5 HIPAA-Compliant Best Practices for Mobile Devices in Healthcare How to Enhance Patient Services Without Sacrificing Patient Privacy A FreedomPACS™ White Paper for the Healthcare Industry with a Special Focus on Radiology This white paper will help healthcare professionals, organizations and services to: Describe how mobile platforms are shaping the industry in terms of communication, workflow, diagnosis and patient care. Weigh the advantages and disadvantages of this technology in the healthcare environment. Understand privacy and security issues in light of HIPAA, HITECH and other laws. 4 Identify and implement specific physical, technological and administrative solutions and strategies to ensure legal compliance. 5 Outline how mobile medical trends apply to radiology. 1 MN Systems | 29275 Northwestern Highway, Suite 100 | Southfield, MI 48034 | 855-740-1130 | f: 855-740-1120 | [email protected] CONTENTS 5 HIPAA-Compliant Best Practices for Mobile Device Usage in Healthcare Executive Summary3 Best Practice #1 Understand the Role of Mobile Platforms in the Medical Industry 4 Best Practice #2 Identify the Benefits of Mobile Devices in Healthcare 6 Best Practice #3 Know the Legal Issues Regarding Patient Privacy and Security 8 Best Practice #4 Avoid the Common Pitfalls of Mobile Device Usage 11 Best Practice #5 Minimize Risk with Administrative, Physical & Technological Strategies and Solutions 12 Conclusions14 Research Sources15 About FreedomPACS™15 2 MN Systems | 29275 Northwestern Highway, Suite 100 | Southfield, MI 48034 | 855-740-1130 | f: 855-740-1120 | [email protected] EXECUTIVE SUMMARY Mobile device usage is on the rise. How should radiology and healthcare facilities respond to this trend? Society has exploded into the mobile age with handheld e-readers, tablet PCs and smartphones. People of all ages and backgrounds are using iPads, Androids, Kindles, Blackberrys and Galaxy Tabs for personal and professional reasons. In fact, mobile subscribers worldwide recently topped 5 billion.1 Mobile Trend on the Rise In Healthcare It isn’t surprising, then, that mobile platforms have also found their way into radiology and healthcare. Consider these recent usage and technology statistics: • Approximately 2 out of 3 doctors 2 now operate a tablet while on the job. • Over 80% of physicians use a mobile device (tablet or smartphone) at work.3 • Usage is popular among radiology residents: 74% own smartphones and 37% own tablets.4 • The Apple App Store features an inventory of nearly 14,000 medical applications for patients and clinicians. • Physicians, nurses and other healthcare professionals incorporate mobile technology into their everyday routine. The convenience and portability of these devices help with communication, workflow, patient engagement and even diagnosis. Privacy and Security Concerns The efficiency of mobile platforms, however, is counterbalanced by various patient privacy and security concerns. Improper usage can trigger costly violations of the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health) laws. In light of these benefits and risks, how should radiology and the broader healthcare industry respond? This white paper addresses 5 best practices for utilizing mobile devices in healthcare and radiology: • Understand the role of mobile platforms in the medical industry. • Identify and harness the benefits of mobile devices. • Know the legal issues regarding patient privacy and security. • Avoid the common pitfalls of mobile device usage. • Minimize risk with administrative, physical and technological strategies and solutions. 1 Applied Radiology 2 American Medical Association 3 American Bar Association 4 American College of Radiology 3 MN Systems | 29275 Northwestern Highway, Suite 100 | Southfield, MI 48034 | 855-740-1130 | f: 855-740-1120 | [email protected] Best Practice #1: Understand the Role of Mobile Platforms in the Medical Industry Medical students, clinicians and patients are harnessing mobile technology in record numbers. By now, to say healthcare is “going mobile” is an understatement. This technology is a popular topic at professional medical conventions, including both the Radiological Society of North America (RSNA) and Healthcare Information and Management Systems Society (HIMSS). Residents and fully trained clinicians use at least one mobile device to learn their trade and carry out their work. Likewise, patient demand for medical apps is skyrocketing. Role in Health Education The role of mobile devices in med school goes way beyond the fact that many students and residents use them in their personal lives. Stanford University, the University of California-Irvine and multiple others have incorporated them into their medical programs. These institutions are embracing mobile technology in response to how professionals are now practicing their trade and with the goal of improved communication among clinicians, staff workers and patients alike. Professional Uses Among other things, physicians, nurses and other health practitioners use these devices to: • View medical