Physicians must heighten mobile security

Physician groups must heighten mobile security

More than two years ago, the Food and Drug Administration granted 510(k) approval of the first mobile application for viewing images and making medical diagnoses. This application opened the floodgates on the physician market for mobile technology. With a proliferation of new devices coming out, manufacturers are seeing a need in the medical space and improving the operating systems and resolutions of the newer devices.

The utilization of mobile technologies holds a great deal of potential for radiology practices, as one example. Radiologists can make decisions timelier than ever because they are no longer tied to desks or workstations -- and they have the flexibility to work whenever and wherever they want instead of being restricted to traditional hours of operation.

As well, medical students are routinely leveraging mobile applications for educational purposes. Their familiarity and comfort level with these applications and associated mobile devices will become a key factor in attracting and retaining top-level talent. Many new physicians coming right out of school or in residency programs have used those devices as a critical component of their teaching and learning, and they are going to want that to continue as they go into practice.

Physician groups considering mobile technologies need an implementation strategy, not only to make the best use of capital, but also to avoid running afoul of privacy regulations. If protected by a tight security policy that is well understood by all parties, investments in mobile technologies will be worthwhile for progressive groups.

It is helpful for the physicians to have something in their hands that they can take with them in their daily routine. More helpful, however, is tying that in with referring physicians’ systems, creating a better and more collaborative relationship with them. There are key components physicians and practice leaders need to understand to determine what will be the right solution given the size and scope of their practice – which will not be the same for every physician group.

Mobile capabilities with added security
Security must be a primary factor since the one consistent concern of all stakeholders is protection of information and privacy. Not all mobile technologies are created equal, and if a group is pursuing the mobile market, it is important to take precaution. For instance, some physicians prefer reports on iPads and Android devices, and practices may have the capability to send them to those devices -- but they must ensure protection of the data and care with email encryption, as examples.

These issues will only intensify as physician practices seek to join accountable care organizations or participate in bundled payment programs. Even practices with robust IT departments may find themselves unprepared to meet evolving security needs. With the implementation of HIPAA 5010 codesets, these issues will continue be a disruption, especially as new payment and delivery models come into play.

Practices need to heavily consider the security of their information as well its timeliness and accessibility through mobile solutions. As an example, many physicians want to use their own personal devices for business and diagnostic purposes. This freedom, while liberating, also raises matters of security and practicality. To avoid security risks practices can and should create more segmentation between personal and business use.

Security and hardware capabilities on older personal mobile devices may also be a concern. For instance, radiologists cannot work on early generation mobile devices. The later, greater iterations are more geared to diagnostic work because tablet vendors are being pushed by the healthcare industry for increased security and screen resolution.

The operating system in use on a device can also make a difference. Case in point: Apple’s mobile operating systems have undergone significant upgrades in the security department -- later versions of iOS include enhanced AES encryption, and the 4G cellular connection it affords is much more conducive to downloading large files with ease. Other factors might include the use of a smart password versus a four-digit number to unlock your device, which provides an added level of protection in case the device is lost or stolen. The nuances associated with device security, typically not laid out in black and white, are not always easy for physicians to understand and, by the same token, the mobile device industry does not provide clear and concise guidance.

It should be noted that centralized management solves a lot of security concerns as well. Practices can take smart cues from some hospitals, which acquire the devices themselves rather than entrusting staff members to use their own. Hospitals that use tablet devices to facilitate workflow in their facilities buy them for specific physician workflow uses. There is no ambiguity about who controls the device, and if there is a breach, they have the ability to wipe the compromised device remotely. If someone is coming in with his or her own personal device, on the other hand, that individual may not be willing to relinquish that level of control to a central governance body such as the local IT or compliance organization.

Finally, many mobile applications are now supported by cloud-based solutions for storage, and there are new vendors entering the cloud space every day. These solutions can provide great value to practices, but selection of them should be approached with caution. A practice should conduct due diligence before trusting its patients’ data out in a cloud-based environment.

For these reasons, physician groups should begin familiarizing themselves now with the security implications of mobile workflow or risk losing a valuable competitive edge. Physicians need to be clear on what is acceptable in the eyes of rule-making agencies such as the Department of Health & Human Services, understanding both the potential of this technology and the implications of not doing it right. With better screen resolution on tablets, the industry will see a lot more apps geared toward diagnostic capabilities in the future; mobile is here to stay.

Anthony Brown, CCP, is the director of information technology with Medical Management Professionals, Inc. (MMP).