With the increased usage of smartphones in healthcare applications, a recurring concern among clinicians is the suitability of these devices in healthcare facilities. Conversations center around how mobile phones contribute to the spread of hospital-acquired infections, as well as data security risks inherent in the use of unencrypted messaging systems to distribute sensitive health information.
Why then do Tissue Analytics and other digital health companies advocate for the use of apps in daily clinical practice?
“…it is important to remember that clinicians use and clean point-of-care devices every day. From glucometers to transilluminators, shared medical devices are a part of standard part of clinical practice. With the same dedication to cleaning as we approach other devices, smartphones can be successfully integrated without increasing overall infection risk.”
With regards to data security, doctors regularly send each other text messages with patient details to compare notes or circumvent some of the restrictions put on current EHRs messaging platforms. This is certainly not the most secure method and is generally condemned by hospital security personnel. While we agree that transferring PHI via smartphone apps is irresponsible and puts patient data at risk, there are important practices to mitigate these risks.
Given that information is already finding its way out of the care setting, the challenge is in ensuring that health data is transmitted in a HIPAA-compliant manner. For wound care patients, Tissue Analytics provide a platform integrated with existing EHRs that enables the secure storage and transmission of wound data. This makes it seamless for clinicians to communicate with each other and the patient at any level of care.
In making their choice of an EHR add-on, clinicians should consider using HIPAA-compliant applications that follow NIST standards for sanitizing data from mobile devices. Mobile applications that target health systems need to be self-contained within the clinicians’ existing workflow. This capability can only be unlocked by a bi-directional integration with a facility’s host EMR. Whether the application uses open standards (HL7/FHIR) or EMR-constructed API’s, health systems looking to adopt mobile applications should ensure that the application of interest has been fully validated by their EMR vendor. Receiving an EMR’s stamp of approval often means that the application integrates with the EMR in a scalable fashion and, utilizes industry standards from a data security perspective. EMR validation will signify that the third party app’s architecture is in keeping with NIST standards for media sanitization of mobile devices, uses industry standard encryption methods (AES, TLS etc.) and has undergone thorough penetration testing. A data breach would almost certainly cancel out the expected clinical benefits of the new application.
To achieve the same level of compliance, other healthcare specialties can employ the services of mobile device management firms who provide device security, remote management, application control and reporting tools. This ensures that devices in the facilities are protected from unauthorized access by individuals or third party apps and can be wiped out if lost or stolen. In addition, real-time visibility enables a quick response in the event of a suspected security breach.
It is essential that the approval process for third-party apps is as rigorous and thorough as possible because data security is only as strong as the most vulnerable link. Ultimately, if the necessary precautionary measures are taken, smartphones in healthcare facilities will improve workflow and patient care.
Follow Tissue Analytics on LinkedIn for more frequent industry content and company updates!