Question: How have hospitals worked around possible HIPAA violation issues when using the Patient ID function on smart pumps?

Background: We recently pursued a path to require RNs to enter the MR# in the Patient ID on our smart pumps (Alaris), but were stopped due to a concern over a possible HIPAA violation should a smart pump "go missing" (leave the hospital).

Other facilities who have interoperability (bidirectional communication between eMAR and the smart pump) would theoretically have the same issue.