Healthcare organizations are in the process of researching the way data is handled and stored on mobile devices in an effort to enhance privacy and security systems.
However, the American Health Information Management Association (AHIMA) is urging these associations to also look into the legal consequences of mobile health information.
AHIMA has focused for some time on the importance of a “legal health record” when documenting electronic health records. This would officially record healthcare services provided from an organization to an individual. [1]
Lydia Washington, director of practice management at AHIMA, published an article in the July issue of the journal of AHIMA focusing on mobile health devices and legality. [2]
“While much has been written stressing how extremely important security and privacy issues are in the use of mobile health technology, a question much less explored is how health information that is captured on mobile devices relates to the management of the health record,” said Washington.
“It is widely accepted that any health information captured or stored by clinicians using either a personal mobile device or one provided by the healthcare organization becomes part of the HIPAA-designated record set if that information is used to make decisions about a patient. The same is true when health information that is collected or captured by an individual or patient is transmitted or communicated to a provider who uses it in the provision of care,” Washington continued.
“Most likely, this information is also part of an organization’s legal health record and is subject to requests for disclosures, subpoenas, and e-discovery. Conceivably, the health information generated by a mobile device could also be useful for many non-clinical applications that use medical records—such as audits, health research, and information reporting. The problem for HIM professionals is how to track and preserve these records when they reside on mobile devices.”
Washington recommended that policies address “how mobile devices are handled when the information they contain may become involved in potential litigation as well as methods for monitoring and tracking mobile devices that contain information that is part of the organization’s legal health record.”
Given the proliferation of mobile health devices and the trend of BYOD (Bring Your Own Device), how is your healthcare organization dealing with legal issues around mobile health, such as privacy and security?