Senior Communications Manager
Health Care Practice Co-Chair Kirk Nahra Comments on Mobile Health Data
Insurers responding to customers’ demand for mobile access to their health records must make sure the data, known as electronic protected health information (ePHI) is secure, FierceHealthPayer reported. Companies that fail to safeguard patients’ privacy can face civil and criminal penalties for large-scale data breaches under the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act.
Insurance companies can help customers reduce risks by encouraging them to keep their mobile devices physically secure and password-protected. Insurers should also enforce their own internal policies to safeguard ePHI, such as issuing work-only mobile devices, upgrading anti-virus software and disposing of obsolete devices securely, according to the article.
"Faster is not necessarily better," Mr. Nahra told FierceHealthPayer. "You have to think about what you're trying to accomplish, what your choices are, and then figure out a way that lets you achieve as much as you can with appropriate security boundaries. If the right person can get into your database, you've got to make sure the wrong person can't get in."