The Risk of Using Unauthorized Smart Phones in Healthcare
Recently, a physician in a North Carolina nursing home made what seemed a simple request. He needed some lab results for one of the residents, and asked a nurse to text them to him. Both had permission to access the lab results, and nobody else saw the information.
However, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires medical workers to protect confidential health information. Transmitting data with unsecured smartphones is a HIPAA violation, and the facility had to report the transgression to the Centers for Medicare & Medicaid Services (CMS).
As a result, according to an article by North Carolina law firm Poyner Spruill, the nursing home received an “E”-level deficiency rating (potential but no actual harm) and a 10-point directed plan of correction from CMS. The facility was given 15 days to implement a 10-point plan to ensure no further violations before a discretionary denial of payment for new admissions took effect.
Among other things, it was required to hire an outside, CMS-approved contractor to train the facility staff, governing body and everyone who treated patients about proper privacy practices and about identity theft. The facility also had to designate someone on staff to become an HIPAA compliance officer, and to send letters to all residents and families about the alleged violation and the steps being taken to prevent it from happening again.
That was a best-case scenario in unsecured communications. When information is not properly protected, healthcare facilities may also face heavy fines.
The problem is that this sort of thing happens all the time in health care. Last year a study of 97 pediatric hospitals laid out the numbers:
At least 60 percent of physicians sent or received work-related messages on their personal cell phones – some of them more than 10 times per shift. Thirty percent of them received protected health information in a text message. And, only eleven percent said their organization offered a secure texting solution.
Every time this happens, there is a risk that sensitive information could be seen by someone who should not have access to it – through accident or loss or theft of the cell phone. Every time it happens on an unapproved, unsecure device, it is a HIPAA violation, placing the facility at risk of financial and other repercussions. To make matters worse, an article in InformationWeek noted that government agencies are increasing their focus on HIPAA violations and the risks of unsecured communications.
The fact that the problem is so pervasive shows that healthcare communications systems are just not up to the task. That’s a costly mistake. Another InformationWeek article notes that U.S. hospitals lose about $11 billion annually due to poor communications.
More importantly, fast, secure communications improve care and can save lives. The ability to quickly gather essential information, communicate with colleagues and get critical patients into surgery in time can literally have life-or-death consequences. It’s no wonder so many health care workers want to use their personal smart phones.
Fortunately, ShoreTel offers a mobile unified communications (UC) solution that helps providers improve access between clinicians, reduces inefficient communications, and supports care delivery workflows. The ShoreTel Connect business communications platform helps providers achieve these benefits by enabling their care teams to collaborate using a diverse set of tools including: voice, instant messaging, conferencing, and video; across an equally diverse set of devices including: PCs, smartphones, tablets, and wearable technology
To learn more, read the ShoreTel white paper: How Mobile Unified Communications Transform Clinical Workflows