HIPAA Compliance with Mobile Devices Among ACGME Programs

To analyze self-reported HIPAA compliance with mobile technologies among residents, fellows, and attendings at ACGME training programs. A digital survey was sent to 678 academic institutions over a 1-month period. 2427 responses were analyzed using Chi-squared tests for independence. Post-hoc Bonferroni correction was applied for all comparisons between training levels, clinical setting, and specialty. 58 % of all residents self-report violating HIPAA by sharing protected health information (PHI) via text messaging with 27 % reporting they do it “often” or “routinely” compared to 15-19 % of attendings. For all specialties, 35 % of residents use text messaging photo or video sharing with PHI. Overall, 5 % of respondents “often” or “routinely” used HIPAA compliant (HCApps) with no significant differences related to training level. 20 % of residents admitted to using non-encrypted email at some point. 53 % of attendings and 41 % of residents utilized encrypted email routinely. Physicians from surgical specialties compared to non-surgical specialties demonstrated higher rates of HIPAA violations with SMS use (35 % vs. 17.7 %), standard photo/video messages (16.3 % vs. 4.7 %), HCApps (10.9 % vs. 4.9 %), and non-HCApps (5.6 % vs 1.5 %). The most significant barriers to complying with HIPAA were inconvenience (58 %), lack of knowledge (37 %), unfamiliarity (34 %), inaccessible (29 %) and habit (24 %). Medical professionals must acknowledge that despite laws to protect patient confidentiality in the era of mobile technology, over 50 % of current medical trainees knowingly violate these rules regularly despite the threat of severe consequences. The medical community must further examine the reason for these inconsistencies and work towards possible solutions.