A 2012 Manhattan Research study on technology adoption by physicians (Taking the Pulse® U.S.) reported that 85% of U.S. physicians now own or use a smartphone professionally. Moreover, 62% of U.S. physicians own a tablet and half of the tablet-owning physicians have used their device at point of care. While the numbers may vary slightly between Canada and the U.S., I think it is safe to assume that adoption of smartphones by Canadian physicians is comparable to American colleagues. This creates opportunities and challenges in terms of how physicians use mobile devices to access patient information.
Smartphones have evolved rapidly in the last five years with Apple and Samsung battling for worldwide supremacy in this lucrative market. What this intense competition has done is increase the speed, readability, and functionality of phones to a point that they have become the ultimate “converged” device offering voice, email, messaging, Internet access, and a wide range of apps (many of which are customized for healthcare). The high resolution 4.8" screens of the Samsung Galaxy SIII or the 4" Apple iPhone 5 are sufficiently large and crisp that the barrier of screen size is no longer a limitation when viewing information. The ability to pinch and zoom in on certain information or increase the size of text makes it possible to view not only data, but images. So, why would physicians not want to access their EMR using their mobile phone? It is unlikely that any physician would want to use their mobile phone as their device of choice when seeing patients in a hospital or clinic; however, there are many times that the ability to view critical data is extremely useful and convenient when away from the clinic or a regular computer.
Consider the following if accessing your EMR via your mobile phone:
- How do you plan to use your mobile phone to access your EMR?
- Do you have a mobile app that allows you to view information in your patient’s records or, will you use your phone’s browser to login to your EMR as if you were accessing from a regular laptop or desktop computer? Is the data passed between your EMR and your mobile app encrypted? Similarly, does your EMR require secure browser access (https vs. http)?
- Will you only be viewing clinical data or interacting with it to transmit orders or medications?
- Is any sensitive clinical data stored locally on your device or is all data purged after you close your mobile phone session?
- These are important questions to consider as you will be held accountable should there be a data breach that is linked back to access via your phone. A December 2011 article in American Medical News titled, Smartphones blamed for increasing risk of health data breaches suggests a correlation between the rise in smartphone use and the increase in security data breaches. While many of these breaches have occurred in larger healthcare organizations, there are a number of ways that mobile phones can create a mechanism to gain access to patient data.
Could you be creating a security risk by accessing patient data via your mobile phone and what can you do to mitigate the risk?
- Do you use good security practices? These include:
- Using a passcode to access the phone. Takes a bit longer, but prevents (or at least delays) inappropriate access.
- Not storing all of your usernames and passwords on your phone in a folder called passwords.
- Careful use of bookmarks and auto-login features. For example, not saving your username and password in your mobile app or browser. Entering a password takes longer, but is more secure.
- Not storing sensitive clinical patient information on your phone. You may be tempted to run reports or save reports on your phone in unprotected folders. If your phone gets lost or stolen, these are the first places that a thief will look.
- If your phone gets lost or stolen, do you have the ability to remotely wipe all of the data on the device? You can also set up tracking applications that allow you to find your phone using mapping software.
With the prevalence of smartphones amongst physicians, the likelihood that you will access some sensitive clinical data is high. If you are going to do so, consider how you should protect your device and your patients’ information. The above guidelines are not comprehensive but can be used as a starting point to ensure you do not become the weak link in the process.