December 3, 2012
Healthcare at Your Fingertips
By Maura Keller
For The Record
Vol. 24 No. 22 P. 6
Walk through any medical facility and you are bound to see patients, doctors, nurses, and other healthcare professionals using smartphones—albeit most often for personal use. But as these handheld communication devices continue to offer amazing computing horsepower, bigger screens, and speedier wireless connectivity, hospitals are taking notice and evaluating using them to improve point-of-care communication.
According to Trey Lauderdale, vice president of innovation at Voalte, a provider of software solutions for healthcare institutions, smartphones already are playing an integral role in healthcare by improving workflow and communication. “Currently, clinicians are forced to carry multiple antiquated communication devices that are supposed to ‘help’ them do their job better,” he says. “The reality is that managing these multiple devices actually reduces productivity, increases frustration amongst users, and may lead to sentinel events.”
Lauderdale says incorporating smartphones as part of a communication strategy is critical. “The benefits of using smartphones exceed those of pagers and hands-free and legacy devices,” he says. “Many of our hospitals have reported improved clinical communication, reduced noise in and around patient rooms and throughout the hospital, as well as improved patient safety and satisfaction.”
Voalte currently has more than 5,000 iPhones being used by 20,000-plus caregivers in the United States, with 3,000 additional iPhones under contract for deployment. This ranges from 25 iPhone deployments in surgical centers to 1,500 devices in multifacility health systems. Customers include Cedar’s Sinai, Texas Children’s Hospital, Heartland Health, and Massachusetts General.
Marco Smit, president of Health 2.0 Advisors, says smartphone use is paramount for patient engagement, particularly for postdischarge communications. As readmission penalties become a reality, many hospitals fear financial losses and the prospects of having their rates being published for public consumption.
“The smartphone is the No. 1 vehicle to influence, engage, and educate the patient postdischarge,” Smit says. “We are making some progress with this in the field, but we still have a long way to go.”
Smit sees an opportunity for smartphones to improve patient engagement, with communication flowing from patients to providers, patients to caregivers, and caregivers to other caregivers. Capturing and recording these data exchanges could be problematic, though.
“Most hospital EMR systems do not have ways to integrate the data coming from the patient,” Smit says. “The drawback of patient engagement uses with regard to smartphones is that it requires the hospital to spend more time and resources thinking about the consumer/patient perspective in environments and settings that they don’t control. Hospitals very strongly prefer settings that they control fully, so this would be outside of their comfort zone and require new skills.”
Smit says that while smartphones have been used in combination with electrocardiograms and ultrasounds for a while, the technology is quickly expanding to other fields. “In dermatology, there are many opportunities to use the smartphone for second opinions, preliminary consults, etc due to the visual nature of diagnosis in this field,” he notes. “iDoc24 [a mobile medical information service] has demonstrated use of this in Europe, and it is coming to the US as well. Cellscope also uses the iPhone for medical applications in dermatology and ophthalmology, and we expect the number of medical uses of smartphones to continue to rise.”
Security and Ownership
With the increasing number of people using smartphones for personal use, can employees bring their own devices to use at work or will that compromise communications security within the healthcare setting?
“Using smartphones could be highly beneficial from a productivity perspective but only if implemented correctly,” says Stu Sjouwerman, CEO and founder of KnowBe4, a security awareness training firm. “Some of the key drawbacks include lost, stolen, or broken devices and potential security breaches violating HIPAA regulations resulting in high fines. Otherwise, these devices are going to become ‘comfortable transportation’ for all kinds of bacteria moving through the building. That being said, the positive aspects include medical professionals having the relevant data at their fingertips and potentially being much more effective.”
“Hospitals should consider purchasing iPhones to be used as shared devices,” Lauderdale says. “This helps the organization maintain and monitor hospital security protocol. However, since there are many clinicians who need to communicate while away from the hospital, we recommend utilizing mobile device management solutions. This helps hospital IT departments maintain more control over confidential patient health information.”
However, Smit says that BYOD (bring your own device) is increasingly becoming the only option that physicians will accept. “With the uncertainty in the market share of smartphone platforms other than Apple’s iOS, there is little ground for hospital IT administrators to push back on this trend forcefully,” he says. “We don’t see BYOD as something that complicates security for hospitals in some ways because the trend started two years ago, so hospitals should have developed answers for some of the related issues by now. Also, security breaches from laptops are a higher risk than smartphones for most hospitals.”
Sjouwerman says BYOD is a recipe for disaster. “They need to issue their own devices, which need to be configured correctly and issued together with training,” he says.
The future is clear: The use of smartphones is on the rise. And, according to a Voalte report, that’s good news because distracting noises caused by pagers, alarms, hallway conversations, and other sources create interruptions to patient care. In fact, “Each disruption is associated with a 12 to 13 percent increase in procedural error and clinical error” and “with the exception of announcing ‘code blue,’ smartphones can eliminate the need for all overhead paging,” according to the report.
That being said, there are two areas of concern that may impede full integration of smartphones. “Reception within the hospital is still very problematic, often a reason not to use smartphone-based [computerized physician order entry],” Smit says. “And integration with EMRs is a major hurdle. Without that integration, using a smartphone for patient-related activities is double work that needs to be redone later—not something that physicians are looking forward to.”
However, Lauderdale says smartphone use in hospital settings is inevitable. “The demand for consumerlike functionality within healthcare is too great for hospital administrators to ignore. Most hospitals we have spoken with are already in the process of creating their mobility plan that includes leveraging smartphones to improve patient care,” he says. “The main issues that need to be addressed are the administration of devices within a secure, enterprise-ready context, but mobile device management vendors such as Airwatch have already met this functionality.”
— Maura Keller is a Minneapolis-based writer and editor.
BYOD Deployment Rules
Stu Sjouwerman, CEO and founder of KnowBe4, a security awareness training firm, says there are five BYOD (bring your own device) deployment rules that need to be followed when using a smartphone in a professional/work setting:
• Appoint a project leader who has the authority to enforce the required policies, procedures, and training to get BYOD implemented securely.
• Create a clear and concise policy regarding BYOD for both IT and the end users. Next, create computer-based, end-user mobile security training that explains these security policies to end users. This will establish a higher understanding and compliance level than having someone read and sign a paper document, a tactic that is a recipe for security breaches.
• Enforce a strong password policy. For confidential data, implement two-factor authentication. To prevent password fatigue, deploy single sign-on or use a password manager with similar functionality. Ideally, a so-called federated ID would allow users to log in across all authorized systems and applications with the same user name and password.
• Deploy secure remote access using a virtual private network (VPN) that runs on SSL. Now that you have an authenticated user, you need a secure connection. With a VPN, employees can connect to the office without worrying that their datastream will be broken into by hackers. A VPN does not guarantee 100% security, but it does make it more difficult to reach protected data.
• Onboarding and termination need to be tightly managed. When employees are hired, they must complete security awareness and mobile security training as part of the onboarding process. When an employee leaves, network access should be terminated. Management software that controls devices from the organization’s side can terminate access in a matter of seconds.