HIPAA Compliant Calendars, Contacts and Reminders – Tasks for your iPhone and Android

April 3rd, 2013

While use of mobile devices and tablets in medical situations is pervasive; HIPAA compliant synchronization and storage of such information is often seriously lacking.  Everyone knows email can contain ePHI, but calendar appointments, address books, and task lists can and do contain just as much ePHI and their secure use must be strictly enforced.

LuxSci’s WebAide collaboration tools, combined with MobileSync for real-time synchronization with mobile phone and tablets (and Outlook 2013), provide a simple and effective HIPAA compliant solution for synchronized mobile accessible calendars, contacts and reminders or tasks (oh ya, and email).

What calendars are on your mobile device?

Mobile devices generally support many different calendars.  You might have a Google calendar, a local calendar, and other calendars in addition to your LuxSci MobileSync calendars.

Generally, none of these calendars will be HIPAA compliant — the data may not be transmitted securely or it may be stored with a company (like Google) which is not HIPAA compliant, etc.

If you are using your device for ePHI-related events, you should either:

  1. Recommended: Only use calendars that are HIPAA-compliant, so that you can’t mistakenly add a sensitive event to the wrong calendar and thus possibly create a HIPAA violation  just because you touched the wrong part of your phone, or
  2. Not recommended: Make it very clear to yourself what is for HIPAA and what is not.  We do not recommend a situation where an accidental click on the wrong item can lead to a HIPAA violation, even for convenience sake

This applies to email, address books, contacts, reminders and task lists as well.  You should probable ensure that everything on your device is HIPAA compliant or else make it very clear and obvious what is what so that a mistake is not trivial to make.

After reviewing what is on your device, you may find that you need to:

  1. Migrate some things to a HIPAA compliant solution
  2. Make your HIPAA compliant calendars (tasks, email, and address books) your default ones

Importing calendar events into your LuxSci calendar

Most calendaring systems allow you to download you calendar as an “iCal” file. This file contains all of your calendar events, as well as their recurrence patterns.  These files can be easily imported into your HIPAA-compliant LuxSci calendars.

  1. Go into your LuxSci calendar in the LuxSci web site.
  2. Go to “WebAide Properties” (either from the “Calendars” menu or by right-clicking on your calendar in the left “tree” of calendars).
  3. Choose “Import”
    1. If your iCal is downloaded to your computer, choose “iCal File” and specify the file.
    2. If your iCal is available via w web site link, choose “iCal from URL” and paste in the link to that file.
    3. Specify your “Import Mode”.  E.g. “delete existing entries in your calendar before importing the new ones” is often done.  See the “Help” icon on the upper right of this page for an explanation of the choices.
    4. Click on “Import >”

That is it!  Your calendar should be imported into LuxSci and you should be able to view in the LuxSci web site, synchronize it to your mobile device via MobileSync, or to Windows Outlook using WebAideSync (for Outlook v2007+) or MobileSync (for Outlook v2013+).

Accessing your Calendar, Tasks, and Address Books in a HIPAA compliant way

So, you have a LuxSci account and your need HIPAA compliant access to this information.  Here is what you can do:

  1. Be sure that your LuxSci account is designated as HIPAA compliant.  This ensures that LuxSci has a signed Business Associate Agreement with you and that your account has certain essential security settings enabled and enforced.
  2. WebMail: You can login to https://webmail.luxsci.com (or your own private labeled address) to manage your calendars, contacts, and address books
  3. Mobile Web: You can login at https://webmail.luxsci.com on your mobile device for a mobile friendly web interface to this information.
  4. MobileSync: Use LuxSci’s MobileSync service for secure, HIPAA-compliant, Exchange ActiveSync-based real-time two-way synchronization of your data with your mobile device.
  5. Outlook (Windows)
    1. Outlook v2013 can use MobileSync for the fastest, simplest, and most reliable synchronization.
    2. Outlook v2007+ users an also use LuxSci’s WebAideSync plugin to synchronize their data with Outlook.
  6. Publish it:
    1. Your LuxSci calendars can be published to password-protected secure iCal files that can be accessed read-only over the Internet from any program that can consume these (e.g. Mac Calendar).

Sharing your Calendar, Tasks, and Address Book in a HIPAA compliant way

Access to your own data is only half of the story.  The other half involves sharing it with others in your organization, securely.  Fortunately, this is easily accomplished.

  1. Go into your LuxSci calendar in the LuxSci web site.
  2. Go to “WebAide Properties” (either from the “Calendars” menu or by right-clicking on your calendar in the left “tree” of calendars).
  3. Choose “Sharing”

Once there, you can choose to share your calendar account-wide, with everyone n your domain, with pre-configured groups of users, and/or with specific users.  You can also configure the access level for each group of people.  E.g. some can have read-only, some can make new entries, but not delete or edit, some can do anything.

Once you have shared your calendar (or task list or address book) with others, they will see it in their WebMail interface and be able to access using the assigned permissions.  They will also be able to synchronize the data over MobileSync and WebAideSync so that they can interact with it from mobile devices or Outlook.

Read more: Shared Calendars: Web, Desktop, and Mobile.