I think the question depends on what the definition of “Medical Device” is… might it be any “hardware” that has the potential to touch PHI? Does everyone with skin in the game (no pun intended) understand what PHI is? With the forced push to EMR’s and all the uncertainty of new technologies being deployed to making it happen, we discover daily (although after-the-fact) how easily compromise from such takes place, and learn many providers maybe non-compliant because of these devices. Ouch!
With the rush to EMR’s, healthcare providers appear not to take seriously their responsibility to protect the information entrusted to them due to a lack of proper policies addressing new issues and existing documents being out-of-date. Many look to the latest gadget(s) as an avenue to provide service and affect efficiency without clearly understanding the latent risk any unproven technology brings into this environment; the current portable devices (wireless hardware, mobile phones, tablets, etc.) are a perfect example.
EMR’s have clearly brought a vulnerability and complexity most never imagined! The lack of good information and/or large amounts of misinformation available is a vicious cycle too slowly addressed. Large practices will afford regular pro-active audits and address violations found; small practices will be forced to react to consequences of failed surprise audits. We were told the path to EMR’s would realize huge saving, but the true costs of such will not be fully known for years, and thus far misses the mark. Currently there are too many questions and not enough answers...