images. • Assist in making clinical decisions. • Access electronic health records. • Educate others on medical topics. • Measure and monitor patient vitals. • Respond to emergency situations. • Conduct medical research. • Communicate with coworkers. • Engage patients and track follow-up. • Complete routine office tasks. For instance, referring physicians and radiologists use tablets to transmit medical images and communicate in real time about their findings. The high pixel resolution of tablets can aid radiologists in interpreting those images. Also, a mobile platform can function like a “wireless doctor’s bag” if armed with the right medical apps. They help clinicians measure vitals, make diagnoses, remotely monitor patients or serve as portable, comprehensive health reference guides. 4 MN Systems | 29275 Northwestern Highway, Suite 100 | Southfield, MI 48034 | 855-740-1130 | f: 855-740-1120 | [email protected] Understand the Role of Mobile Platforms in the Medical Industry Patient Uses Of the nearly 14,000 medical apps offered through Apple’s App store, the majority of them are geared toward the public.5 Health insurance companies are even sending out “how-to” guides to members on the benefits of mobile technology. Patients are responding, using them to take a more proactive role in personal health, including: • Tracking fitness goals. • Assessing general medical topics. • Pricing prescriptions and finding generic equivalents. • Monitoring certain conditions and vital signs through apps between visits. • Accessing their electronic health records and even their clinician’s diagnostic notes (when available). • Scheduling appointments and contacting their physician directly about their case. 5 Applied Radiology 5 MN Systems | 29275 Northwestern Highway, Suite 100 | Southfield, MI 48034 | 855-740-1130 | f: 855-740-1120 | [email protected] 2 Best Practice #2: Identify the Benefits of Mobile Devices in Healthcare Between 66 and 83% of doctors use a mobile device at work to improve workflow and offer better overall service to patients.6 As multi-functional tools, mobile platforms are advantageous to radiologists and other healthcare professionals, as well as patients. The benefits of this technology are numerous: saving time, enhancing communication, streamlining workloads, increasing patient engagement and even saving lives in emergencies. Saving Time and Improving Workflow Tablets, for example, save medical employees about 1.2 hours a day,7 reports one recent study. Clinicians have all the necessary information at their fingertips; they don’t have to waste time tracking it down from multiple sources. With mobile devices, health personnel can quickly investigate medications, contact insurance companies, access electronic health records and study medical images. This technology also cuts down the traditional lag time between referring physicians and radiologists. Because mobile devices serve as portable imaging viewers, they literally untie radiologists from traditional workstations, giving them yet another tool with which to efficiently interpret and deliver X-ray, CT, MRI and ultrasound studies. Connecting with Patients Medical professionals credit mobile platforms with increased patient engagement. For instance, during examinations, doctors can easily pull up medical images or research on their tablets to directly illustrate medical concepts, conditions or treatments to patients without ever leaving their side. Using the right safety protocols and permissions, this information can also be quickly shared with patients via mobile devices in-between clinical visits. 6 American Medical Association and American Bar Association 7 American Medical Association 6 MN Systems | 29275 Northwestern Highway, Suite 100 | Southfield, MI 48034 | 855-740-1130 | f: 855-740-1120 | [email protected] 2 Identify the Benefits of Mobile Devices in Healthcare In fact, the quantity of medical apps now on the market is evidence of the growing demand for a personalized, team-oriented approach to healthcare. And, as previously mentioned, patients are just as likely to take the initiative, using mobile technology to play an active role in their own health and well being as never before. Enhanced Service and Response Time Mobile devices allow health practitioners to provide a higher level of service when they’re off-site. Clinicians can receive and respond to real-time vitals and status reports on their patients from virtually anywhere. They can also be instantly notified if a patient’s condition turns critical. For example, when clinicians are waiting on the interpretations of medical images from off-site radiologists, mobile platforms can be lifesavers: decreasing turnaround time by making both referring physicians and radiologists more accessible. Furthermore, because certain medical apps can function like traditional medical monitoring devices, health personnel can offer even more care in emergency situations. 