The mobile app game that has thousand of players roaming streets, parks, and even workplaces—healthcare providers included—has health privacy experts concerned.
Pokémon Go is a smartphone app that uses a phone’s GPS and camera to help players search for virtual characters in real life settings. While it’s frequently touted as an engine for encouraging players to step out of their everyday settings and interact with their surroundings and neighbors, healthcare providers have noted an influx of users venturing into hospitals.
This has health officials worried that picture-taking players will inadvertently photograph patients receiving care or capture protected health information. The app includes an option for players to use the phone’s camera to photograph the Pokémon they encounter within the context of their real-life surroundings via an “augmented reality” setting. As a result, several facilities have prohibited hospital employees from playing the game while on the job, while other facilities are directing the game-playing public to steer clear.
Officials at Utah Valley Hospital in Provo, UT, are concerned about the safety of players, employees, and patients because the game directs players to the hospital’s helipad, according to a report by The Advisory Board.
The game has also led officials at Covenant Healthcare in Michigan to ban Pokémon Go players from the facility. In a statement to The Advisory Board, Covenant spokesman Larry Daly said, “Covenant prohibits entry into the hospital to hunt for Pokémon… security department and the local police have been alerted to this situation.”
Beyond the physical risks of adding civilians to an already chaotic provider environment, providers and privacy experts are concerned that patient privacy is at risk due to the increased use of smartphone cameras used by the game.
Chris Apgar, CISSP, CEO and president of Apgar & Associates, noted in Medicare Compliance Watch that the act of taking a picture does not amount to a HIPAA violation, however, “It only becomes a violation if the photo is posted on social media without patient authorization received first. If the employee loses the phone or the phone is stolen, that could become a breach of PHI, though, if the phone is not encrypted.”
Click here for a step-by-step guide for companies that would like to remove their location from Pokémon Go’s index of venues.