According to a 2015 Statista study, approximately 81 percent of doctors use their smartphones for professional purposes.
And the results of another study revealed that 64 percent percent of doctors surveyed use text messaging to send and receive patient data among colleagues, such as patient diagnoses, test results, and medical advice.
There’s no question that mobile devices are incredibly useful to today’s healthcare organizations, especially when it comes to simplifying tasks and making processes more efficient.
However, the uptick in mobile device usage in the healthcare space is not without its risks. With thousands and thousands of devices like smartphones, tablets, and laptops now requiring access to a healthcare network, HIPAA compliance and security have become some of the biggest issues for today’s health IT professionals.
Unfortunately, if organizations do not meet HIPAA requirements for mobile devices, hefty HIPAA fines can follow, and, even worse, patient data can be stolen.
Factoring in Mobile to Keep Patient Health Data Safe
The federal government put HIPAA in place in 1996 to ensure we have rights over our private health information, regardless of whether it is in paper or digital format. However, many people’s understanding of HIPAA compliance is limited to the original HIPAA Privacy Rule, which primarily focuses on how healthcare organizations may use and disclose protected health information (PHI).
HIPAA’s main objective is to protect patient privacy. Its regulations require healthcare organizations and healthcare providers to adopt a specific set of standards to protect patients and keep data secure.
Unfortunately, a surprising number of providers today using mobile devices do not insist on appropriate privacy protections to secure patient data. And even if an organization’s mobile devices are believed to be safe, there is significant potential for devices’ users to breach HIPAA rules. Without proper controls, devices can be compromised, and ePHI stored on them accessed by cybercriminals.
So, what can healthcare teams do to protect employees’ mobile devices and the personal patient information stored on them?
HIPAA offers some basic steps that organizations can take to protect healthcare information when using a mobile device. Below, we include several highlights from HIPAA’s information. It is essential to understand that if your organization is currently utilizing a HIPAA compliant service, incorporating these extra layers of security can be extremely advantageous when dealing with healthcare information on any mobile device:
Check all devices’ encryption technologies, antivirus protection and firewall to confirm they are functioning the right way and are up-to-date.
Protect all mobile devices with a password or authentication requirement.
Enable timeout features on your devices so that they log users out after a period of inactivity.
Disable file-sharing options.
Understand that text messages are not HIPAA-compliant. To make texting safe, you must make it compliant with privacy laws, including activating data encryption and developing a well-thought-out text message usage policy organization-wide.
Always investigate mobile apps before you install them. They should be from trusted sources. Check that your mobile patient portal, practice management tool, or customer relationship management (CRM) software’s mobile app is HIPAA-ready. You can find recommendations for mobile customer and patient tools at TechnologyAdvice.com.
Use a two-part login process, like both a password and a security question.
Additionally, if a team member’s employment with your healthcare organization terminates, follow the proper steps for erasing medical information before disposing of any mobile device.
It is also recommended to use caution when it comes to employee Internet usage. For example, if your staff members access insecure websites, they run a significant risk of exposing sensitive data transmitted from their device. With this in mind, make it a priority to train employees properly to avoid visiting insecure websites or Wi-Fi networks. You also can implement antivirus protection and a VPN on every employee’s phone to secure Wi-Fi communication.
Finally, it’s important to realize that the web browser itself on an employee’s phone could also be a source of vulnerabilities, and, in some cases, can lead to browser attacks, especially on Android devices. Ensure that your team members have the most current version of whatever web browser they use to avoid issues.
Protecting Patient Data is Your Organization’s Responsibility
Regardless of the kind of technology a healthcare organization uses to help provide care, they are obligated to protect PHI. If a tablet or mobile phone is used to access, transmit, receive or store information, it must have specific security precautions in place to ensure the data cannot be altered or destroyed. Also, controls must be put in place to allow any mobile device to be audited.
As long as the appropriate security controls are put in place, the increasing use of mobile devices in the healthcare space has significant potential to improve productivity, boost efficiency and contribute to enhanced patient outcomes.
The key is to ensure that any mobile devices you use in the process do not put patient privacy at risk or give cybercriminals easy access into your network.
Lisa C. Dunn is a writer for TechnologyAdvice and a freelance writer, copywriter and ghostwriter who develops high-quality content for businesses and non-profit organizations. For over 20 years, she has worked with numerous PR and digital marketing agencies, and her work has been featured in well-known publications including Forbes, VentureBeat, Mashable, Huffington Post, Wired, B2C, USA Today, among others.