7 MN Systems | 29275 Northwestern Highway, Suite 100 | Southfield, MI 48034 | 855-740-1130 | f: 855-740-1120 | [email protected] 3 Best Practice #3: Know the Legal Issues Regarding Patient Privacy and Security In light of increased enforcement of HITECH and HIPAA policies, secure mobile device usage is a growing concern for healthcare providers and facilities. With the universalization of electronic health records looming by 2015, enforcement of patient privacy and security laws is at an all-time high. Improper mobile device usage in a healthcare setting can trigger expensive violations of those laws, specifically the regulations outlined under the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act. HIPAA and HITECH Overview On Aug. 21, 1996, HIPAA standardized national privacy and security requirements concerning patient health records. This legislation gave individuals increased access to their personal medical information and more influence over how that information is shared and used among insurers, health personnel, medical facilities and the like. Nothing in the federal law, however, prevents states from giving patients more rights and safeguards than those outlined under HIPAA. The goal of HITECH, enacted on Feb. 17, 2009, is to make all medical records electronic by 2015. Until that time, incentives are available to health entities that adopt this electronic format and the necessary technology to develop and sustain it. After 2015, those same entities face penalties for non-compliance. Consequently, electronic health information creates new privacy and security concerns. As a result, HITECH extends the scope of HIPAA in terms of stricter disclosure, notification and safety provisions 8 to minimize, prevent and handle any breaches of protected health information (PHI). These provisions even extend beyond the medical industry to certain parties who handle, store or transmit electronic PHI. 8 U.S. Department of Health & Human Services 8 MN Systems | 29275 Northwestern Highway, Suite 100 | Southfield, MI 48034 | 855-740-1130 | f: 855-740-1120 | [email protected] 3 Know the Legal Issues Regarding Patient Privacy and Security Mobile Platform Considerations Smartphone and tablet usage need to be in compliance with these two laws, especially the HIPAA Security Rule. This rule permits PHI to be shared electronically, but also “requires appropriate administrative, physical and technical safeguards” to be in place before doing so. Because a mobile device can record transmitted data in its memory or SIM card, PHI shared in this manner is vulnerable. PHI can be at risk because smartphones and tablets are compact and portable.9 Although the portability and size are benefits, these two features also make it easier for: • Health professionals to use personal mobile devices, instead of professional ones to share PHI. Personal devices are often not equipped with sufficient security safeguards, including passcodes and encryption, and can easily be used on unprotected public wireless networks. • Mobile devices to be stolen, used by the wrong party or lost. Smartphones and tablets in healthcare usage need to be in compliance with the HIPAA Security Rule. 9 American Bar Association 9 MN Systems | 29275 Northwestern Highway, Suite 100 | Southfield, MI 48034 | 855-740-1130 | f: 855-740-1120 | [email protected] Who Regulates Mobile Device Usage in Healthcare? HIPAA and HITECH aren’t the only acronyms the medical industry needs to be aware of regarding mobile device usage. Five federal agencies each have a role in ensuring that when this technology is employed in a healthcare setting, all parties involved—developers, transmitters, medical institutions and professionals—are playing by the rules. Federal Communications Commission (FCC) – Devices and systems based on radio-frequency fall under this agency’s jurisdiction. The FCC oversees certain technological aspects of mobile platforms and their carrier networks. Federal Trade Commission (FTC) – This agency prohibits developers and distributors of mobile technology from withholding significant information or falsely marketing devices and apps to the medical industry and the public alike. Food and Drug Administration (FDA) – Because the FDA is “responsible for protecting the public health,” mobile devices used for medical diagnostic purposes fall under its authority. This agency regulates these platforms both in terms of safety and effectiveness. National Institute of Standards and Technology (NIST) – Although non-regulatory, NIST helps establish guidelines for the secure use of technology, including computers and mobile devices. Many industries voluntarily adopt these guidelines as minimum standards, best practices and benchmarks. Office of Civil Rights (OCR) – As part of the U.S. Department of Health and Human Services, this agency ensures that the healthcare industry complies with HIPAA. Like computers, mobile platforms must be used in such a way that sensitive health information remains protected and private. Source: Health IT Exchange’s “The ABCs of Federal Regulation for Mobile Devices in Healthcare” 10 MN Systems | 29275 Northwestern Highway, Suite 100 | Southfield, MI 