May 21 2018

There’s An App For That HIPAA Violation

I recently read a post on someone’s blog in which the author addressed the question of using Amazon’s Alexa in an operating room. I used to think that there was no such thing as a stupid question, but now I have to reconsider.

On the other hand, are you already carrying a little spy into the operating room or the exam room or into listening range of other patient encounters or, for those of you in the billing business, into an office in which PHI is discussed?

No, I’m not referring to cell phones themselves as little listening devices, although I’m not 100% sure that it’s not an urban myth that your iPhone or android device always keeps its mic open.

Even if you put that notion into the category of foil hat wearing crazies, there is a related, and all too true, issue of apps on those devices maintaining open mics.

Take, for example, the 2017 report by the New York Times that more than 250 smartphone game apps utilize software from a company called Alphonso that listens to audio in TV ads and shows. The software is sophisticated enough to listen in even when the app is running in the background and the phone is in your pocket.

I’m not picking on Alphonso and the company states that it doesn’t record voice discussions, but it stretches the imagination to think that there is not a stream of data that has been backed up somewhere in order to mine it for television ad data that doesn’t also contain, and can’t be mined for, the rest of the audio information.

Smartphones (are supposed to) allow an app access to the mic only if the user permits it. But do you really know what access you’ve granted to each of your apps? Sure you do! But what about the apps of your colleagues, your partners, your employees?

Cyber criminals pay far more for health data than for credit card or banking information because it’s far more complete in terms of recreating a stolen identity. Don’t inadvertently help them out while exposing yourself to, potentially, tens of thousands of HIPAA violations.

Comment or contact me if you’d like to discuss this post.

Mark F. Weiss

www.advisorylawgroup.com

Leave a Reply