When people share relevant health data and information – including the patients from whom the data originates – they may be better prepared to make improved care and treatment decisions. However, when you grant more people access to the data pool you either beef up security measures or suffer the consequences. These points are especially vital relative to mobile and wearable medical devices.
While 2014 could bear the label “year of the data breach,” it also could carry the moniker “year of mobile access and convenience.” Balancing this qualified need for access against shielding access from unqualified intruders continues to be a struggle for healthcare information technology executives. Accomplishing either is hard enough; achieving both through a strategy of integration not only is a science but an art form. Where are efforts going right? Where are efforts going wrong?
Through a pair of industry experts, Health Management Technology examined the progress of mobile health.
HMT: In what specific ways can mobile devices improve clinical operations and financial operations for a healthcare organization?
Justin Lelacheur: The enhanced mobility afforded with mobile devices has the potential to improve clinical operations as providers adopt clinical reference and decision support applications designed for these new medical devices. As these applications are adopted, improvements in rounding and charting can be found where the application improves but does not disrupt existing workflows. From the financial operations perspective, where charting and document deficiencies can now be completed while mobile, improvements in revenue cycle can be achieved and shorten billing cycles.
Tom Giannulli: Mobile devices can help improve clinical operations and create cost efficiencies in many ways in healthcare businesses of all sizes. Using mobile devices allows providers to have access to clinical decision support tools to check drug interactions and review disease-specific information while at the point of care or from remote locations. Whether they are individual apps for things like e-prescribing or a full electronic health record, mobile devices provide more flexibility while helping to reduce errors and the need to submit repeat tests or prescriptions.
When using a fully mobile electronic health record (EHR), providers can go one step further and truly practice heads-up medicine. They can look the patient in the eye and have a conversation while using intuitive tap and swipe to document important information. They can also show the patient illustrations, graphs and education in the moment by simply flipping the device around. Doctors who use technology like this properly can fully engage patients and find higher levels of patient satisfaction. By reducing errors, repeat testing, phone calls around prescriptions and follow-up questions, practices save time and money. There is also some indication that these physicians are less likely to be sued and may eventually see lower malpractice premiums. New research also suggests patients are more loyal and more likely to switch to physicians who use modern technology like an EHR, patient portals, text reminders and other tools. As a result, these providers may see increased panel size and more overall visits.
HMT: What are some key mobile device access and integration mistakes that hospitals make?
Lelacheur: Two key mistakes that are common are improper security practices and the introduction of new mobile applications that do not complement current clinical workflows. As far as security is concerned, it is often found that many hospitals lack proper security assessments of their mobile policies to restrict [personal health information] data storage and transmission on these new mobile devices. It is often found in initial release versions that mobile applications have limited feature capabilities and a user interface design and experience that result in an inability to free the clinician from the traditional desktop application and disruption to current workflow efficiencies.
Giannulli: The biggest mistake is choosing solutions that aren’t designed for mobile, such as when a vendor places its existing technology on a mobile device. That doesn’t make it truly mobile. It is important to choose mobile applications that are designed for mobile use.
HMT: How do “wearables” (e.g., body-worn sensors, scanning/tracking devices) fit into this mix?
Lelacheur: It is still the early days for mobile body-area sensors within the clinical setting. Thanks to mass market adoption of consumer wearables, we do see a future where the fusion of both clinical and consumer body sensors can yield a more complete picture of a patient’s diet and wellness, but more advanced clinical, as well as consumer health sensor capabilities, will be needed to make a significant impact to modern diagnostic practices.
Giannulli: There is real potential for wearables to help improve engagement and wellness for patients. What this really requires, though, is for physicians and patients to work together. Physicians should prescribe devices based on what can help the patient and the provider to better manage a given disease. This will require vendors and physicians to work together to integrate devices with other technology like EHRs. Without good coordination, the patient-submitted data may not get reviewed or be a factor in medical decision making for a busy provider.
5 best practices for deploying/expanding BYOD programs
Dell recommends that companies carefully align their bring-your-own-device (BYOD) program with data security and privacy regulations to avoid any pitfalls concerning compliance. While BYOD initiatives can be great for employees, they often pose a potential nightmare for employers as failure to comply with regulations can result in companies suffering financial penalties, litigation and damage to their reputation. Dell advocates the following five best practices for protecting regulated data and employee privacy.
Start by identifying all regulated data and then determining which data will be generated on, accessed from, stored on or transmitted by BYOD devices. Once regulated data has been identified, organizations can decide on the best strategies for protecting it and ensuring compliance. Heavily regulated data may require a multifaceted approach, including a combination of:
- Encryption to keep data safe in the event of a breach;
- Secure workspaces to keep regulated data from commingling with personal information;
- Virtualization for heightened IT control of applications and the data they access;
- Data leakage protection (DLP) to control which data mobile employees can transmit through BYOD devices and to prevent the transfer of regulated data from a secure app to an insecure app; and
- The ability to remotely wipe data from a device, if necessary.
Deploy solutions for monitoring, tracking and controlling access rights according to a user’s identity, device type, location, time of access and resources accessed. In addition, prevent employees from accessing data on unsecured (or jailbroken) devices or transmitting unsecured data using their own device.
A complete solution for identity and access management (IAM), firewalls and virtual private networks (VPNs) can protect data and networks. It also can help control administrative complexity and support numerous device types, operating systems, user roles, data types and regulatory requirements. The solution should make it simple for authorized users to access information and resources from personally owned devices to maximize mobile flexibility and productivity.
Best Practice No. 3: Secure devices
Demand extra security for employee-owned devices. As a first step, require a password to access devices or the secure workspaces on them. In addition, a smartcard reader or fingerprint reader can prevent unauthorized access to tablets and laptops if they are lost, stolen or inadvertently used by family or friends.
Be sure the applications developed for mobiles devices maintain compliance. To assess application compliance, ask the following questions:
- Can the multifactor authentication required for enterprise applications be employed on smartphones?
- Are the mobile devices storing sensitive information as an employee interacts with an enterprise application?
- Does a secure Web session expire in the same amount of time on a tablet as it would on a corporate desktop?
To assist with the application compliance process, many companies enlist the help of an application development consultant with experience and expertise in ensuring the compliance of mobile apps. To show proof of compliance, be sure the solution supports appropriate reports and audit trails while controlling complexity.
Employees must understand the critical importance of adhering to regulations and potential consequences of compliance failures. Mobile employees must be especially sensitive to potential breaches while outside corporate walls. A signature on a document promising adherence to rules is not enough. Ongoing education is essential.
Source: Dell