It has been suggested that Bring your own Device (BYOD) is a potential solution for EVV (Electronic Visit Verification). While this may seem on the surface to be a cost effective measure, it is fraught with security and privacy issues.
These are the problems VCS has solved with the VCap.
HIPAA, Omnibus HITECH and FLSA requirements
● What if the phone is lost or stolen? How is the data protected?
● Broken, deactivated, lost, stolen or traded in devices may require a HIPAA report.
● How secure is the data on cell phone.
● Who owns the data; who pays the cellular charges?
● What information is being transmitted and what time keeping information is being captured (check case law this is a sticky point)
● Are all means of communication protected Wi-Fi, cellular, Bluetooth, USB and micro SD cards?
● Is there a firewall?
● Are all of your transmissions encrypted?
Can you require an employee to have a cellular phone in order to be employed by your company?
Security Related to Lost Devices
When an agency gives their health care aides a mobile phone or utilizes the employees own phone, the IT department typically bears the responsibility of securing any data on that device once it is lost and then finding a replacement device for the staff member. Do you have an IT department to deal with security issues?
Can you manage the wide array of platforms? Can you manage the upgrades?
“Any device containing information protected by HIPAA must be secured”, which is why it is so difficult to deal with the BYOD approach. “The problem is that BYOD devices aren’t initially equipped with proper levels of protection such as firewalls and threat management software to monitor and analyze third party apps. With the infinite amount of apps available for download, medical or not, there are major security concerns when it comes to what systems are and aren’t accessing the network” which questions the compliance of HIPAA, Omnibus HITECH and FLSA. Excerpt from Med City News December 2013
Security and privacy is paramount
“Physical, technical, and operational safeguards are critical necessities when dealing with multiple families of wireless devices. Bring your own device (BYOD) practices enhances potential vulnerabilities, and reliance on native security and privacy methods is not prudent given strengthened HIPAA requirements and emerging requirements.” Eric Abbott-Health CareTechnology Expert
“The challenge is that mobile technology and all of its related benefits have become the norm in real-time communication in our society. When applied to the healthcare space, however, a person’s privacy and security must be considered equally as important as convenience and cost,” said Guillermo Moreno, vice president and managing director at Experis Healthcare Practice.