by Julia Vann
What Happened?
Three Democratic Lawmakers in Oklahoma have accused The Oklahoma Department of Veteran Affairs of violating HIPAA. They have even demanded the top two Oklahoma Veterans Affairs officials be fired over the incident.
What kind of violation would be bad enough to fire two people over?
The usage of smartphones in the workplace.
It sounds silly, but Oklahoma Lawmakers have valid concerns.
According to HIPAA Journal, The Oklahoma Department of Veterans Affairs allowed medical aides to use their smartphones during a scheduled Internet outage. This was to make sure Veterans would still be able to receive their medications. Doing nothing during the outage would mean potentially thousands of Veterans would be unable to receive their medications on time.
On the surface, it doesn’t seem like a terrible idea. The purpose was to keep working and make sure Veterans taken care of.
The Three Democratic Lawmakers, Reps. Brian Renegar, Chuck Hoskin, and David Perryman, however, are not happy with this explanation. They claim that the usage of smartphones would allow medical aides to potentially copy patient medical records onto their phones.
State CISO, Mark Gower, claims otherwise. He explains that only a few medical aides were allowed to access their phones for records and it is no different from switching out a desktop for a laptop. It’s just a different device.
Doug Elliot, VA Executive Director, is adamant in his belief that none of the medical aides would ever take the opportunity to steal and share information on the Veterans.
What Happens Now?
While Elliot does not seem to think the accusations will go anywhere, the violation is still being investigated.
Questions For the Future
All of this does raise a question. What counts as a HIPAA violation?
What is it about smartphones that makes them more dangerous than the average computer? Wouldn’t it be just as easy to copy patient information using the computer? It might even be easier that way.
Yes, it is safe to assume that there are safeguards in place on the Department computers. However, it would be possible for any medical aide to snap a picture of their screen and steal patient information that way. When there’s a will, there’s a way.
While the concerns of the Oklahoma Lawmakers are fair, it ignores any other possible issues.
At the end of the day, like it or not, patient confidentiality does not come down to the security of a computer or smartphone. It comes down to the trustworthiness of the employees handling it.
To learn more about HIPAA and compliance, visit the American Medical Compliance Website!