48034 | 855-740-1130 | f: 855-740-1120 | [email protected] 4 Best Practice #4: Avoid the Common Pitfalls of Mobile Device Usage In addition to legal considerations, healthcare facilities and professionals need to ensure that their technical infrastructure, IT support, development and internal policies are mobile-specific. Although privacy and security of protected health information should be the top two concerns of the medical industry, mobile device usage also raises other practical concerns. These involve defining or expanding internal policies, technical resources and task capabilities. In-House Mobile Policies Apparently, although usage on the job is high, only 38% of the participants in a HIMSS survey reported that their employer had implemented a sufficient mobile strategy.10 To counteract this situation, an in-house policy needs to address mobile technology specifically and meet the following objectives: 1. Adhere to HIPAA’s “administrative safeguards,” ensuring the integrity of protected health information (detailed in the next section). 2. Be available to all employees and necessary third parties (business associates, vendors, etc.) 3. Dedicate resources to stay on top of emerging developments in mobile technology, including new medical apps and devices. 4. Ensure that there are adequate technical resources in place (support and connectivity) to provide optimal mobile platform usage. Technical Considerations Legal considerations and insufficient internal policies may pose challenges; however, the lack of technical staff was the number one reason cited in another HIMSS study.11 As with any technology used in a professional setting, medical facilities and organizations need sufficent IT professionals to oversee the facility’s technology tools and wireless network capacity in terms of number of users, safety and productivity. Task Suitability When legal, employer and technical issues are resolved, healthcare professionals need to ensure that the device is suited to the task at hand. If the computer is the best medium for efficiency or workflow, then the accessibility of the mobile device may be secondary. 10 Applied Radiology 11 American Medical Association 11 MN Systems | 29275 Northwestern Highway, Suite 100 | Southfield, MI 48034 | 855-740-1130 | f: 855-740-1120 | [email protected] 5 Best Practice #5: Minimize Risk with Administrative, Physical and Technological Strategies and Solutions To ensure that mobile platform usage does not infringe on patient privacy and security rights, HIPAA requires “appropriate administrative, physical and technical safeguards” to be implemented. With the rise of mobile device usage and legal enforcement of patient privacy regulations, the risk of violations is increasing. Radiology and the wider healthcare industry need to adopt the recommended safeguards outlined under the HIPAA Security Rule to mitigate that risk. Administrative Safeguards The law defines safeguards as strategies that “provide management, accountability and oversight structure,”12 including: • Addressing the issue of personal mobile devices in the workplace. • Periodically training new and existing staff on safe mobile platform use and educating them about HIPAA requirements, consequences, updates and best practices. • Instituting a secure technical environment for mobile devices. • Carrying out regular audits to ensure compliance with legal requirements and employer policies. Technical and Physical Safeguards Technical safeguards refer to solutions that protect against unauthorized use—whether intentional or unintentional—of mobile platforms. These include installing passcodes or firewalls, encrypting protected health information (PHI) and other sensitive data and deleting such data after each use. Technical safeguard best practices are: • Staying on top of security software updates. • Avoiding file sharing applications and open Wi-Fi networks. • Researching new medical apps and downloads carefully before installation. • Employing encrypted networks and data storage with redundant back-ups off-site. 12 U.S. Department of Health & Human Services 12 MN Systems | 29275 Northwestern Highway, Suite 100 | Southfield, MI 48034 | 855-740-1130 | f: 855-740-1120 | [email protected] 5 Minimize Risk with Administrative, Physical and Technological Strategies and Solutions For example, one solution is to utilize cloud technology for the retrieval and storage of patient records—including radiology studies. The off-site, daily data backup benefits of the cloud (encrypted for privacy) help fulfill HIPAA security criteria while allowing clinicians to efficiently exchange PHI from mobile devices to improve workflow. Physical safeguards mainly refer to protections against loss and theft. Between 2009 and 2011, the federal government reported that the health information of 1.9 million individuals was compromised due to stolen or misplaced mobile platforms.13 Physical safeguards include: • Maintaining a list of all devices used by clinicians and other staff to exchange private medical data. • Securely storing these