How to protect PHI while providing staff – and patients – with the benefits of mobile access.
The majority of us recognize that there is no turning back. Smart devices are here to stay and are streaming into the workplace in large numbers. We are a connected society, with billions of network-connected devices considered essential tools for almost every aspect of everyday life.
What does this mean for the healthcare industry? The arguments in favor of allowing access to personal health information (PHI) from mobile devices are gaining broad acceptance, and some healthcare providers have even introduced bring-your-own-device (BYOD) policies. The technology teams at healthcare facilities that are still resisting the trend face increasing pressure from staff and patients.
The pros have it
Doctors, administrators and staff are demanding instant access to patient and treatment information. They intuitively understand that mobile access could make it easier, better and more efficient to get the data they need whenever and from wherever they need it – and ultimately drive up the quality of care. Mobile devices can enable remote patient monitoring, making it possible for staff to virtually deliver care in multiple places at the same time. And mobile devices, tied into a hospital’s infrastructure, can connect care teams with ad hoc conferencing and on-the-fly interactions between doctors, nurses, PAs, pharmacists and vendors.
Patients are also requesting mobile access. Healthcare providers that offer mobile access to appointment calendars, lab test results and health awareness information can automate information delivery to lower costs while improving patient experiences.
The demands for mobile access for medical teams and patients are supported by the latest research. A 2012 study done by the Brookings Institute* highlights the proven benefits that mobile technology is bringing to the industry. Besides enhancing collaborations between healthcare providers and specialists, the study points out the potential for improved management of chronic diseases enabled by device-enabled remote monitoring. And elder care, where only 50 percent of patients take their medications as prescribed, has been shown to be another area where mobile devices improve results.
Overcoming the cons
However, mobile access has not yet overcome all of the hurdles. Governance, risk management and compliance (GRC) regulations such as HIPAA and HITECH continue to introduce more stringent requirements surrounding electronic medical records (EMRs) in general and mobility in particular. The main concern is to manage the risks to patient privacy and avoid any inadvertent disclosures of sensitive information.
First and foremost, IT teams should introduce some foundational controls before patient care teams are granted permission to use their smartphones and tablets at healthcare facilities. These controls are necessary to safeguard PHI when the hospital and clinic infrastructure is opened to smartphones and devices operated/owned by staff and patients. IT should be able to monitor and control both inventoried devices and those owned by employees and guests (i.e., patients, their families and friends) within patient treatment areas, and prove that confidentiality of PHI is being safeguarded.
A variety of mobile device management (MDM) approaches can benefit patients and their guests and families, as well as caregivers and administrators. Controlled access to the network that serves everyone at the healthcare facility can be granted to mobile device users without compromising patient confidentiality or compliance with local and federal governance criteria. The best-of-breed mobility management solutions enable multilayered controls, including:
- Encryption of hospital-managed data, both while at rest as well as in motion (on the network and on hand-held smart devices);
- Strong authentication of remote and on-site mobile users;
- Strict and effective password policies on all connected devices;
- Clean-up policies for patient data downloaded to any mobile device’s memory.
Besides features that focus on patient data tracking and management, IT must have the capability to oversee the behaviors of all devices connected to the healthcare organization’s infrastructure. This calls for policies and processes for locating tagged assets (inventoried mobile devices) as well as monitoring the status of the security software on those devices, and overseeing and restricting the activity and applications on devices that have access to PHI. For example, IT must be able to “wipe” lost or stolen employee devices to which PHI has been downloaded, and block inappropriate or high-risk applications from being used on infrastructure-connected mobile devices employed by doctors, nurses, PAs and administrators.
MDM solutions for healthcare environments
Today’s technology market offers healthcare teams a range of MDM solutions suited to overcoming the challenges listed above. Increasing numbers of hospitals, doctors’ offices and clinics are introducing best-of-breed MDM platforms for defining and enforcing security and access controls. These platforms can also offload these organizations’ IT teams by automating administrative and monitoring capabilities and making mobility both low risk and low overhead in terms of day-to-day management.
Like any other evolving technology, MDM solutions vary. Some considerations that should guide the evaluation of appropriate healthcare mobility solution alternatives include:
- Infrastructure requirements. On-site software can drive up costs, requiring healthcare organizations to add servers and storage within the facility's on-site or outsourced data center. Cloud-based solutions avoid these start-up costs and also give caregivers more immediate monitoring and control benefits.
- Levels of visibility. Besides basic device information, healthcare organizations should look for an MDM solution that provides visibility of device antivirus status that ultimately blocks cyber threats, as well as visibility of the apps running on the smart devices that are utilized by doctors, nurses and other caregiver team members. If overlooked, the apps in particular can distract caregivers and degrade staff productivity.
- Breadth of data protection. Sensitive patient data should be secured at rest as well as in motion, and IT should be able to track and remotely erase any PHI or otherwise confidential treatment data that has been downloaded to or viewed from smartphones and tablets.
- Geo-fencing and other location-based controls and tracking. It is possible to restrict employee-owned mobile device access to inappropriate applications (e.g., gaming, gambling and other non-healthcare-related activities) while the devices are on site. The location-specific restrictions can be automatically removed when off site. In this way, MDM solutions can balance risk with employee satisfaction, and therefore promote voluntary adherence to corporate mobility policies. This is especially important for BYOD devices.
- Premier features. Alerts and notifications for compliance violations, the ability to broadcast over-the-air messaging and paging via text/push, and fine-grained application management controls (whitelist/blacklist, for example) can significantly enhance the enforcement of mobile device policies and help healthcare organizations promote safe mobile behaviors.
With the right monitoring and control solution, mobile devices can empower doctors and collaborative caregiver teams with immediate access to information that can shorten time to diagnosis and treatment and therefore improve quality of care. Smart devices also take collaboration and information sharing to new levels for extended caregiver teams. Allowing these devices to be used on site with the right management solution can minimize risks for even the most stringently regulated healthcare environments, as proven in many world-class healthcare centers around the globe.
Mobile devices are here to stay, and fortunately healthcare organizations can embrace them with confidence. In fact, besides IT, finance teams and administrators will also be much more enthusiastic about the use of these devices in healthcare environments when they learn about the latest telecom expense management (TEM) solutions that are evolving in parallel with MDM. But that’s another story. Stay tuned!
Brookings Institute, “How Mobile Devices are Transforming Healthcare,” May 2012. Available online at www.brookings.edu/research/papers/2012/05/22-mobile-health-west.
About the author
PJ Gupta is the CEO and founder of Amtel, Inc. Amtel offers the industry’s first integrated solution for managing smart device security and telecom expenses. Provided via a convenient and cost-effective SaaS platform, Amtel MDM is the only SAS 70 Type II certified solution for MDM, offering the highest level of data security and reliability. For more information, visit www.amtelnet.com.