In a recent report from Spyglass Consulting, it is not just doctors who are signing up to medical BYOD schemes; nurses too are now registering and 69% of those polled said they bring their own mobile device to work with them.
Mobile devices are not permitted to be used for all work activities, as the vast majority of healthcare providers operate strict measures regarding over what the devices can be used for. One of their main uses is for organizing staff timetables and maintaining calendars, with more than half of healthcare workers using their devices for this purpose in addition to checking email according to healthcare mobile phone usage research carried out by Absolute Software. 36% said they were using the devices to access PHI.
For PHI to be accessed without leading to a HIPAA violation, additional security controls must be put in place to secure the data being sent. Mobile phones are not secure, can easily be lost or stolen and the messages they broadcast can be intercepted. Secure texting solutions exist, and these must be used for communicating any PHI via SMS message. E-mail encryption is also needed along with other device controls such as password protection.
Ultimately it is the patient that prospers from the use of Smartphones and other mobile devices in a healthcare location. They permit much faster accessing of information, which can be obtained without leaving the patient’s location. The patient can become more involved in their own healthcare and the potential for co-ordination of care services are considerable, improving efficiency while pushing down operational costs.
What’s more, the workers are calling for their employers to use the devices. Rather than work against employees – many of whom will ignore hospital rules and use their mobile devices anyway – it is better to start developing a BYOD policy. If the staff are comfortable and content, the workplace becomes a more productive environment.
Smartphones and tablets can be used for an increasing variety of functions, such as entering or retrieving data from EHRs, accessing reference material, viewing clinical information, test results and radiology reports. Orders can be processed via the devices, prescriptions sent to pharmacies and information accessed from anywhere in a medical center.
However, if care is not taken implementing BYOD schemes, heavy financial sanctions await. The Office for Civil Rights and other regulatory bodies can fine organizations that breach HIPAA Privacy and Security Rules. Controls must therefore be put in place to prevent accidental disclosure of PHI and ensure it is adequately protected from external threats.
