Is downloading to a personal device HIPAA compliant?

Our system does not actually download to a device from Internet Explorer, Chrome or Firefox.   However it does allow the user to print the document as well as save the document to their device if they select these options.   The view that displays is the same view that you see when you want to view/print a service note from the service notes tab.

A couple of things to note:

  • It is a browser setting that determines if the document is saved/opened.   Users should make sure the settings for the browser they use is not set to automatically download and save.
  • If they are able to change the browser settings, they can still save/print the document as these options are available when opening a previous service note
  • Devices that associates use should have security access to activate/use the device.   This is definitely a HIPAA issue if the device is not secure.
  • Keep in mind that if we can come up with a way to remove this from being downloaded or being able to download from the service notes, users can still access the patient encounter, service notes tab and print/download.  
  • Patient Fact report has much of this information which needs to be secure as it also appears on devices that are using offline forms
  • Users can create screen prints that can be saved on their local devices as well that can contain any patient confidential information
  • Additionally, locations should be having their associates sign a HIPAA document about sharing personal information and securing the data to try and minimize the risk.