HIPAA!
More specifically, protecting any potential PHI that may potentially end up potentially saved unencrypted on your computer where someone potentially could potentially see it
So I just had orientation for OT school and we got the usual HIPAA presentation and ways to protect patients’ PHI. However, we always went a step further with IT to explain how to avoid potential HIPAA breaches when there is the possibility that PHI may be accessible on our devices (laptops, phones, tablets, etc)!
I thought it was super important and wanted to share my advice as I navigated trying to ensure all my notetaking, email, and word processing application were all HIPAA compliant. (I use an android phone, PC laptop, and iPad btw)
(gif by pnkemoji)
So, as a professional student learning about how to do your chosen profession, you’ll likely encounter case studies. These are real people that have agreed to allow their PHI to be used for educational purposes to the intended audience only (that being you and your class).
So you’re taking notes on this case study and save it to your laptop. You then lose your laptop (someone steals it). They break into it and discover all these notes you wrote on your case study with all these potential identifiers (except names because you thought that’d be too obvious). Age, sex, height/weight, diagnosis, dates of service, their insurance provider, etc. These could POTENTIALLY be pieced together to identify who that individual is. This would be a HIPAA violation.
SO! What I’ve done is figure out how to encrypt all the apps I use to take notes (usually onenote) as well as any other application easily accessible in my devices that could contain PHI (such as my school email on my phone!!!)
I password protected all the sections of my school notebook in OneNote that I will use to take notes in class, regardless of whether or not I think it could possibly contain PHI. (Note: precaution is really my biggest thing here.) That way, if anyone wants to take a look through my notes, they gotta put in a password first. Office considers this “encryption” however the degree to which everything is really “scrambled” without the password I don’t actually know.
Any Microsoft Word, Excel, or PowerPoint file can be encrypted with a password. Therefore if anyone wants to open it, they have to put in a password. Boom, protected.
For my school email on my phone, I’ve decided to use a free app locking app that requires a pin to open any app I’ve “locked.” It also requires the pin to open the app itself, so please don’t forget it lol. I haven’t figured out if the lock goes away if the app is just uninstalled, but I will follow up with IT to see what they think about it. Otherwise, I’ll just have to remove my school email account from my phone’s email app.
I didn’t want to encrypt my phone because, while I can, it’s quite a commitment because you cannot unencrypt it. Therefore, I don’t know the ramifications if you have issues with the phone and need to take it in to get fixed. Also, if you reset your phone, all encrypted files will be lost. I can’t encrypt my computer either, as I don’t have the Pro or business version of Windows 10, so it doesn’t support BitLocker. However, if you do have those versions, it’s super easy to run BitLocker and encrypt your device.
Additionally, just don’t save any PHI to your personal devices if you can reasonably avoid it. Use your school’s HIPAA compliant resources. For me, it’s Box and Office 365 online. (Google drive is not HIPAA compliant!!! - sucks for online collaboration but worth it to avoid a breach!!!)
Again, a lot of this is super extra precaution-y, but I really believe it’s worth the effort to avoid even potentially risking disclosing someone’s PHI without their consent. If it were my PHI, I’d want someone to be just as cautious.














