How can iPhone users who are covered entities prevent PHI from using iCloud?
How do doctors use iPhones to receive patient texts, voicemails, etc. if the Terms And Conditions require the doctor to NOT use the cloud for PHI?
Isn’t this an admission that iCloud is not secure?
iPhone 12
Welcome, Sunshine_777, to Apple Support Communities!
I’m not a lawyer, but it looks like Apple is trying to avoid legal entanglements with Law dealing with “protected health information” (PHI).
Considering the variety of PHI laws, with their highly varied breadths, I can certainly understand Apple trying to avoid such legal entanglements.
It has nothing to do with how secure iCloud is, but the legal entanglements that Apple, or any of its subsidiaries, would be subject to, involving potentially highly intrusive PHI Laws.
As for you question:
«How do doctors use iPhones to receive patient texts, voicemails, etc. if the Terms And Conditions require the doctor to NOT use the cloud for PHI?»
First, emails: use email services other than iCloud email.
This, then, is subject to the conditions of the email service being used.
For the sake of PHI, the doctors would, likely, be best served by using an email service provided as a part of their practice/organization. (Such will not be backed up on iCloud.)
Second, texts, voicemails, etc.: Such messages would, likely, not be directed to the doctors personal phone, and, perhaps, not even to the doctors assigned, organization’s phone, but an organization’s messaging system, similarly to emails, for access by the appropriate staff.
This, then, makes the doctors, and their associated organizations, appropriately responsible under the PHI laws under which they are governed.
Additionally, their organizations are the best equipped to deal with their local PHI laws.
Welcome, Sunshine_777, to Apple Support Communities!
I’m not a lawyer, but it looks like Apple is trying to avoid legal entanglements with Law dealing with “protected health information” (PHI).
Considering the variety of PHI laws, with their highly varied breadths, I can certainly understand Apple trying to avoid such legal entanglements.
It has nothing to do with how secure iCloud is, but the legal entanglements that Apple, or any of its subsidiaries, would be subject to, involving potentially highly intrusive PHI Laws.
As for you question:
«How do doctors use iPhones to receive patient texts, voicemails, etc. if the Terms And Conditions require the doctor to NOT use the cloud for PHI?»
First, emails: use email services other than iCloud email.
This, then, is subject to the conditions of the email service being used.
For the sake of PHI, the doctors would, likely, be best served by using an email service provided as a part of their practice/organization. (Such will not be backed up on iCloud.)
Second, texts, voicemails, etc.: Such messages would, likely, not be directed to the doctors personal phone, and, perhaps, not even to the doctors assigned, organization’s phone, but an organization’s messaging system, similarly to emails, for access by the appropriate staff.
This, then, makes the doctors, and their associated organizations, appropriately responsible under the PHI laws under which they are governed.
Additionally, their organizations are the best equipped to deal with their local PHI laws.
The doctors I know who use iPhones or iPads in their practices do NOT use iCloud on those devices for anything related to their patients or their work. They use proprietary HIPAA compliment software that either their employer providers or they purchase for their practice.
They do not use iCloud mail for work either. They have other email accounts for that. There are numerous HIPAA compliment email providers.
Those terms from Apple do not at all indicate that Apple’s iCloud is not secure. What it does mean is that they are not formally HIPAA compliant. Since Apple is a USA corporation, they would have to apply for and meet HIPAA regulations for iCloud to be useable with patient data, including entering a business associate agreement with the US government (HHS dept.).
Even if the above were so, you yourself would need to sign a BAA with the US government as well to use iCloud with your patient’s data.
iCloud Conditions require no PHI to use iCloud
