The average adult in the United States spends 3 hours and 43 minutes on their mobile devices. That tallies up to 50 days per year. What are they doing all that time? Catching up on news, playing games, doing work tasks, calling or messaging friends, and watching videos or movies top the list.
Mobile device usage isn’t reserved only for leisurely activities. More than 90 percent of physicians and 65 percent of nurses use a smartphone or tablet frequently in the clinical setting. Some use their own personal device as part of a bring your own device (BYOD) program, but others utilize those provided to them by their employer.
Just how are clinicians and allied healthcare professionals utilizing mobile devices on the job? Some use the technology to communicate with each other and patients through text messaging, while others employ it to document at the point of care. The mobile devices also enable these clinicians to quickly and cost-effectively communicate with other physicians on patient care, conduct virtual care visits, update patient charts, and streamline the management process of hospital admissions and discharges.
Pros and Cons of Mobile Device Use in Healthcare
Most physicians and nurses use mobile devices for work for the same reason as patients: convenience. Many patients prefer to have the resources available to schedule appointments, register, and check in through their smartphone, computer, or other mobile device. It allows them to complete these tasks when and where they want.
Equipped with mobile technology, clinicians have the ability to provide care without being tied to a specific physical location. This is especially beneficial for a better work/life balance and takes another step toward reducing physician burnout.
As with any technology, though, there are downsides to healthcare professionals using mobile devices at work. They’re more likely than a desktop computer and other larger devices to be stolen. And, many of them aren’t equipped with firewalls, encryption, antivirus software, or multi-factor authentication, making them easier targets for cybercriminals.
Then, there’s the risk of non-compliance with HIPAA guidelines, which are designed to protect individuals’ electronic personal or protected health information (PHI) that is created, received, used, or maintained by a covered entity (i.e., hospital, health system, medical group). Healthcare providers that fail to address weak spots in HIPAA compliance risk a loss of revenue, a damaged reputation, decreased patient satisfaction, and potentially hefty fines and fees.
What’s the big deal about PHI? Because it includes individually identifiable health information, such as demographic data, medical histories, test results, insurance information, and other data used to identify a patient, it can be a dozen times more valuable on the black market than credit card information, ranging from $10 to $1000 per record in online marketplaces. More than 590 organizations reported healthcare data breaches to HHS in 2022, impacting roughly 48 million individuals.
Four of the most common HIPAA violations have to do with PHI. Maybe that’s why only slightly more than half of patients at private practices and about one-third of patients of large hospital networks said they don’t trust their healthcare providers to protect PHI and payment information.
Not only is a HIPAA-covered entity that chooses to use mobile devices in the workplace required to implement and enforce a HIPAA mobile device policy to protect patient health data accessed through the device, stored on it, or transmitted by it, they also have to be prepared for an audit conducted by the OCR.
Recommendations for Mobile Device Security
That’s the bad news. The good news is that there are numerous things your medical group can do to make the mobile devices used by your clinicians safer from cybercrime and other security risks. We’ve compiled a list of 20 of the top recommendations.
- Train employees on mobile device policies, security procedures, and HIPAA violations.
- Authorize each mobile device to add, modify, remove, and access PHI.
- Regularly conduct risk analyses/assessments.
- Enable passcode protection or other user authentication.
- Establish controls to allow mobile devices to be audited.
- Verifying PHI and other data is encrypted in transit and at rest.
- Keep your security software up-to-date.
- Register each mobile device with your medical group.
- Inventory and keep track of all mobile devices containing PHI.
- Regularly review mobile device access.
- Install and enable security software.
- Enable certificates to help prove the authenticity of users and devices.
- Install and activate remote wiping and/or remote disabling.
- Disable and do not install or use file-sharing applications.
- Install and enable a firewall.
- Use adequate security to send or receive health information over public Wi-Fi networks.
- Install radio frequency identification (RFID) tags to help locate lost or stolen mobile devices.
- Delete all stored health information before discarding or reusing the mobile device.
- Revoke access when an employee no longer works for your practice.
- Back up data regularly.
At Epion Health, we are committed to data security and privacy. Our powerful HIPAA-compliant and HITRUST-certified platform helps healthcare providers deliver care that’s secure and reliable and makes it easy to connect with patients any time, from anywhere, at all points along the care journey. Plus, our Digital Check-In solution combined with Kyruus’ online scheduling solution allows patients to access a seamless self-service experience — from start to finish. Schedule a meeting with us to learn more!
