The CIO s BYOD Toolbox: Top Trends for HIPAA Compliant mhealth

Similar documents
Solutions for Unified Critical Communications. Patient Care Coordination and Provider Collaboration with HIPAA Compliant Texting and Telemedicine

2016 Survey: A Pulse on Mobility in Healthcare

Securing Health Data in a BYOD World

Cloud Communications for Healthcare

AUSTRALIA Building Digital Trust with Australian Healthcare Consumers

Bring your own device: a major security concern

Healthcare in the Public Cloud DIY vs. Managed Services

The Quick-Start Guide to Print Security. How to maximize your print environment and minimize security threats

WHITE PAPER. M-Health: Challenges, benefits, and keys to successful implementation. Kaushal Modi and Radha Baran Mohanty

mhealth SECURITY: STATS AND SOLUTIONS

Enhancing Security With SQL Server How to balance the risks and rewards of using big data

Securing Wireless Mobile Devices. Lamaris Davis. East Carolina University 11/15/2013

Move beyond BYOD to Mobile Workspace with Cisco and Citrix

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

The Data Center is Dead Long Live the Virtual Data Center

Managed Wi-Fi. Connect whenever, wherever

PULSE TAKING THE PHYSICIAN S

All Aboard the HIPAA Omnibus An Auditor s Perspective

HIPAA / HITECH Overview of Capabilities and Protected Health Information

& ealthcare. The dawn of 5G technology is here. Are you prepared for change?

MD-HQ Utilizes Atlantic.Net s Private Cloud Solutions to Realize Tremendous Growth

ips.insight.com/healthcare Identifying mobile security challenges in healthcare

Compliant. Secure. Dependable.

- Samsung Tablet Photo - Tablets Mean Business. Survey of IT pros reflects growing trend toward tablets for workforce mobility and more

Mobility, Security Concerns, and Avoidance

WIRELESS TRENDS IN HEALTHCARE EXECUTIVE SUMMARY

Safeguard protected health information with ShareFile

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Memorial Hermann Health System Eases Encryption with Zix

THE NEW COLLABORATIVE WORKFORCE. Enterprise Communications, Advanced.

Stats, trends, costs Everything you need to know

Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act

Devising a Sound mhealth Strategy

HOW A CLOUD COMMUNICATIONS SYSTEM UNIQUELY SUPPORTS YOUR MOBILE WORKFORCE

Understanding Office 365: Is A Cloud Based Solution Right For Your Business?

Privacy and Security in the Age of Meaningful Use

Cloud & Managed Server Hosting for Healthcare Professionals

A Guide to Closing All Potential VDI Security Gaps

Healthcare HIPAA and Cybersecurity Update

Expanding Sleep Care Through Telemedicine

Healthcare IT Modernization and the Adoption of Hybrid Cloud

Best Practices in Securing a Multicloud World

A HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION. Establish Create Use Manage

2018 Mobile Security Report

MDM is Calling: Does Your Business Have an Answer? arrival. Here To Go. Lunch Dinner. continue. Riiinnggg. Dec. 12

Operationalize Security To Secure Your Data Perimeter

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.

The 2013 Digital Dilemma Report: Mobility, Security, Productivity Can We Have It All?

Why is Office 365 the right choice?

Image Area. Advancing the Reach and Role of Telehealth. The Growing Demand for Innovation in a Changing Industry

Securing Today s Mobile Workforce

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

HIPAA AND SECURITY. For Healthcare Organizations

Enabling the Always-On Enterprise

TRUSTED MOBILITY INDEX

DeliverySlip for Dental Practices

2017 Inpatient Telemedicine Study

The New Healthcare Economy is rising up

Addressing HIPAA privacy compliance on hospital wireless network

Consumer Opinions and Habits A XIRRUS STUDY

Modernizing Healthcare IT for the Data-driven Cognitive Era Storage and Software-Defined Infrastructure

How to Access Protected Health Information from Anywhere and Stay Compliant

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

HIPAA Security and Privacy Policies & Procedures

Make security part of your client systems refresh

for the Dental Industry

ENTERPRISE MOBILITY TRENDS

THE ESSENTIAL GUIDE: SELECTING A CLOUD COMMUNICATIONS PROVIDER

Mobile Technology meets HIPAA Compliance. Tuesday, May 2, 2017 MT HIMSS Conference

How Interconnectivity is Enabling the Future of Patient-Driven Health A Whitepaper Presented by MobileHelp and KORE

CommTech White Paper: 8 Ways to Boost Employee Productivity and Morale with Business-Grade File Sync

Elements of a Swift (and Effective) Response to a HIPAA Security Breach

Protecting PHI in the Cloud. Session #47, February 20, 2017 Kurt J. Long, Founder & CEO, FairWarning, Inc.

