In the news, more and more reports on Docs using their mobile devices are springing up. This could be good or bad news depending on your attitude towards privacy and your personal health information.
The Good
It has long been a perception that the health care industry is living in the stone-age when it comes to adopting cutting edge technology and information services in the context of patient services, but with the HITECH Act, HIPAA Compliance regulations, and the pervasiveness of smartphones, this is changing quickly. 94% of docs are now using mobile phones, a 60% increase from a 2006 study performed by the Spyglass Consulting Group in Menlo Park, CA. Having such widespread adoption would lead one to believe that doctors now have the ability to be much more repsonsive to their patients and can get more done. Think again…
The Bad
The same study performed by Spyglass also found that 78% of the doctors in their sample reported issues communicating with their smartphones. This was in large part due to the lack of integration with other services they use (EHRs, Patient Management Systems, proprietary email clients, etc.) and/or the inability to receive mobile reception/services in a particular area or hospital.
While it seems there is more open adoption of technology within the health care industry, it is apparent that there is little convergence and integration occuring between the desktop/web application and the mobile worlds. Obviously, there is a lot of work going into integration between health care application platforms and clients (devices, desktops, etc.), but it is hard to see when true inter-connectivity will actually happen in the context the ONC would like to see it.
The Ugly
It is on your mind: “My information is on a device. That device can be lost or stolen. My information is not secure.” This is true, scary true. Mobile devices and smartphones are amazing utilities, but they also provide one of the scariest security holes for health care CIO’s and compliance officials. If a doctor leaves their device, by accident, in a coffee shop and it is not locked or secured in any way, that information is now public in the mind of a security expert.
According to Veterans Affairs, 37 smart phones were lost in the past two months (June/July) by employees. Smartphones that have thousands of emails on them with sensitive information. Compound these numbers by the number of docs using smartphones and we have a lot of sensitive information floating around.
There are some basic counter measures that help secure devices, e.g. lock-and-wipe, time-outs, password protection, but if we have learned anything about digital security, there is no such thing as total protection.
Another issue with mobile devices and smartphones is their reliability when sending patient data/information. For example, a doctor uses their smartphone to send a prescription to a pharmacy. How do we know it got there? Went to the right pharmacy? Or if it did not get there, where did it go? The reliable transmission of sensitive data over the network when using mobile devices is immature at best, especially when it is clear that inter-connectivity has not been addressed.
Summary
With the widespread adoption of technology in any area, there are always going to be security concerns. As the health care industry moves towards the ubiquitous adoption of mobile devices and the digital exchange of health information, we must realize there will be challenges and not to live in fear of them.
CIOs and Health IT experts will need to look into new solutions to create robust and reliable security policies that cover their network from end-to-end, even the hard to control and manage smartphones.