Within the last decade, Information Technology (IT) has fundamentally changed the delivery of healthcare in the U.S., driven by patient demand, the growing number of health IT vendors, and programs created by the Center for Medicare and Medicaid Services (CMS). One of the segments of the U.S. population that stands to benefit the most from these advances is senior citizens – a group facing ever-increasing healthcare costs. (more…)
Given the time sensitive nature of the MACRA program, this article is out dated. Please refer to Bridge’s MACRA 101 article for more current explanation of the MACRA program and how it relates to a patient portal.
As we head into the second half of 2016, it is difficult to talk about Meaningful Use without mentioning the Medicare Access and CHIP Reauthorization Act (MACRA), the new healthcare legislation that is shaping up to begin in January 2017. There has been a lot of buzz that Meaningful Use is ending with the approval of this new legislation, but that is not exactly the case. While the words “meaningful use” may start to fade out of our everyday lexicon, don’t be fooled into thinking that Meaningful Use is going away. Under MACRA, it’s basically just been repackaged and tied up with a bow, as a piece of this larger incentive program. (more…)
Although healthcare IT has transformed over the years, patients have held the same expectation: to be in the care a personable doctor who will communicate effectively and make health decisions that are in the patient’s best interest. However, doctors have constantly struggled to navigate the boundaries of a patient-doctor relationship and the use of new technology unfortunately could potentially complicate the issue. Below we discuss the Do’s and Don’t’s of doctor-patient interactions on online platforms. (more…)
Many industries have already discovered the benefits of outsourcing IT systems to a professional IT service, and while healthcare is no stranger to the concept, it is once again gaining prominence.
A recent Black Book report, which surveyed over 1,030 hospital IT leaders, 240 CFOs and over 1,000 business leaders, found an overwhelming number of recipients in favor of using outsourced health IT solutions, such as point-of-care technology, healthcare IT infrastructure, and HIPAA compliant security. Nearly 73 percent of hospitals with over 300 beds are now looking outside for their technology solutions, and 81 percent of providers with less than 300 beds have prioritized outsourcing complex IT operations in their development plans.
The main reason for the increased demand in outsourcing is due to the growing importance of IT in the delivery of quality patient care. Healthcare organizations are relying on technology more and more, like the need for a secure patient portal, as an essential component of their operations within the rapidly changing healthcare scene.
Advantages of Health IT Outsourcing
The last time that the healthcare industry saw prominent growth in outsourcing was in the late 1990s in order to control costs through broad based IT solutions. Today, positive return-on-investments and immediate access to fully trained IT staff and required technologies are the key drivers.
According to the Black Book survey, 90 percent of outsourcing hospitals reported an immediate return on investment (3 months or less) for health IT outsourcing in Q3 2015 when the survey took place. Many providers are also simply not in a position to hire and train internal IT staff, whereas outsourcing can help to implement new technologies faster by utilizing and putting together resources quickly.
84 percent of respondents reported that their relationship with outsourcing vendors is exceeding their expectations, and almost 86 percent of CFOs and 91 percent of CIOs would be willing to reshape an entire organization in order to implement outsourced IT services in the most effective and efficient manner.
Hospitals have increasingly felt the pressure of managing revenues, and severely tightened margins have further put pressure on bottom lines. Outsourcing can help lower costs considerably, especially as the push for more sophisticated patient records, secure patient portals, data analytics, and population health management continues to grow.
Doug Brown, managing partner of Black Book Market Research commented, “Most hospital leaders see no choice but to evaluate and leverage next-generation information and financial systems as an outsourced service in order to keep their organizations solvent and advancing technologically.”
While there have been past failures reported on outsourcing, the causes of these failures mostly resulted from selecting the wrong vendor, unrealistic expectations, or insufficient performance monitoring. Consumers have since used their experiences to adapt and improve their IT outsourcing contracts.
Certainly, it’s clear that the business value to be gained from health IT outsourcing, in terms of economics, technological skills and expertise, established processes, and service quality, can ensure a cost effective solution and allow healthcare organizations to focus on their core business.
Nearshore Americas’ whitepaper “Healthcare Software: The Argentine Advantage” highlights many benefits that Argentina has for outsourcing healthcare software development over its offshore rivals. Here are the key reasons for partnering with a nearshore developer in Argentina:(more…)