10/07/2013    Fred Huss, DPM

Using Smartphones to Document NH Visits (Michael L. Brody, DPM)

Dr. Brody's assertion that many apps are malicious
in both the App Store and Google Play is
inaccurate. While Google Play is more secure, the
Android platform has the lion's share of malware
apps. To be exact, 79% of all malware apps are
found on the Android OS, the rest are found mainly
on the Symbian OS with only 0.7% on iOS.

A tiny fragment of iOS apps have ever been found
in the wild. And as I understand, they have been
found before any damage to the ecosystem.
There are a numbers of ways to make your
smartphone more secure. Just type in a google
search and you'll find that info. It will also
point to apps that offer another layer of security
for sensitive photos.

One other thing, unless you've tagged the photos
to specific patients they remain pictures of feet.
Even embedded information will only contain
location plus other data not specific to any
patient. You could assign a cross reference number
system for identifying the patients before
entering them into your database. If that's naive,
please explain it to me. I'd really like to better
understand the HIPAA impact.

I believe the greater concern is how our EHR
systems handle security issues. Those who have
cloud-based system should be aware that hackers
are hard at work trying to breach secure
information. Just yesterday ADOBE's cloud
subscription service was hacked and around three
million subscribers demographic info plus credit
and debit cards were removed. To me my paper
charts feels more secure than those on any server
on any computer. Someone can break in to my office
and steal my patient charts. What's the incentive?

But breaking into systems with thousands of
records and being able to instantly collect the
data and distribute its content is much more
disturbing, much more malicious, much more
insidious, and much more inviting.

Fred Huss, DPM, Chicago, IL, fhussdpm@gmail.com

Other messages in this thread:

---

10/10/2013    Raymond F Posa, MBA

Using Smartphones to Document NH Visits (Michael L. Brody, DPM)

In response to questions regarding what is
protected health information we need to get back
to the basics of HIPAA Privacy 101, what is
identifiable privacy information. The Privacy is
very clear on this and is not open to
interpretation. There are 18 elements that
constitute identifiable PHI, they are:

1. Name
2. Any address specification such as street, city,
county, precinct, and zip code*
3. All dates except for the year including birth
date, admission date, discharge date, date of
death. and all ages over 89
4. Telephone number
5. Fax number
6. Electronic mail address
7. Social Security Number
8. Medical record number
9. Health plan beneficiary number
10.Account number maintained by the healthcare
provider
11. Certificate or license number such as driver’s
license number
12. Vehicle identifier and serial number including
license plate number
13. Medical device identifier and serial number
such as pace maker serial number
14. Web site address
15. Internet protocol (IP) address number
16. Biometric identifier including finger and
voice prints
17. Full face photographic images
18. Any other unique identifying number
characteristic or code

This is the official and only list of what is
identifiable privacy information, no matter what
others may “interpret” PHI to be.

While anecdotal observation of what occurs in one
hospital are interesting, it only goes to show how
little understanding of the law exists.
I often find hospitals to be one of the worst
offenders of the Privacy Rule, they try and clamp
down on all information and activity in the name
of HIPAA and often go too far and actually violate
the law by being overly restrictive.

The Privacy law is very clear and had been on the
books for 10 years and is settled law. Again, if
none of these 18 elements are attached to your
photo, regardless of how it was taken, then it is
not PHI.

Raymond F Posa, MBA, Farmingdale, NJ,
rposa@themantagroup.com