At the Mobile Devices Roundtable last Friday, a common theme emerged from the discussion that security policies haven’t quite caught up to technology. The gathering of public and industry leaders was sponsored by the Office of the National Coordinator (ONC) and the Office for Civil Rights (OCR), to foster conversation around securing and protecting health information while using mobile devices.
During the panel discussion “Real World Usages of Mobile Devices by Providers,” participants noted different ways they have implemented mobile technology in their practice settings. Christopher Tashjian, M.D., a family physician and chief of medicine for the River Falls Area Hospital (Wisconsin), said his top three considerations for integrating mobile applications into his practice were instant access to information, the ability to access patient records to provide better care, and the facilitation of communication to patients to reduce the cost of care.
Christopher Tashjian, M.D.
Tashjian said physicians at his organization that a year ago would text X-rays to specialists, but had to cease doing that to adhere to HIPAA policies. His organization is now trying to move forward with work-arounds, for example, by messaging an image of a fracture, but not including any patient identifiable data.
Jacob DeLaRosa, M.D., a cardiovascular surgeon at Idaho State University, and chief of cardiothoracic and endovascular surgical services at Portneuf Medical Center (Boise, Idaho), said he used a mobile device to view cardiology reports, coronary angiography reports, and CT scans. This allows him to give his medical opinion quickly over the phone, he said, instead of having to drive to hospital to view reports.
The Healthcare Information and Management Systems Society (HIMSS )is currently working on promoting a few key initiatives in the mobile health area, including a HIMSS Mobile Technology Survey that was released last fall. The survey found that the majority of respondents (84 percent) look up non-PHI health information, while 75 percent of respondents view patient information, and 28 percent of respondents are permitted to store patient information on their mobile devices, said Lisa Gallagher, senior director of privacy and security at HIMSS. The survey also found clinicians were most concerned about the speed of data access, privacy and security, and screen resolution when accessing information via mobile device. HIMSS is sponsoring a mHealth summit in December, and working on enhancing a mobile security toolkit with best practices, etc.
Care Transitions and ACOs
Panel participants were enthusiastic about the prospects of using mHealth for aiding care transitions, especially from acute settings to long-term care facilities, and facilitating the creation of accountable care organizations (ACOs). Steven Jeffery Heilman, M.D., CMIO, Norton Healthcare, said organizations that leveraged eVisits to administer preventative care to patients earlier to avoid costly hospital admissions later.
Tashjian said his organization has already signed total cost of contracts, and was using mobile technology to track congestive heart failure (CHF) patients. Meri Shaffer, R.N., cinical systems analyst, Montefiore Home Care (New York City) said her organization, too, was using home monitoring to keep CHF patients out of hospital.
BYOD vs. Enterprise
Panelists were on both sides of the fence when it came to deciding whether organizations should furnish mobile devices or allow clinicians to bring their own. Shaffer said that nurses in the home health industry expect to be issued a mobile device for their practice, which she finds a much cleaner way to deal with security issues. Heilman said years ago his IT department only supported PCs and Blackberry devices, but then outrage from users with Apple products forced the IT department to support them. Heilman noted that some users expressed suspicion about policies, such as wiping devices after too many incorrect log-ins, because they seemed too much like “Big Brother.”
Steven Jeffery Heilman, M.D.
Gallagher noted that organizations can save a tremendous amount of money using a BYOD approach, but they need get a handle on setting a usage policy and training end users accordingly. She noted that organizations can look in the HIMSS mHealth toolkit for sample user agreements by organizations that have been successful in this area.