Hospital personnel are increasingly using mobile devices to retrieve information and communicate it to one another. Smartphones in particular are employed because of their size, handling and carrying ease, and the fact most people own personal smartphones and are thus familiar with using them. However, smartphones’ ease with obtaining immediate access to data or communicating with another staff member places patient information at risk.
Whether staff members are equipped with smartphones or allowed to use personal phones, hospitals typically have clinical applications installed on them for performing common tasks and conducting patient care. To maintain HIPAA compliance and make sure that patient data being entered, retrieved or communicated is protected, it’s important that hospital smartphone applications have the following security capabilities.
1. Control who can see patient data. Not all smartphone users in the hospital should be able to access patient data, therefore any clinical smartphone application that allows the hospital to do patient-specific communications should enable role-based access – full, partial or no access to clinical data based on the user’s role in the hospital. “Clinical data” includes all data referring to a patient, including photos, and should only be accessible to clinicians, therefore a smartphone user who is a nurse or doctor would have full access to all clinical data. A janitor or orderly would have no access to clinical data, while a lab technician who can see a patient and their data but not act on the patient or the data would have partial access. They would be allowed to see photos but not take them. These role-based security permissions for receiving and viewing clinical data would be controlled by an administrator from the server application supporting the smartphone app.
2. Prevent others from picking up someone’s phone and seeing the data on it. A nurse or doctor who has just looked at or used their phone may put it down to treat a patient or perform a task, leaving it unattended. To protect unauthorized persons from viewing patient data on the phone, there should be a lock-screen mechanism on it. After the phone has been inactive for a certain period of time, it should automatically lock, with access only restored via a pin code the user has. Hospitals actually shouldn’t rely only on the phone itself to have a pin code lock-screen mechanism -the smartphone application providing the data should have it as well. The user should also be able to lock the phone themselves. Then, if the phone gets stolen or leaves the hospital with someone, the thief and any authorized persons will automatically be locked out from accessing the data.
3. Make sure the user is logged out of a left or forgotten phone. With phones that are supplied by the hospital, the user should be automatically logged out when the phone is placed back in the charger at the end of their shift, but also if the phone is accidently left someplace or forgotten.
4. Have all data on the phone removed automatically when log out occurs. Patient data should not be stored on any device hard drive – just encrypted in the memory while the device is in use.
5. Maintain an audit trail on patient data usage. To be HIPAA compliant, hospitals must audit the patient data used on mobile devices so they can see the history on its use – who looked at a specific patient’s data and when, and what data was looked up.
6. Secure patient data traveling through the network. To prevent a hacker from seeing patient data via the wired or wireless networks, the data should be encrypted before being sent so only the intended recipient of the data can see it.
7. Prevent users who left their jobs from later logging into the application. Former employees should be stopped from logging in and viewing patient data from their personal phone or from a hospital-supplied phone they took with them. From the application admin console, a hospital IT person should be able to manually lockout a remote user and remove the application from the phone.
8. Protect patients whose identity and info must be confidential. When a hospital needs to maintain privacy for a patient staying there (such as a public figure), that patient can be labeled a “confidential patient” and only people who will treat that patient directly will see who that patient is and their info. The EMR would mark the patient as confidential, which a clinical communications application should be able to read and convey to the staff. The staff will know there’s a patient in the room to which they are assigned, but they won’t see the patient’s name or info. Even if someone who knows the confidential patient’s name is sending a broadcast to others on that patient, only those who are authorized to know the patient’s name should be able to see it.
These best practices for securing patient data on smartphones are very straightforward and common sense, but they must be implemented. By having them automatically installed with the clinical communications application on staff members’ smartphones, hospitals will more easily maintain HIPAA compliance as well as protect patient information from being exposed, viewed, or stolen by unauthorized personnel.
Saji Aravind is the Chief Architect at Mobile Heartbeat, a leading provider of secure clinical communications smartphone applications.
