12-13-13 | Blog Post

Protecting patient information in mobile payment apps

Blog Posts

As the entire healthcare system evaluates health IT solutions with the potential to reduce inefficiencies and improve – or at least maintain – health outcomes, care providers are increasingly open to new paradigms of care. Take Children’s Hospital Boston who, through its Community Asthma Initiative (CAI), helped children with asthma make their homes more “asthma-friendly” by conducting home visits and evaluations. In a study reported in the March 2012 issue of Pediatrics, the initiative showed a remarkable result: cost savings AND better outcomes. The program cost $2,529 per child, but saved $3,827 per child with fewer returns to the emergency room and hospital re-admissions.

As care options become increasingly mobile, it’s not surprising that mobile devices are coming along for the ride.  Pediatrician Drew Nash in California uses the popular Square to collect patient payments both in the office and on the road.

Of course, the use of mobile devices for any type of sensitive information – especially the valuable combination of ePHI (electronic Protected Health Information) and card holder data – is an IT security or compliance officer’s worst fear and a hacker’s greatest delight.  It’s critical that key safeguards are in place. As health IT attorney Tatiana Melnik comments in Healthcare Finance News, “smaller medical practices don’t necessarily have the proper security controls in place. When you are looking at financial data, there are a number of federal and state rules that you have to comply with.” Melnik pointed to recommended best practices such as encryption to protect sensitive information.

Despite the risks, Melnik points out in a recent BYOD (Bring Your Own Device) policy webinar, that the Department of Health and Human Services strongly advocates for the use of mobile devices, with the compelling reasons including:

  • improving public health outcomes.
  • driving down healthcare costs.
  • helping with chronic disease management.
  • reminding people to take medications.
  • reaching rural areas.
  • empowering individuals through education.

As the daughter of a doctor who started his medical practice making house calls along the shores of Lake Michigan, and mother of 5 very active kids, I have to admit both a sentimental and practical “high-five” to the concept of a pediatrician making house calls – sign me up! As a technology fan, I have to think that with the likes of Drew Nash and Tatiana Melnik balancing the risks and benefits of these “new” frontiers, we can establish best security and compliance practices for protecting ePHI both inside and outside the four walls of traditional provider settings.

About Tatiana Melnik, Health IT Attorney

Tatiana-Melnik2Tatiana Melnik is an attorney concentrating her practice on IT, data privacy and security, and regulatory compliance. Ms. Melnik regularly writes and speaks on IT legal issues, including HIPAA/HITECH, cloud computing, mobile device policies, telemedicine, and data breach reporting requirements, is a Managing Editor of the Nanotechnology Law and Business Journal, and a former council member of the Michigan Bar Information Technology Law Council.

Ms. Melnik holds a JD from the University of Michigan Law School, a BS in Information Systems and a BBA in International Business, both from the University of North Florida. www.melniklegal.com

About the Author

April Sage has been involved in the IT industry for over two decades, founding first a technology vocational program, and secondly a bioinformatics company supporting the pharmaceutical industry in the development of research portals, drug discovery search engines, and other software systems. Currently, April is the Director Healthcare IT for Online Tech, focusing on HIT thought leadership and the impact of HIPAA/HITECH policy on IT infrastructure and systems. April holds a BGS from the University of Michigan, and is a cohort member of the University of Michigan’s inaugural 2014 Masters Health Informatics program, jointly sponsored by the UofM School of Public Health and UofM School of Information.




Overwhelmed by cloud chaos?
We’re cloud experts, so you don’t have to be.

© 2024 OTAVA® All Rights Reserved