Bring Your Own Device policy (BYOD) in health care organizations is a growing trend that shows a considerably positive effect that few people could notice any violations that may accompany it. The policy allows staff in an organization to carry their personal electronic devices like mobile phones, computers, and laptops to facilitate their work by helping store and access certain information (Herzig 20).
Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996. It entails security and privacy regulations constructed to ensure good security measures are applied to protect patient data in health facilities, especially where BYOD policy is active. The policies provided in HIPAA also ensure that only authorized people access information stored in the devices used by health providers (Powell 1-2).
HIPAA security regulations offer standards for ensuring that patient data on electronic devices are safeguarded. HIPAA cover how we can use and disclose patient information while the HIPAA privacy policies explain how patient information should be accessed and disclosed. Schneider (55) reviews that violation of HIPAA security and privacy laws majorly entail the attainment, retrieving and using medical information by a person who is not subject to the health data or is not permitted to offer medical services.
How BYOD can violate HIPAA security/privacy laws
Lack of Confidentiality
BYOD policy may not promote confidentiality and integrity, which is a major requirement in the HIPAA regulations (Health Information Privacy). Health providers should come up with strategies to follow up on and protect information they have concerning their client. 5111 Physical Security Policy ensures that the security of the devices used by patients is highly considered because most cases of data breaches happen due to loss of the mobile numbers and the devices used for data transfer and storage (Schneider).
Lack of Encrypted Data
Wrong Transfer of Information