Question: We have both staff members and patients who are obsessed with the recent Pokémon GO craze. Should we be worried about HIPAA violations?
Answer: The Pokémon GO game app has legions of people roaming around all kinds of public places looking for Pokémon, which could lead to violations of patient privacy.
As a result of the game, employees, clients and patients are scrambling around the halls of covered entities (CEs) and business associates (BAs) “in search of elusive Pokémon, hoping to take a capturing picture and possibly post a photo of their trophy on social media,” noted Seattle-based partner attorney Rebecca Williams of Davis Wright Tremaine LLP (www.privsecblog.com/2016/08/articles/healthcare/on-the-trail-for-pokemon-and-hipaa-compliance/).
But the risks presented by Pokémon GO aren’t new, and “the key is to stay alert and keep one step ahead of those HIPAA compliance pocket monsters,” Williams said. Some CEs and BAs are banning Pokémon GO, while others are encouraging it by setting lures to attract even more Pokémon.
Best strategies: Whichever approach you want to take, Williams advised that you consider: