Breakout Session 11-12 Monday: The Role of Patient Privacy & Security Innovations

Kenneth A. Kleinberg, Managing Director, Research & Insights

Ed Ricks (Beauford Memorial Hospital)

There’s always a question of the tipping point, and with EMR, we’ve reached this point. Mobile health is transitioning from an optional thing to integrated and mandatory. With new technologies, the applications and the promise lead, and the management lags, and I think in this space it’s true.

5 categories of mobile health use:

  • Access/interaction (putting the ‘use’ in Meaningful Use)
  • Unified communications (key enabler of care coordination)
  • Telehealth for extending reach
  • Social networking
  • Mobile health applications

If you think about the kinds of technologies that we expected but it’s taken a very long time (like speech technology), there are other areas of tech that have crept up (like location). The idea that tech could tell you the closest ER, and indoor maps based on the GPS can help with many experiential challenges.

You have to match these tremendous mobility changes within the context of security and manageability.

Layers of Mobile Security:

  • Application: protection with passwords, encryption, tokens. Should certain apps require multi-factor?
  • Desktop and Server: remote and virtual desktop protections.
  • Wireless/transport: Security in proprietary network, channel switching, rogue app protection, and firewalls
  • Mobile Device Management: Protection with virtualization/sandbox/container. Remote device wipe, and jailbreak/rooting detection. Certificates.
  • OS: Strong passwords, storage level encryption, and time-outs.
  • Device: bio-metric reader/camera. Storage card, USB and other connectors, and Proximity Detection.

You can have all these layers of security, but if one goes wrong, it can make the whole thing crumble.

What’s in your mobility Toolbox?

  • Mobile app development tools
  • Policy management and dissemination aids
  • Training tools
  • VPN
  • Mobile device management
  • Mobile application management and app stores
  • Mobile application testing and certification
  • Desktop/laptop network access and management system
  • IS help desk system (including remote and self-support)
  • Breach communications tools and templates

Biggest Issues with Mobile Medical Devices

Medical devices are increasing mobile, connected, software-enabled, and consumer-operated, which makes them much more vulnerable to technical problems, malware problems, integration challenges, and manageability, and security.

“wicked Problems” a term referring to when requirements are incomplete, contradictory, or changing; symptoms are difficult to recognize: problems are interdependent.

Ed Ricks

R UR DOCS TXTING?

One business challenge we’ve solved with mobile: Clinicians and physicians texting.

Top objectives for investing in Clinical mobility

58% Improving quality of care

50% Increasing staff efficiency/ productivity

The average discharge is delayed 100 min. due to the inability to communicate effectively across workers. Helping technology enable us to communicate better.

72% of hospitals have a no-texting policy

83% of physicians have a smartphone

42% text from their devices

BYOD demands caused concerns about unsecured texting

FINDING SOLUTIONS:

Reputable brand, existing customer

HIPAA Compliant (end-to-end encryption, auditing, message confirmations)

100% reliable

So, they created a secure texting application, and tried it.

Use case: Cardiology

Patient comes into ED, activated Cath lab, Alert the STEMI team to prep for cardiologist

Use Case: Radiology

Alert attending physicians that report is available, sending texts and pictures, alert radiologist that patient is ready.

Use Case: Anesthesiology

Current medications, day of surgery labs, current EKG picture, updates for case readiness- patient throughput.

Use Case: Hospitalists

Communicate with referring providers & hospitalist team members, see whether recipients opened the messages, alert charge nurse prior to arrival on unit.

People will do the right thing if we make it easy enough for them.

Instead of saying you can’t do something, we found a way to allow them to text securely. It’s about connecting policy and technology.

“Finally doing something for me, instead of to me”

I think the next wave is patient engagement through patient portals or applications.