The explosion of extremely portable devices such as smart phones and iPads poses new risks, Dr. Whelan said. "How many people have patient information stored or accessible through these omnipresent devices? Certainly, patient information that has been sent through e-mail is easily accessed through a smartphone. Hospitals need to develop policies around encryption and support end users in encrypting the multiple devices they may use to levels that are acceptable to HHS."
In order to better safeguard protected data, hospitals need to have enterprise-wide programs in data information management, but also need to help employees make certain any data-storage or transmission devices they use are HIPAA-compliant, Dr. Whelan said.
"Hospitalists should be involved in both policy development and process implementation to assure that the benefits of electronic data storage are not lost in order to reduce the risk of HIPAA violation," he added.