Electronic medical records (EMRs) have become standard practice in medicine, making it easier to access patient records anywhere at any time and opening new sales possibilities for solution providers looking to penetrate the healthcare market. All medical records are going digital, which means that healthcare providers need strategies and support for secure wireless data access.
Adoption of EMRs offers new capabilities for medical practice today, such as simplifying collaboration by sharing EMRs, streamlining health insurance claims and ensuring that a consistent record of care is maintained for patients. EMRs also have created new ways for doctors and nurses to access patient data during treatment or from anywhere they have data access. As a result, more hospitals are using handheld tablets and mobile computing devices to support patient care, and more healthcare professionals are insisting on having patient data access from their personal smartphones and mobile hardware.
Bring Your Own Device (BYOD) adoption has been slow in healthcare, largely because of security concerns. The Health Insurance Portability and Accountability Act (HIPAA) imposes stiff penalties for failure to properly secure patient records, so healthcare providers are exercising caution around supporting BYOD. However, research from Philips shows that three-quarters of healthcare organizations now support smartphones, two-thirds support tablets and more than half (51 percent) have some kind of BYOD policy in place. Furthermore, 68 percent of healthcare organizations plan to fully support BYOD within the next 12 months. The top five drivers cited for BYOD adoption in healthcare are:
- Easier communication among team members (68 percent)
- Savings in time with regard to workflow (46 percent)
- Cost savings (40 percent)
- Direct response to physician demand (38 percent)
- Easier access to patient information (35 percent)
So what’s the best way for health IT professionals to provide secure, portable access to EMRs and other medical data? Is it by issuing specialized portable telemedicine hardware, enabling BYOD or adopting some other mobile data access strategy?
First Step: Secure Your Mobile Environment
Of course, no matter how you choose to support mobile access digital records, you have to start with a secure mobile environment. Data has to be readily accessible, both within the healthcare facility and remotely, but it has to be safe and secure for HIPAA compliance.
Where and how patient information is stored is a big part of data security. While some healthcare operations prefer on-premises data storage, more organizations are recognizing that adopting a purpose-built cloud can offer superior security and versatility. Cloud data storage has the advantages of offering hardened security, extensibility and access from anywhere.
Because the wireless network infrastructure has to support data access from anywhere, steps need to be taken to ensure the security of the actual records. No matter how strong the device authentication and hardware security, there is always a concern about losing control of the actual data. Specific mobile medical applications may have built-in security, but there are always risks to patient records. For example, Siva Subramanian, senior vice president of mobile products for Zynx Health, sees texting as the real threat to patient data. Texting is an often overlooked source of data vulnerability, because it requires no log-in or credentials, and texts are often sent to the wrong party.
For on-premises data access, a secure wireless environment is needed. The wireless network has to have strong security to protect both servers and data storage, as well as secure wireless access. This is going to require strong authentication protocols to eliminate unauthorized network access. It’s also going to call for data encryption, so even if data is intercepted, it will be unreadable.
Next Step: Securing Mobile Devices
Once you have a secure infrastructure in place that supports secure mobile access to EMRs, the next step is to secure handheld devices. Even with a secure environment, losing an unsecured smartphone or tablet can be disastrous.
For optimal control, healthcare organizations can provide their own handheld devices, equipped with custom software and security applications. Application-specific hardware can be provisioned exclusively for use within the hospital or clinic environment and remain on site, which would provide optimal control and security. Of course, it also means that the IT department is responsible for keeping track of handheld devices and maintaining software and firmware updates.
However, as noted earlier, more medical professionals are demanding to use their own devices to access records and data, and BYOD provisioning creates its own headaches. Without the right controls, policies and procedures in place, it’s easy to lose track of who has access to the network and what devices they are using.
The best way to impose control over any handheld device is with a mobile device management (MDM) solution. Every authorized device should be equipped with MDM software that enforces security policies, authentication and encryption and that provides remote access and control of devices. For example, if a device is lost or stolen, the MDM software can disable it or erase the system remotely. There will be those professionals, especially physicians, who may complain that forcing them to use MDM software is an invasion of privacy, but that has to be the price of security and regulatory compliance.
So how can solution providers support mobile computing for medicine? In addition to the obvious requirements for a secure wireless infrastructure and MDM, there’s also an ongoing need for support. Part of the rationale for medicine going mobile is to provide 24-hour access to care-critical data. Someone has to be on call to make sure that systems remain accessible and secure. There are innumerable ways that solution providers can prove themselves to be invaluable to healthcare providers. It’s all a matter of working more closely with healthcare customers to understand their telemedicine needs.