BYOD Risks under HIPAA – Does Your HIPAA Compliance Program Adequately Address the Ever Increasing Use of Portable Electronic Devices?

July 13, 2016

Many U.S. employers are now allowing employees to use their own personal handheld devices and laptop computers for work-related purposes. As the age of employer-provided devices is coming to an end and “bring your own device” (“BYOD”) becomes more and more common, privacy and data protection issues are starting to occur in unexpected ways. In particular, what protections should organizations that are covered entities or business associates under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) put in place to protect individually identifiable health information on portable devices? HIPAA requires covered entities and business associates to conduct a security risk assessment, and it is now clear that any such risk assessment should be broad enough to adequately explore and provide a foundation for addressing the increased risks that may arise in the BYOD context.

Read "BYOD Risks under HIPAA – Does Your HIPAA Compliance Program Adequately Address the Ever Increasing Use of Portable Electronic Devices?"