This might not be the right forum, if so I apologize but I have the following question.



My wife is a nurse practitioner who is routinely on call. While she is on call for 24-48 hours she is required to use her perosonal cell phone and laptop. She accesses the hospital websites to view HIPPA information and calls the hospitals to consult on patients. My question is in Texas, is the employer required to reimburse her for a cell phone/laptop or is there a requirement for them to provide a phone/laptop. Since there is confidential information according to Texas law they can sieze and erase any information if she chooses to leave. Please provide statute numbers if they apply or relevant case law. She s currently negotiating her new contrac and wants to ensure she s not forgetting anything.

Squirrel Master said:

---

They have no requirement to provide those things. She may be able to take certain deductions on her taxes, but thats about it. But if she can negotiate those things in her contract, all the better.

---

This.

I agree with the response above. Genrally in Texas employers can do just about whatever they want (other than discrimination or smack you around) because if you don't like it you can just quit (oversimplified answer). Is a right to work state.

Quote:

---

She accesses the hospital websites to view HIPPA information and calls the hospitals to consult on patients

---

I think this is the biggest problem with this whole scenario...there's a lot of exposure here.

That's exposure for the hospital, not the employee.

The Wonderer said:

---

That's exposure for the hospital, not the employee.

---

She is most likely covered by HIPAA too. As long as she is not saving any files on her computer, there shouldn't be much risk or anything to delete.

hot_rod_9384 said:

---

The Wonderer said:

---

That's exposure for the hospital, not the employee.

---

She is most likely covered by HIPAA too. As long as she is not saving any files on her computer, there shouldn't be much risk or anything to delete.

---

She is, but as an employee of the hospital, the liability will lie with the employer. Face the same issues at my company; that's why we issue encrypted laptops to those that via ePHI.

The Wonderer said:

---

hot_rod_9384 said:

---

The Wonderer said:

---

That's exposure for the hospital, not the employee.

---

She is most likely covered by HIPAA too. As long as she is not saving any files on her computer, there shouldn't be much risk or anything to delete.

---

She is, but as an employee of the hospital, the liability will lie with the employer. Face the same issues at my company; that's why we issue encrypted laptops to those that via ePHI.

---

She could still be liable if it were due to her negligence

Quote:

---

issue encrypted laptops to those that via ePHI

---

that's my point - at least with what is stated by Wonderer - this is a control in place to mitigate HIPPA info getting out (which may or may not work) Essentially having a BYOD policy to view this information is risky for the employer and a serious red flag from an InfoSec point of view.

and further, and encrypted laptop is only protecting a few vectors of attack/theft. If she is careless with her password(s), the encryption is not going to make a bit of difference.

CapCity12thMan said:

---

Quote:

---

issue encrypted laptops to those that via ePHI

---

that's my point - at least with what is stated by Wonderer - this is a control in place to mitigate HIPPA info getting out (which may or may not work) Essentially having a BYOD policy to view this information is risky for the employer and a serious red flag from an InfoSec point of view.

---

I don't think the laptop itself would need to be encrypted as long as the server and connection to the server or electronic medical records is encrypted/HIPAA compliant. She definitely needs to have a password set up on her laptop

encrypting the data at rest on the laptop prevents the scenario of someone removing the data from that device and being able to read it - OR someone hacking their home wireless signal (another vector) and getting onto the laptop that way. The data is only readable by that laptop if the encryption is keyed off that hardware device.

If someone breaks into her house, and her laptop is open to anyone - then they can get the data that way (assuming here she DOESN'T have some removable media protection in place), save it off unencrypted and go from there. She just needs to be a good digital citizen dealing with this data, and I am surprised the company/employer isn't doing more - that's all I was saying.