Guest post by Dr. Christopher Ray, chief technology officer of Medical Information Records, creator of AnesthesiaOS, a cloud-based EHR solution for anesthesiologists and winner of Dell’s “Advancing Medicine” Healthcare Innovation Challenge.
Mobility and Bring Your Own Device (BYOD) strategies are transforming all aspects of healthcare by enabling physicians, nurses and medical staff to improve the delivery of care while enhancing patient outcomes and safety.
The upsides are impressive: Fast, responsive, agile solutions that streamline healthcare workflows and harness big data to deliver smarter care and more personalized medicine. By enabling providers to use preferred devices and mobile cloud software, mobility can help transcend how electronic medical records (EMR) are captured, accessed and viewed.
When it comes to mobility and BYOD in healthcare, however, security and compliance must go hand-in-hand. In creating AnesthesiaOS, a fully mobile anesthesia information management system (AIMS), we focused on providing greater efficiency in practice management while ensuring the highest levels of safety and integrity for protected health information (PHI).
To that end, creating, achieving and maintaining compliance with both patient privacy and healthcare standards was accomplished by leveraging the following set of comprehensive best practices:
Protect, Identify and Confirm All Regulated Data
The biggest challenge healthcare organizations face today is preventing information from ending up in the wrong hands. Since protecting information is an overarching goal, it’s crucial to identify all regulated data that will be generated on, accessed from, stored on or transmitted by a mobile or BYO device.
In determining the optimum level of secure access, healthcare providers must work within the guidelines established by the Office of the National Coordinator for Health Information Technology (ONC). As the principal federal entity charged with coordination of nationwide efforts to implement and use the most advanced health information technology and the electronic exchange of health information, the ONC tests and determines how regulated data must be handled.
In most cases, a multifaceted approach to dealing with regulated data is recommended, which likely includes encryption of data on devices and residing on servers as well as data in transmission. Moreover, the deployment of secure workspaces ensures that regulated and personal data are not commingled, whereas virtualization heightens IT control of applications and the data they access. Data leakage protection (DLP) is essential for controlling which mobile employees can transmit through BYO devices as well as preventing the transfer of regulated data from a secure app to one that is unsecured.
Change management is an important consideration, especially since it’s critical to protect access to devices in addition to safeguarding patient workflow. The good news is going through the change management process usually leads to elevated security standards.
Control and Secure Access to Data and Networks
Successfully existing in a BYOD environment requires deploying solutions that can monitor, track and control access rights to all BYO devices. While each facility may have unique needs, this must be accomplished according to users’ identity, device type, location, time of access and resources accessed.
Among the standards that AnesthesiaOS follows is maintaining a log of every act by every user on the software, encompassing keystrokes, transmissions, etc. All this is recorded, captured and reported for compliance purposes. Furthermore, healthcare software includes a somewhat unique “emergency access” provision, whereby users can request emergency access to information for a defined period of time, such as 30 minutes. After that window, the user would be locked out of the application.
Anesthesiologists work in multiple areas in a hospital, so they may lose Wi-Fi access, which is essential to working with mobile cloud software. To ensure continuity of patient care, they work from the device locally and then synchronize with data in the cloud as soon as Wi-Fi access is re-established.
For best results, organizations should consider a complete solution for identity and access management (IAM), firewalls and virtual prove networks. Such an approach helps control administrative complexity while supporting the variety of devices and operating systems that frequent BYOD environments. By accommodating different user roles, data types and regulatory requirements, this approach also makes it easier for authorized users to access information and resources from their personal devices, which maximizes mobile flexibility and individual productivity.
In return for employees bringing their devices to work, extra security measures should be applied, such as a password to access the device or its secure workplace. As for environments that utilize other mobile devices, such as tablets or laptops, the addition of a smart card reader or fingerprint reader can help prevent unauthorized access if these devices are lost, stolen or inadvertently used by family or friends.
For Healthcare Apps—it’s all about Compliance
A multitude of mobile devices now are used in healthcare settings, which has added a layer of complexity to facilities seeking to meet Meaningful Use Stage Two requirements. In fact, by the end of June 2014, only one percent of hospitals and three percent of providers met the Stage Two standards, mostly due to software complications.
Simplifying patient workflow without sacrificing compliance or security is a major driver for AnesthesiaOS because an anesthesiologist supporting five different operating rooms may prescribe up to 250 medicines each day. The ability to streamline what can be an overly cumbersome process while enabling physicians to use their preferred mobile devices is highly compelling, not to mention a real game changer thanks to the opportunity to replace expensive computers on wheels with cost-effective tablets.
The advancement toward ubiquitous acceptance of mobility and BYOD is gaining momentum and can mean great things for the healthcare industry, as long as best practices are followed concerning compliance and the protection of private information. By following the aforementioned best practices, healthcare organizations can embrace mobility as a vital tool in ensuring patient care delivery excellence.