TeacherWeb

General Internal Medicine
Home   | Medicine Faculty  | IM-Teach.Att.Guide  | *Knowledge Curric.*  | Supervision&Duty Hrs  | Comp.Eval Table  | nf  | Daily Schedule  | JCAHO Resident Jobs  | Supervision  | Response  | Medicare Inpatient  | On Line Searching  | Google Scholar  | Physical Findings-1  | Physical Findings-2  | Physical Findings-3  | :  | Disaster Donations  | .  | ..  | . .  | PDA HIPAA security  | HIPAA  | Orientation to IM  | Refs & Guidelines  | EBM  | Primary Care  | About JCAHO & QI  | Calendar  | ABIM blueprint  | ACGME 6 competencies  | HIPPA Notice  | Refs/Collections  | Drug and Other Refs  | Journals&Libraries  | Medical News Links  | PDAs & Palms Links  | Disaster Prep/News  | ^Medical Schools  | IM Manual-Med Orgs  | My Page1 

Top Divider

  

PDA HIPAA security

PDA Privacy-Security-HIPAA compliance

As described in the HIPAA section, patient information, even patient names, 
must be kept confidential and secure.  That means one can not accidentally 
leave lists of patient names around and that any patient information kept on 
PDAs (peripheral digital assistants) such as a Palm must also be kept 
protected, incase the PDA is misplaced, lost, or stolen.  Password 
protection 
of the PDA is one way in which you can maintain control over confidential 
information.

April 2003:
A question has been raised about the issue of storing patient information on 
a Palm Pilot of other Personal Digital Assistant. There is nothing in the 
updated version of the Privacy Rules that would prevent you from using one 
of 
these devices to store patient information. 
HOWEVER... THERE ARE CERTAIN DANGERS INVOLVED so you should be totally aware 
of the potential consequences and act accordingly. 
1) First, if you store PHI (Protected Health Information -- but you knew 
that) in one of these devices, MAKE CERTAIN IT IS PASSWORD PROTECTED. 
2) When a patient is no longer under your care, delete the information from 
your PDA or archieve it to your password protected DESKTOP computer. It is 
much easier to maintain the security of information on a desktop than in a 
PDA. 
3) Be aware that if your PDA is lost or stolen and someone is able to break 
into the system and retrieve patient information, the fine if caught is $100 
per patient which can be identified from the data. 
I understand the desire to use a PDA. Had they been invented when I was a 
resident, I would have surely coveted one (at that time, however, paper had 
not fully replaced the tablet and scribe and papyrus was still quite 
popular). Please be aware that you are taking a risk and weigh that risk 
carefully. Our attorneys generally do not recommend using PDAs for patient 
data just because they are easily lost and easily broken into.

PDA Resources - Privacy


McAfee VirusScan Wireless
http://www.mcafee.com/myapps/vsw/default.asp

PocketLock for the Pocket PC
http://www.applian.com/pocketpc/pocketlock

Firewall Guide
http://www.firewallguide.com/pda.htm

OneTourch Pass 2.3
http://www.onetouchpass.com

PDA Defense
http://www.pdadefense.com

TealLock
http://www.tealpoint.com/softlock.htm

SANS Institute
http://www.sans.org

Spyware-Guide
http://www.spywareguide.com/

F-prot free antivirus
http://www.f-prot.com/products/

F-secure FileCrypto can protect data
http://www.f-secure.com

Spyware Guide
http://www.spywareguide.com/

Get rid of pests
http://www.pestpatrol.com

Packetstorm - "Know your enemy...."
http://www.packetstormsecurity.org/pssabout.html

News Report - What You Don't Want To Happen!

The following is a newspaper article, 2003, from England....

"Inquiry into cancer patient records leak" 

An estate agent who bought a memory card for her computer found it contained 
confidential hospital records including the names of cancer sufferers.

The Royal Bolton Hospital in Greater Manchester immediately launched an 
investigation after it was made aware of the security leak.

Dawn Rozzell, 31, of Crewe, Cheshire, purchased the �30 memory stick - which 
increases the size of a computer's memory - from a small, local supplier.

When she connected it to her laptop, she said she was stunned by what it 
contained. Miss Rozzell, who runs two estate agent shops in Shropshire, 
said: "I was astounded. I just could not believe what I was looking at."

She claims private and confidential records from the Royal Bolton Hospital, 
including waiting times and private NHS numbers, were contained on the 
memory 
stick. Miss Rozzell says the names of 13 cancer patients from Greater 
Manchester, their dates of birth, home addresses, telephone numbers, family 
medical histories and GP details were all on the laptop screen.

She said: "If anyone in my family suffered from cancer and I found their 
medical records were on a memory stick being sold in shops I would be 
gutted. 
I think it's wrong that information like this should get out."

Miss Rozzell says she's spoken to the suppliers after buying the memory 
stick 
two weeks ago, and they are attempting to find out how it had been sold with 
information on it.

Mike Stone, chief executive of the Patients' Association, said: "I am 
absolutely horrified this confidential information ended up on someone's 
computer. There has been a major breach of security and confidentiality."

Susan Osborne, director of communications for Cancer Research UK, added: "It 
is very alarming that such information has got out. Having cancer is 
traumatic enough and for many people it is a very private matter. It will be 
distressing for people to think that their names have got out."

A spokesman for the Royal Bolton Hospital said: "We are very concerned 
indeed 
about this apparent breach of patient confidentiality. We are carrying out 
an 
immediate and thorough investigation."


Google

Bottom Divider
TeacherWeb
Last Modified: Tuesday, June 23, 2009
©2009 TeacherWeb, Inc.