Wireless wonders

Smartphones are here to stay. They have already revolutionised the way many healthcare workers carry out their jobs—but are hospitals keeping pace with the attendant risks? HRMR investigates.

Most healthcare providers have accepted the inevitable march of technology that means smartphones are now commonly used by staff for their work. In many ways this is a great leap forward, bringing with it a host of functions that help to streamline working processes.

“Smartphones, as the name suggests, are ‘smart’,” says Dr Preetinder Gill, author of Distraction: an assessment of smart phone usage in health care settings, a report on the subject published by Dove Press.
“They can be indispensable work assistants. They provide seamless and quick access to vast amounts of knowledge via the Internet. Healthcare providers can consult each other easily using smartphones. There are many apps available which can assist in diagnosis of conditions; other apps help patients to follow their medical regimens.”

In institutions that operate a bring your own device (BYOD) policy, smartphones and other mobile devices may be used to access patient records. The bad news is that, despite widespread efforts to become HIPAA-compliant, hospitals still have a long way to go in terms of ensuring that the data accessed on smartphones remains secure.

LIKE WILDFIRE
A survey by Cisco Concierge found that while 89 percent of healthcare workers use their personal smartphones for work purposes, 41 percent of these workers do not secure their device with a password, 53 percent reported accessing unsecured wi-fi networks and 48 percent had not disabled their Bluetooth discoverable mode, or did not know if their device was discoverable.

“Smartphone usage is like wildfire—there isn’t an institution I walk into every day where it is not a topic of conversation,” says Mick Coady, a principal in PwC’s National Privacy and Security Practice.

He says that healthcare providers must balance the desire to work flexibly with the need to create an environment secure enough to protect sensitive patient data. To date, only 46 percent of hospitals have a security strategy regulating the use of mobile devices.

Coady adds that healthcare institutions are still a long way behind the financial and retail worlds in terms of ensuring that data accessed on mobile devices remains secure.

“Financial and retail institutions have probably had governance-based solutions around access for five to eight years, yet less than 7 percent of healthcare providers in the US actually have a centralised identity system. It sounds so rudimentary but unfortunately they’re a decade or more behind technologically.

“There is either too much privilege granted, the wrong access granted, or you get situations such as a staff member moving from oncology to cardiology or the ICU and their accesses following them wherever they go. If they’ve been at the institution for several years, they get quite a lot of access to a lot of different pieces of information. It comes down to asking the question of who has access to what, and right now inside a healthcare institution it’s a lot harder to get to that answer.”

Coady believes that hospitals in the US will to have to transform their approach to data security and mobile devices over the next few years in order to get up to speed with the financial and retail worlds, and in order to comply with government regulations. However, he warns that a kneejerk response can be counterproductive.
“A lot of institutions have an issue, hit the panic button and go and encrypt 30 to 40,000 devices. Maybe half those devices don’t have any medical info on them at all. If you can’t answer who has access to what then you’re sometimes going to be spending money and putting a solution on a device that may not be necessary.”

DETAILED STRATEGY
In an environment of rapid technological advances, a clear and detailed wireless strategy is essential to protect against data breaches, says Eric Abbott, systems director of product management for telecommunications company ExteNet.

“If you don’t have a strategy with respect to wireless services it begs the question: how can you effectively meet your mission statement?” he says. “The absence of a strategy increases the risk to the healthcare organization because you might implement different technologies or processes that don’t align with the mission or, even worse, introduce unnecessary risk.”

Abbott believes that the mission statement is the best starting point for a wireless strategy, after which it is important to assess your stakeholders and how wireless technology can enhance operations without adding risk. Questions to be asked include: what devices do my clinicians and nurses use? Do all of them have equal perceptions of using wireless? Do they have any concerns? Do they understand the difference between organizational use versus personal use of these devices?

“You also need to look at what happens when the physicians go home at the end of the day,” says Abbott. “Do you want to allow them access to the healthcare enterprise and if so, how? Increasingly physicians using tablet computers and smartphones might not be at home when they get a call, so understanding how you can integrate those devices into your network so that the transactions are secure is important.”

As well as issues to do with data security, there are other potential hazards associated with smartphone usage in hospitals. “Distraction is the main one,” says Gill. “Imagine a healthcare provider who is checking her/his Facebook page on her/his smartphone while trying to help you. This could lead to procedural failure, clinical error, misdiagnosis—the list can go on. Within healthcare teams excessive usage of a smartphone by one team member can be offensive and/or disrespectful to other members. This can not only increase handover risks but also worsen interprofessional relations.”

Gill sees the issue of patient privacy as extending beyond data protection to the use of smartphones to record voice, images and video. “A well-meaning recording by a healthcare professional could easily constitute a breach of regulations,” he says. “In addition, a phone is one of most germ-prone objects we carry. Numerous studies have shown that mobile devices/phones are prone to high levels of microbial infection.”

The bottom line is that advances in technology have outstripped hospitals’ ability to put adequate procedures and safeguards in place. How the situation pans out remains to be seen, but Abbott believes that despite the complexities surrounding the adoption of wi-fi technologies, the benefits to healthcare are immense.

“Where we’re headed is basically personalized patient-centered care where the physician knows almost instantaneously if something’s happening, and it’s all done via wireless because people aren’t tethered to a specific building or machine,” he says. 

Gill’s recommendations regarding the use of smartphones

FOR DATA SECURITY:
1. Set up required security patches and permission to access company networks/intranets on personal devices.
2. Limit high-risk share interfaces such as Bluetooth and Infrared; promote use of technologies such as data encryption and virtual private network (VPN).
3. Generate security alerts/warning messages if a compromized or unauthorized device is used on the network.
4. Have automatic web filters for certain websites.

WORKPLACE SMARTPHONE POLICIES SHOULD INCLUDE:
1. Primary focus on patient care;
2. Safe and hygienic use;
3. Legal compliance;
4. Data security and access control;
5. Improved patient privacy;
6. The promotion of effective and efficient communication; and 
7. Smartphone use/don’t use zones.