There have been a few recent and public events involving security breaches of electronic medical records (EMR) and other patient data in hospitals. The unfortunate event in Tucson, Arizona where a Congresswoman was shot, led to the firing of three curious clinical support staff members for improperly accessing EMR at the University Medical Center where the Congresswoman was being treated. In Iowa, five total hospital employees were disciplined (three fired) for violating federal law by viewing the electronic medical records of hospitalized University of Iowa Hawkeye football players.
Beyond curiosity, one would think that people want to access electronic medical records information from newsworthy people and events to try and sell the stories to the media who obviously would pay large sums of money to be the first to break the story about something like Michael Jackson’s medical past. But, then I wonder why a Las Vegas man, would go through the trouble of organizing a patient records scheme where he used private hospital files to solicit business and clients for a personal injury attorney.
I began to think about the possible issues stemming from physicians rapidly adopting mHealth applications on mobile devices such as iPads, Android devices, Blackberries, and others. I posed the question on a Center for Democracy and Technology forum about Health 2.0 and HIPAA, as I thought about physicians moving around a medical facility with mobile devices in hand containing lots of private patient medical information.
Barry Chaiken, MD, former chair of HIMSS and chief medical officer for Imprivata, shared 5 Key Considerations for Hospitals to Ensure Mobile Devices Security in Becker’s Hospital Review.
Here they are:
- Keep data in a cloud: Perhaps none of the electronic medical records should be saved on the actual devices, because of their portability.
- Get creative with passwords: More sophisticated authentication is evolving, so its necessary to have a unique password.
- Limit how devices are utilized: Hospitals and medical centers should configure access so that the hospitals control what is seen and accessed through a cloud.
- The ultimate goal should be zero breaches: Hospitals are at risk for losing not only patients, but also lots of money in remedying security breaches.
- Keep up with trends in technology: Hospitals should stay updated on the latest trends in technology and security applications for electronic medical records.
Outlining preventative steps such as Dr. Chaiken’s will help reduce the risk of security breaches as the mHealth market continues to grow, and physicians adopt mobile devices as a convenient way to help deliver efficient and accurate patient care.