The executive summary of the HIMSS Mobile Technology Survey report had a somewhat alarming statistic -- only 38% of respondents noted that they have a mobile technology policy in place that regulates use of mobile devices and outlines the organization's mobile strategy. I'm not so surprised, because it is a bit of déjà vu with social media policies. But, this does bring up the need for more attention by healthcare leaders to mobile governance.
While use and strategy are important, an organization's policy should also address data security and safeguards to minimize the risk of breaches and the release of PHI. A recent study from CompTIA revealed that one-third of healthcare providers are already using mobile devices to access EHRs (and the PHI contained within). And, not too surprisingly, another survey found that medical residents are more like than established doctors to use smartphones for clinical purposes.
The result is an environment ripe for unintentional consequences. I addressed some mHealth governance and policy considerations in a previous post on tablets and revisit them here, as well.
- Explore the availability of mobile technologies in their environment (and ecosystem) to identify any risks.
- Determine whether the risks can be managed -- allowing patients, employees, providers and others to realize the value and benefits offered by application of the new technology.
- Balance usability, preferences, security, & budgetary concerns
- Explore mobile security and mitigation considerations then develop and clearly communicate the organization's policies. (specific policy considerations are detailed in the full post)
Beyond EHRs and other data systems, more and more doctors are engaging with patients through social media platforms - which are hard to separate from mobile devices. And, any healthcare professional can easily use apps to upload PHI - think DropBox! This points to the importance of including social media considerations in your review of mobile technologies. It is also another friendly reminder for those of you who haven't already created your organization's social media policy; to do so.
Christina, thanks for this good set of recommendations. I'm writing an article about IT and patient engagement, and you've addressed a side we hadn't yet considered. so much change, so fast!
Posted by: Jane Sherwin | February 13, 2012 at 06:32 AM
Your welcome, Jane! It isn't addressed enough, but risk never really is because it isn't the pretty side. However, crazy administrators like me don't mind tackling risk head-on.
Posted by: Christina | February 13, 2012 at 08:44 AM