to the limitations of access to patients data by healthcare workers who are unrelated to a particular patient. As for example, a doctor can have access to a patient's data only if he/she is treating this patient.

A receptionist in a hospital cannot access the medical records, test reports, doctors diagnosis or doctors prescription of a patient and may only see the billing instructions, pending amount, appointment details, date of last visit, doctor consulted, etc. of a patient. Nurses cannot take photos of patients while doing their rounds and cannot take photos of patient data from files or download on pen drives or email data of patients stored on computers. Nurses can only see the data of patients in their ward/care during their shift, etc. An accountant in a hospital cannot have any access to the medical reports, health care plans or sensitive private data of a patient and can only view the dates of visit, reports conducted, amount paid, health insurance claims approved or pending and any outstanding amount due to the hospital with a reason for such outstanding and date of outstanding. These are some checks and balances which must be incorporated in the processes, procedures, systems of health care institutions like hospitals, medical diagnostic centres, private clinics of doctors, nursing homes, dental clinics, etc.

The HIPAA Security Rule imposes data security rules on individually identifiable health care data which is created, received, maintained, or transmited in electronic form. This information is called “electronic protected health information” (e-PHI).

The HIPAA imposes strict rules and punishments on violators and this acts as a deterrent against violations to a large extent.

Needless to say, there are always challenges to the implementation of laws and rules and there is always a risk associated with data leakages and violations. Training staff continuously and maintaining standards at all times is always challenging and as there is staff attrition, new staff will have to be trained and monitored. Assessments will have to be continuous on the standards being maintained. Data risk will always be present in physical and online forms especially smart phones access control, work station, filing cabinets, photocopying machine, etc., and the continuous supervision of all these is always going to be a challenge. Access control and transfer of data is another challenge which is going to need to be continuously monitored. The risk of hacking, viruses, phishing, is always a realistic and ongoing threat.

There are several ongoing threats and challenges to maintaining control over data security and data privacy in the health care sector and health care institution managements will have their plates full in sustaining standards at all times.