In some instances, physicians who work in hospitals aren't waiting for hospitals to provide them with mobile apps and devices that can help them provide care more efficiently. Rather, they're bringing such apps and devices into the organizations where they work.
That trend was cause for concern among healthcare IT professionals who attended the annual Healthcare Information and Management Systems Society conference this past February, as it raises issues ranging from protecting the security of patient information to an inability to gaining a better handle on the technologies entering their facilities.
"One of the biggest challenges hospitals face is in getting control of the mobile apps that are coming into their organizations," one healthcare IT consultant said. "Texting is being used by physicians under the noses of the chief medical officer and chief information officer in diagnosing and treating patients, and that raises a lot of different issues for hospitals, particularly in regard to protecting the privacy of patient information."
An organization's ability to protect the data used on mobile apps and devices also is becoming of greater importance. "What happens if a mobile device containing patient data is stolen, or an electronic file or message containing such data is intercepted?" a healthcare IT professional commented. Auditors for the Office of Civil Rights-part of the U.S. Department of Health and Human Services-are increasingly auditing healthcare organizations that have reported security breaches involving 500 or more patient records, those that have been the subject of complaints regarding their protection of patient information, and those that have previously been the subject of investigation (McNickle, M., "3 Hot Buttons that Can Trigger an OCR Audit," Healthcare IT News, April 24, 2012). And the budgets that these auditors have at their disposal are increasing, healthcare IT professionals say, giving them greater resources with which to investigate concerns over IT security.
How can hospitals and health systems begin to better protect the security of patient information on mobile apps and devices? Here are a few action steps.
Conduct an assessment to determine the level of security of mobile devices and apps being used throughout your organization. Work with the medical staff and clinicians to determine the types of devices and apps that exist in your organization and whether data on these devices and apps are encrypted according to federal standards, so that they cannot be read by those outside the organization if they are stolen.
Determine whether your organization should purchase "breach insurance" and, if so, the amount of breach insurance required. Such insurance protects the hospital financially in the event of a data breach. One study found that a significant data breach could cost a hospital as much as $1 million (Roney, K., "10 Guidelines for Selecting Data Breach Insurance," Becker's Hospital Review, May 22, 2012). In determining how much insurance to purchase, hospital leaders should first understand their risk of exposure and the potential costs of remediation.
Educate physicians and staff on guidelines related to the use of mobile devices and apps in health care. For example, the Joint Commission issued a statement in November 2011 that physicians and clinicians should not use text messaging to share patient information ("Joint Commission: Text Messages Should Not Be Used in Patient Orders," iHealthBeat, Nov. 21, 2011).
Jeni Williams is associate managing editor, HFMA's Westchester, Ill., office.
For more information, see Jeni Williams' "The Value of Mobile Apps in Health Care," hfm, June 2012
Publication Date: Friday, June 01, 2012