Health Information Compliance Alert

Reader Question:

Will The Hunt For Pokémon Poke Holes In Your Patients' Privacy?

Question: We have both staff members and patients who are obsessed with the recent Pokémon GO craze. Should we be worried about HIPAA violations?

Answer: The Pokémon GO game app has legions of people roaming around all kinds of public places looking for Pokémon, which could lead to violations of patient privacy.

As a result of the game, employees, clients and patients are scrambling around the halls of covered entities (CEs) and business associates (BAs) “in search of elusive Pokémon, hoping to take a capturing picture and possibly post a photo of their trophy on social media,” noted Seattle-based partner attorney Rebecca Williams of Davis Wright Tremaine LLP (www.privsecblog.com/2016/08/articles/healthcare/on-the-trail-for-pokemon-and-hipaa-compliance/). 

But the risks presented by Pokémon GO aren’t new, and “the key is to stay alert and keep one step ahead of those HIPAA compliance pocket monsters,” Williams said. Some CEs and BAs are banning Pokémon GO, while others are encouraging it by setting lures to attract even more Pokémon.

Best strategies: Whichever approach you want to take, Williams advised that you consider:

  • Revisiting your policies on photography within (and outside) your facility — photography and filming can identify a patient and capture all sorts of other protected health information (PHI);
  • Reviewing your social media policies — even if the patient is the one who posts something on social media, your organization could end up with an impermissible disclosure of PHI;
  • Addressing the use of portable devices — smartphones and laptops present massive privacy and security risks, and they’re the cause of many HIPAA breaches and enforcement actions;
  • Updating your risk analysis — now is the time to verify that your risk analysis addresses portable devices, as well as photography and social media; and
  • Provide security reminders and training to workforce members — use the quest for Pokémon to remind your staff members to stay vigilant in safeguarding PHI.