mHealth industry 'in learning mode' for privacy and security

By Mike Miliard
11:41 AM

It's no wonder that physicians and clinicians have taken to mobile devices in a big way. The convenience of having near-limitless knowledge, from medical journals to patient records, at one's fingertips is unprecedented. Docs love their smartphones.

But for CIOs and chief privacy officers, the relationship is more complicated. As mobile devices become ever more ubiquitous in hospitals and other clinical settings, the threat they pose to sensitive patient information grows.

Privacy and security is hard enough when dealing with stationary client-server EHRs. Try keeping tabs on dozens, or hundreds, of Droids and iPads, each one just waiting to be left in the back seat of a taxi or get hacked.

The 2012 mHealth Summit has multiple sessions focused on the thorny issue of mobile device security, offering tips about the best way to strike a balance between the convenience doctors love and the privacy patients expect.

In the session "Keep my Data Private & Secure," (Tuesday, Dec. 4, 11 a.m. to 12:15 p.m.), a panel of experts will explore the legal challenges related to mHealth adoption, especially with regard to bring your own device (BYOD) policies, external cloud services and mobile apps of questionably robust security. Should HIPAA and HITECH privacy laws be amended to reflect this new reality? How to devise policies to deal with the challenge? It often feels like terra incognita.

"Most healthcare organizations are just at the early stages of using mobile technologies," said Andrew Litt, MD, chief medical officer at Dell Healthcare, who'll be speaking on the panel. "Security is an increasingly important priority for health IT professionals as they roll out these devices."

Of course, he added, "Our first concern as healthcare providers is assuring our patient's trust. Therefore, we must only use technology that protects their personal health information. Luckily, in most situations, mobile clinical technologies exist that will secure that information."

Another session, "BYOD: Now Please Make It Work" (Wednesday, Dec. 5, 10:10 to 11:25 a.m.), drills down into the specifics of crafting and effecting policies that allow doctors and medical staff to safely and securely use their personal mobile devices on the job.
Eleanor Chye, executive director of mobility product, mHealth & pharma at AT&T, will be speaking on the panel.

"What we're seeing in the hospital space is definitely a push toward BYOD, a movement of allowing physicians and clinicians to bring their own smart devices into the hospital environment," she said.

"On one hand we hear from hospital CIOs, 'Security, security, security.' It's so important." On the other hand, she added, "There's a push from physicians and the clinician community: 'Hey, we want more flexibility to be able to download the right solution, we want to make our lives easier.'"

It's a complex issue, says Chye. But one that can be solved.

"In terms of knowing the right paths of implementation, we're in learning mode," she said. "It's no longer even just the device you bring, but the software you load on your device."

So crafting a smart and effective approach to allowing smartphones is more important than ever. "It's not just about the technologies you can layer on, but also the ongoing processes and policies you put in place," said Chye.