The July/August issue of Government Health IT had an article about tablets making their way into healthcare workplaces and it suggests that we respond by harnessing these assets - cautiously. The article highlights the first tablet app cleared by the FDA allows physicians using the device to view medical images and make diagnoses based on computer tomography, magnetic resonance imaging and nuclear medicine technology, such as positron emission tomography. It has safety features that mitigate the risk of poor image display due to improper screen luminance or lighting conditions.
The recent proposed guidance on Mobile Health Apps issued by the FDA is likely to result in new applications and approvals. So, we can expect to see more and more of approved smartphone and tablet apps -- and increasing numbers of physicians and other clinicians who want to apply them to their patient care practices.
Effective leaders will explore the availability of these new technologies in their healthcare organization's environment (and ecosystem) to identify any risks. But, they will also determine whether the risks can be managed -- allowing patients and providers to realize the value and benefits offered by application of the new technology.
I've collected a few ideas on minimizing the potential risk and invite you to share your suggestions, as well. Effective healthcare leaders will explore mobile security and mitigation considerations including:
- Balance usability, preferences, security, & budgetary concerns
- Register personal devices used in workplace by those with a legitimate business use
- Agree to report if lost or stolen
- Agree to allow remote erase
- Agree to use in accordance Policies
- Require Device Access Password
- Require that No Patient Data be Stored on the device!!
- Central reconciliation of device usage (billing, monitoring, etc.)
- Capabilities for disabling or wiping devices clean (loss or theft)
- Remotely lock devices or change passwords
- Remotely configure/deploy applications globally (rather than one device at a time
- Flexible security configurations – settings changed on an individual basis from a central management dashboard
- Built-in encryption of all communication streams to prevent data leakage during configuration and deployment processed
- Only permit password protected thumb drives and check-out or account for all with any PHI