HIPAA & Handhelds: personal digital assistants (PDAs) are the coming thing, but pose their own specific challenges to HIPAA compliance.As nursing homes struggle to ensure that older information technology systems are HIPAA-compliant, they also need to consider how HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, will impact new technologies, including personal digital assistants,(PDAs, i.e., handheld devices such as Palm Pilots and Visors), used increasingly in facilities to record patient information. Personal digital assistants offer enormous convenience and flexibility to nursing homes in the general area of record keeping. Although there are, in fact, more than 500 healthcare-specific applications for PDAs, most function as either reference databases or calculators. Since these types of applications don't typically use protected health information protected health information Health informatics Any individually identifiable health informatlon that is used or circulated by an entity that falls under the governance of HIPAA; the privacy regulations mandate safeguards for protected health information, and the (PHI phi n. Symbol  The 21st letter of the Greek alphabet.PHI, n See health information, protected. ; i.e., such patient information as diagnoses, encounter reports, procedures, prescriptions, and lab and test results), there is no HIPAA impact. In those cases in which nursing home employees use PDAs to record PHI, safeguards must be put in place to ensure that the information is not compromised. Reasonable safeguards should include: Employee confidentiality agreements. Nursing home employees who use PDAs to access and record patient information should be asked to sign employee confidentiality agreements in which they agree to safeguard patient information, take responsibility for its protection and face sanctions if it is compromised. Password protection. Most PDAs have a password-protection utility, requiring the user to enter a password before accessing any of its functions. All nursing home employees who use PDAs to access patient information should be required to use the password-protection feature. This simple safeguard ensures that patient information is protected in the event that the PDA (Personal Digital Assistant) A handheld computer for managing contacts, appointments and tasks. It typically includes a name and address database, calendar, to-do list and note taker, which are the functions in a personal information manager (see PIM). is lost, stolen, or accessible by someone other than the nursing home employee. Synchronization (1) See synchronous and synchronous transmission. (2) Ensuring that two sets of data are always the same. See data synchronization. (3) Keeping time-of-day clocks in two devices set to the same time. See NTP. . Many PDAs are equipped with the capacity to upload information from the device to a personal computer (PC) via a communication port, a process called "synchronization." Protected health information uploaded to a PC can be vulnerable to inappropriate disclosure; remind nursing home staff engaging in synchronization that PHI uploaded to a PC should be password protected and, if possible, encrypted en·crypt tr.v. en·crypt·ed, en·crypt·ing, en·crypts 1. To put into code or cipher. 2. Computer Science . Also, the PDA user should maintain an auditable log of all data uploaded to a PC. In those cases in which a nursing assistant uploads the information on behalf of a more senior member of the medical staff, again, he/she should make sure that the data uploaded are password protected, encrypted, and reflected on a tracking log. PDA repairs. PDAs, like any electrical device, can and will malfunction mal·func·tion v. 1. To fail to function. 2. To function improperly. n. 1. Failure to function. 2. Faulty or abnormal functioning. and require repairs. Before sending the PDA for repair, make sure that any PHI it contains has been erased e·rase tr.v. e·rased, e·ras·ing, e·ras·es 1. a. To remove (something written, for example) by rubbing, wiping, or scraping. b. from storage and rendered completely inaccessible to service technicians. Beaming. Many PDAs have the ability to transmit or "beam" information to another PDA via an infrared information stream. When beaming in the presence of other PDAs, it is possible for another device to inadvertently pick up the transmission. We recommend that beaming take place in the presence of only two PDAs, and that they be held two inches apart for the duration of the transmission. Wireless transmissions. Increasingly, PDAs are equipped with the capacity to send and receive information via wireless transmission. In those cases in which PHI is sent over any form of open network, it needs to be encrypted, and a mechanism established to ensure that the intended recipient received it. Dan Jacob, founder of Healthcare Solutions, is a HIPAA expert serving the long-term care long-term care (LTC), n the provision of medical, social, and personal care services on a recurring or continuing basis to persons with chronic physical or mental disorders. and assisted living as·sist·ed living n. A living arrangement in which people with special needs, especially older people with disabilities, reside in a facility that provides help with everyday tasks such as bathing, dressing, and taking medication. community. For questions regarding the applicability of HIPAA to nursing homes, e-mail Jacob_Dan@hotmail.com. To comment on this article, please send e-mail to jacab0103@nursinghomesmagazine.com. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion