Skip to content Skip to navigation

Compliance, Durability Concerns Holding Back the iPad in Healthcare

February 14, 2012
by Gabriel Perna
| Reprints
A recent research report indicates government regulations and durability are the chief reasons why HIT leaders are hesitating on the iPad and other tablets

Despite all the surrounding hype, healthcare IT leaders are expressing sincere doubts about the effectiveness of consumer-grade tablets like the iPad in a clinical setting. A recent study from Rockville, Md.-based BizTechReports, an independent research and reporting agency, found 66 percent of healthcare IT executives say consumer-based tablets create governance challenges for their organizations.

BizTechReports, which interviewed 100 executives and IT professionals within hospitals, cited security, durability and EHR compliance as other reasons for the hesitation surrounding commercial tablets in healthcare. Sponsored by electronics manufacturer Panasonic, the research included a whitepaper, which outlined how a regulated industrial environment isn’t exactly the most welcoming one for consumer-grade tablets.

Other studies, such as a recent physician-based one from SpyGlass Consulting Group (Menlo Park, Calif.), confirms a reluctance in hospitals when it comes to tablets. Both reports say at the heart of the issue is a struggle within hospitals between the IT side and physicians.  Approximately 75 percent of the physician respondents in the SpyGlass study say hospital IT directors are reluctant to support mobile devices because of security and cost reasons.

Lane Cooper, editorial director for BizTechReports, found a similar issue. “The challenge that we outlined in the study, that the numbers revealed, was that you have a lot of pressure from physicians, who are not only intelligent but powerful within a hospital setting, because they are getting a tremendous amount of benefit from leveraging the user-interface that these consumer tablets bring to the tablet,” he notes. “But what’s difficult for them to adhere is the pushback from the IT side which has concerns about governance, risk, and security.”

Healthcare Informatics Assistant Editor Gabriel Perna recently spoke with Cooper about the specifics of the study. Here are excerpts from that interview.

Explain exactly what are the governance challenges facing healthcare IT leaders when it comes to tablets?

Governance is about the rules of the road. The policies you put in place, so you can play the game. It sets boundaries of what you can and cannot do. And in the world of healthcare, some of the most important boundaries over the last decade have been driven by HIPAA (Health Insurance Portability and Accountability Actof 1996), which is trying to accomplish two seemingly incompatible objectives: ensuring data that can be shared, but also to protect the data to make sure the privacy of the patients is secure. That is a high-wire act for someone trying to put together governance that complies with those rules.

In order to accomplish that, you need to put in automated procedures that give you a reasonable expectation that data is not leaking, that only the people who need to see can see it, and that it can move across enterprise boundaries. Those governance rules are meant to limit risk. And when you introduce consumer technologies that are not designed to support these governance rules then you have a problem. And you have a market problem when the people responsible for your business [physicians] are not aligned with those governance rules.

I can imagine they [physicians] can be frustrated by different governance rules, especially when working for multiple organizations, and they basically just want to do their jobs. And they’ve found the innovation that these consumer devices provide can give them a lot of flexibility on how they can access and share information with their patients. However, it brings them out of compliance with the governance rules set in place by specific organizations, which in turn, brings the organization out of compliance with these major rules around privacy and security of data.

It almost sounds like HIPAA is kind of holding back these tablets. Is that a fair thing to suggest?

It depends on what you choose to call the dog and what you chose to call the tail. Devices like the iPad are a tool, and HIPAA is a rule designed to protect patients and hospitals and provide guidance on how the patient data can move and still be protected. From my point-of-view, I would look at it from the opposite perspective. I would say these consumer technologies, while they have the status of consumer technology, represent a threat to a core element in a healthcare organization’s portfolio activities, which is not only to provide the best healthcare outcome at a low cost, but to protect the data and information flow. Should the burden lie with regulations to support a consumer tool or should the tools evolve to meet the requirements of these important legislative developments?

Moving on from privacy, what are some of the inter-operational challenges with the tablet and electronic medical records (EMRs)?

A lot of these consumer technologies, they are designed to work in a web-enabled environment. The systems that hospitals have in place today, especially established organizations, they have many generations of legacy systems that were not designed with a web-interface in mind. There are just speaking a different language. So there’s just an inter-generational challenge between getting access to the data.

The study and whitepaper mention the iPad a lot, why does it seem the iPad is singled out?

It’s synonymous; it’s a function of their being first to market, and by a long-shot, being the primary platform in which the IT community is being exposed to the consumerzation of IT. It’s because they were so good at what they did.

In what other ways are tablets not equipped yet for a medical environment?




I have done a lot of research and implementation of iPads/iPhones in the clinical space. Everything is about risk especially when it comes to portable devices. Whether it is a tablet or laptop, they are equally unsecure out of the box. However, an iPad can meet HIPAA compliancy much faster then a laptop. All data on the iOS device is 256 bit encryption, not on a laptop. Can't auto wipe a laptop after 10 failed attempts at a password, at least out of the box. I am not sure where the line is between a consumer product and commercial product. Is a Panasonic tablet more secure than an iPad?

I think the main issue is how do these device meet the corporate governances? I think the iPad does a better job at compliance then the PC sitting on your desktop. So what is the issue administrators have? I think the main issue is Apple itself. Apple has not made it easy for corporate purchasing. Also, how much Apple hardware is in IT, no very much and that unfamiliarity causes concerns. It is not about money, it is about control. IT departments would rather purchase a Toshiba PC based tablet, that is bulky and costs 4 times as much as an iPad. Where is the stat on how long iPads last in the hospital space. Buy an Otterbox if that is your chief concern.

I build custom HIPAA compliant solutions on the iOS platform, a big part of that process is working with the IT security team. These solutions don't need to store any PHI data on the device. They access data directly from a SQL source through the hospitals VPN. We also do disconnected data with PHI data. Both require 10 point security checklist.

Overall, I think the iPad is appropriate and can address the risks and environment in which they are brought into, probably more so than any PC, they are designed around security.

My 2 cents.