Texas License News Part 2: TMB Says Cell Phone Use Can Cause HIPAA Violation

The Texas Medical Board (TMB) is reminding providers to be careful of HIPAA violations when they use their personal cell phones at work. TMB appreciates that the devices make it easy to communicate with others on a medical team, look up information related to a patient’s condition, and take photos of injuries or data to study for diagnostic or treatment purposes, and acknowledges that they’re commonly used.

But, TMB says, patient information stored on a cell phone isn’t always secure. Phones can be lost or stolen, the patient information on them becoming accessible to anyone who can get in. Photos might be automatically uploaded to a non-HIPAA-compliant cloud for storage. SMS text messages can be intercepted.

If you’re accused of using your phone to violate a patient’s HIPAA-guaranteed privacy rights, in Texas or any other state, your license is at risk. The Professional License Defense Team at the LLF National Law Firm knows you respect patient privacy and recognizes the capacity for mistakes and misunderstandings whenever these devices are involved. Call us today so we can ensure you get a fair hearing from your licensing board: 888-535-3686. You can also send us a message online.

Cell Phones and HIPAA: Not a Good Mix

In addition to guaranteeing that workers who change jobs can take their health insurance with them, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) created a legal barrier to the disclosure of patients’ Protected Health Information (PHI). In nearly every state, including Texas, medical licensing boards view the sharing of PHI without consent as professional misconduct.

The very qualities that make cell phones a great resource in a healthcare setting — they’re pocket-sized, internet-connected, and fast; you can talk on them, send and receive written information, store or share photos, look up answers — are what make them a liability from a HIPAA perspective.

A provider might use their cell phone to inadvertently reveal identifying patient information by:

• Sending patient data or photos via non-secure text messaging apps
• Talking about a patient in identifying terms in spaces where others can hear them
• Allowing patient photos to be automatically uploaded to a non-secure cloud storage platform
• Logging into electronic health records using public WiFi
• Allowing coworkers, friends, or anyone who gets access to the phone, with or without permission, to enter it freely and look around

In general, a medical licensing board will respond to a HIPAA violation by issuing a warning or reprimand, requiring payment of a fine or a remedial course on HIPAA rules, placing the provider on probation, or, in very serious cases, suspending or revoking their license. Much depends on whether the release of PHI was deliberate or accidental, how sensitive the PHI was, and whether it harmed the patient.

Texas Medical Board Draws a Clear Line on Cell Phones

TMB’s newsletter offers tips for using your cell phone for patient-related matters without overstepping HIPAA boundaries, including:

• Use secure, HIPAA-compliant platforms to send messages and photos
• Disable automatic cloud backups
• Lock your phone with a strong password and use multi-factor authentication

Contact the LLF National Law Firm’s Professional License Defense Team the minute you suspect you’ve committed a HIPAA violation, or at any point in your licensing board’s investigation or adjudication process. We’re here to help. Send us a message and tell us about your case, or call us directly at 888-535-3686.