Health Information Compliance Alert

Reader Question:

Will The Hunt For Pokémon Poke Holes In Your Patients' Privacy?

Published on Wed Sep 21, 2016

PDF

Question: We have both staff members and patients who are obsessed with the recent Pokémon GO craze. Should we be worried about HIPAA violations?

Answer: The Pokémon GO game app has legions of people roaming around all kinds of public places looking for Pokémon, which could lead to violations of patient privacy.

As a result of the game, employees, clients and patients are scrambling around the halls of covered entities (CEs) and business associates (BAs) “in search of elusive Pokémon, hoping to take a capturing picture and possibly post a photo of their trophy on social media,” noted Seattle-based partner attorney Rebecca Williams of Davis Wright Tremaine LLP (www.privsecblog.com/2016/08/articles/healthcare/on-the-trail-for-pokemon-and-hipaa-compliance/).

But the risks presented by Pokémon GO aren’t new, and “the key is to stay alert and keep one step ahead of those HIPAA compliance pocket monsters,” Williams said. Some CEs and BAs are banning Pokémon GO, while others are encouraging it by setting lures to attract even more Pokémon.

Best strategies: Whichever approach you want to take, Williams advised that you consider:

Revisiting your policies on photography within (and outside) your facility — photography and filming can identify a patient and capture all sorts of other protected health information (PHI);
Reviewing your social media policies — even if the patient is the one who posts something on social media, your organization could end up with an impermissible disclosure of PHI;
Addressing the use of portable devices — smartphones and laptops present massive privacy and security risks, and they’re the cause of many HIPAA breaches and enforcement actions;
Updating your risk analysis — now is the time to verify that your risk analysis addresses portable devices, as well as photography and social media; and
Provide security reminders and training to workforce members — use the quest for Pokémon to remind your staff members to stay vigilant in safeguarding PHI.

Health Information Compliance Alert

Compliance:
Prepare Yourself For Heightened OCR Scrutiny Of Small Breaches
Regional offices will frown on any entities that fail to report security incidents. Beginning immediately, [...]

Case Study:
Your New HIPAA Worry: Violations That Could Put You Behind Bars
Watch out: OCR is referring cases to the DOJ for criminal investigation. Historically speaking, criminal [...]

Toolkit:
Facts & Figures: Gauge Your Cybersecurity Preparedness
Most healthcare providers have improved their network security — have you? A new research program [...]

Reader Question:
Will The Hunt For Pokémon Poke Holes In Your Patients' Privacy?
Question: We have both staff members and patients who are obsessed with the recent Pokémon GO [...]

Reader Question:
What Is 'Social Engineering' & How Is It A Threat?
Question: I recently heard about “social engineering” as a security threat related to HIPAA. What is [...]

Enforcement News:
HIPAA Phase 2 Audits Underway -- BAs: You're Next
Plus: Lack of ‘actual injury’ saves insurer from class-action lawsuits. Phase 2 of the HHS [...]

View All