platforms when not in use. • Installing remote wiping and location technology tools in case of loss or theft. Employ encrypted networks and data storage with redundant back-ups off-site. 13 U.S. Department of Health & Human Services as accessed from the American Bar Association 13 MN Systems | 29275 Northwestern Highway, Suite 100 | Southfield, MI 48034 | 855-740-1130 | f: 855-740-1120 | [email protected] CONCLUSIONS Implementing best practices on mobile device usage enables radiology and the wider healthcare industry to enhance patient care without sacrificing patient privacy. Balanced Approach The growing trend of mobile device usage among radiologists, healthcare professionals and patients presents many benefits and challenges. In light of the current legal and technological environment, healthcare facilities can be best served by taking a discerning, balanced approach. Mobile-specific internal policies, protocol and IT support need to be instituted that reduce the likelihood of HIPAA and HITECH privacy and security violations; however, it is key that these policies continue to enable the documented advantages of mobile technology, including saving time, improving workflow and communication, enhancing service and increasing patient engagement. In Review: Best Practices for Using Mobile Devices Medical professionals in radiology and throughout the healthcare industry can have both security and efficiency by adopting the five best practices for mobile platform usage: • Best Practice #1: Understand the Role of Mobile Platforms in the Medical Industry • Best Practice #2: Identify the Benefits of Mobile Devices in Healthcare • Best Practice #3: Know the Legal Issues Regarding Patient Privacy and Security • Best Practice #4: Avoid the Common Pitfalls of Mobile Device Usage • Best Practice #5: Minimize Risk with Administrative, Physical and Technological Strategies and Solutions Implementation Steps Following three steps will put medical facilities, professionals and healthcare providers on the right track for implementing safeguards as outlined under federal law. 1. Examine current technical resources and data protection strategies. 2. Stay informed of trends, regulations and legal developments, like the HIPAA final omnibus rule. 3. Adapt internal policies in response to mobile platform and technology trends. This will ensure that all can harness the benefits of mobile platforms while simultaneously avoiding the potential security pitfalls of this technology. 14 MN Systems | 29275 Northwestern Highway, Suite 100 | Southfield, MI 48034 | 855-740-1130 | f: 855-740-1120 | [email protected] Research Sources The content for this white paper was obtained from the following: 1. 2. 3. 4. 5. 6. 7. 8. 9. American Bar Association American Medical Association Applied Radiology Becker’s Hospital Review Health IT Exchange National Institute of Standards and Technology Radiology Today Magazine Radiological Society of North America U.S. Department of Health & Human Services About FreedomPACS™ FreedomPACS™ – a medical picture archiving and communication system (PACS) that provides convenient access and archiving of radiology images from multiple modalities. Using cloud or server technology, FreedomPACS incorporates DICOM standards and is accessible on both PCs, Macs, and mobile platforms. FreedomPACS Cloud™ – offers secure, HIPAA-compliant off-site storage for radiology images. Available with or without a PACS system, this affordably priced resource harnesses the protection and efficiency of the cloud. It provides instant access and an optional cross-platform diagnostic viewer. FreedomPACS is owned by MN Systems, a medical software development company, based in Southfield, Michigan, formed from a joint venture between ALZ, Inc. and the Michigan Head and Spine Institute (MSHI). The company provides practical, cost-effective software solutions for the healthcare industry. PACS To learn more about these and other leading-edge medical software solutions, contact FreedomPACS at 855-740-1130, [email protected] or www.freedompacs.net. 15 MN Systems | 29275 Northwestern Highway, Suite 100 | Southfield, MI 48034 | 855-740-1130 | f: 855-740-1120 | [email protected] Enhance Patient Services Without Sacrificing Patient Privacy FreedomPACS™ by MN Systems 29275 Northwestern Highway, Suite 100 Southfield, Michigan 48034 Phone: 855-740-1130 Fax: 855-740-1120 Email: [email protected] Website: http://www.freedompacs.net/ Facebook: https://www.facebook.com/freedompacs Twitter: https://twitter.com/freedompacs © 2013 by MN Systems (Owner of FreedomPACS™) This white paper is for informational purposes only and represents the opinion of MN Systems based on the sources provided. The company retains all rights to the white paper, which is accurate as of the publication date, March 2013. Duplication, in whole or in part, via any medium is prohibited with the prior permission of MN Systems. 16 MN Systems | 29275 Northwestern Highway, Suite 100 | Southfield, MI 48034 | 855-740-1130 | f: 855-740-1120 | [email protected]
© Copyright 2026 Paperzz