Health care organizations should consider the legal ramifications of storing health data on mobile devices, according to an article published in the Journal of the American Health Information Management Association, MobiHealthNews reports.
Legal Risks
In the article, Lydia Washington -- AHIMA's director of practice leadership -- wrote that health information stored on a mobile device owned by a clinician or a health care organization becomes part of the HIPAA-designated record set if the data are used to make decisions about patient care.
She added, "The same is true when health information that is collected or captured by an individual or patient is transmitted or communicated to a provider who uses it in the provision of care."
Therefore, Washington wrote, medical data stored on mobile devices can become part of an organization's legal health record and be subject to requests for disclosures and subpoenas. She wrote, "The problem for [health information management] professionals is how to track and preserve these records when they reside on mobile devices."
Recommendations
In the article, Washington wrote that health care organizations "need to have policies that outline the conditions and acceptable uses of mobile devices that capture and store clinical information since that information may become part of a [legal] health record" (Versel, MobiHealthNews, 7/9).
She added that health care organizations should develop security risk assessments, litigation response plans and human resource policies that address the use of mobile devices to access health data (Hall, FierceHealthIT, 7/9).