Mobile Experience and Security - A Delicate Balance. Jeff Keller, CISA, CIA, CFSA SVP/Senior Audit Director, Technology, Projects, Due Diligence

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

WASHINGTON UNIVERSITY HIPAA Privacy Policy # 7. Appropriate Methods of Communicating Protected Health Information

HIPAA and HIPAA Compliance with PHI/PII in Research

Cisco Patient Connect Solution

Bring Your Own Device (BYOD) Initiative Enable Clinical Transformation by Gregg Malkary, Managing Director, SPYGLASS Consulting Group

Microsoft 365 Security & Compliance For Small- and Mid-Sized Businesses

Horizon Health Care, Inc.

Data Backup and Contingency Planning Procedure

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

SD-WAN. Enabling the Enterprise to Overcome Barriers to Digital Transformation. An IDC InfoBrief Sponsored by Comcast

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty

Date Approved: Board of Directors on 7 July 2016

Five Reasons It s Time For Secure Single Sign-On

Transform Health IT with Enterprise Cloud technologies Session 178, Feb 22, 2017, 11:30 am EST

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

a publication of the health care compliance association MARCH 2018

THALES DATA THREAT REPORT

Healthcare mobility: selecting the right device for better patient care

Modern Database Architectures Demand Modern Data Security Measures

8 COMMON HIPAA COMPLIANCE ERRORS TO AVOID

Emerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI Web Hull Privacy, Data Protection, & Compliance Advisor

Topics 4/11/2016. Emerging Challenges in mhealth: Keeping Information Safe & Secure. Here s the challenge It s just the beginning of mhealth

State of Cloud Survey GERMANY FINDINGS

G Suite: Enabling the connected workspace with a cloud communications system. Google

Transcription:

The CIO s BYOD Toolbox: Top Trends for HIPAA Compliant mhealth Sponsored by: CUSTOM MEDI A

Executive Summary We are all connected. Look around you in any café, shop, or emergency department waiting room, and you ll see the vast majority of people with mobile devices in hand. We are all connected and the prevalence of wireless technologies offers businesses exciting and innovative ways to connect with their customers and clients. The healthcare industry is no exception. As mobile technology has evolved, healthcare organizations are seeing that mobile health, or mhealth, is a tremendous opportunity for healthcare workers to communicate and share information with co-workers, administrators, payors, and patients. But with great opportunity comes great responsibility. And the stringent demands of the Health Insurance Portability and Accountability Act (HIPAA), particularly the final HIPAA Omnibus Rule, means that providers must go to great lengths to ensure the protection of private patient health information (PHI). The emerging practice of bring your own device (BYOD), which is rapidly growing, allows employees to use their own mobile devices for work purposes. More and more, healthcare workers are relying on their personal smart phones, tablets and other mobile devices to help them do their jobs. While mhealth will never replace the human element in healthcare, it does provide a valuable toolset to help healthcare organizations streamline processes, thereby lowering costs and improving the quality of patient care. We are all connected. And these connections, which now often merge the professional and personal, bring new and varied challenges to keeping both patients and their health data safe and secure. When it comes to details in healthcare, there is no replacing person to person communication. We are all connected. And these connections, which now often merge the professional and personal, bring new and varied challenges to keeping both patients and their health data safe and secure. When it comes to details in healthcare, there is no replacing person-to-person communication. But as we move towards a more mobile landscape, it is possible to support mhealth interactions through the adoption of safe, secure and reliable technologies. 2

The Prevalence of Mobile Technologies and HIPAA Compliance 1 Million Mobile Physicians Today, there are nearly one million physicians in the U.S. and these physicians often move between offices, clinics, departments and other facilities in, around, and between affiliated (and even, at times, non-affiliated) hospitals. With the number of multisite health care delivery organizations growing, nearly 10% over the past decade, this number can only be expected to rise. 1 Their ability to provide quality care to patients requires constant and easy access to clinical information, as well as the ability to effectively and efficiently communicate with colleagues and care team members. 2 This need has only grown with the advent of accountable care organizations (ACOs) and their distributed networks of providers. As such, healthcare organizations are looking for flexible and secure solutions to help clinicians stay connected in order to gain quick access to the data they need. One solution may be no farther than your average resident s pocket. A recent survey by Healthcare Information and Management Systems Society (HIMSS) reported that 83% of respondents indicated that physicians at their organization were using mobile technology to facilitate some patient care and nearly 60% of respondents said the benefit of mobile technology was the ability to view and interact with data from a remote location. 3 But with new stats suggesting that a whopping 98% of physicians own and regularly use personal smart phones at work, it s possible that many healthcare workers are using personal devices to communicate about PHI without proper regulation. 4 But with the right BYOD policy in place, those personal devices could be leveraged to allow clinicians to communicate in a more agile manner, increasing overall efficiency and productivity on the hospital floor and beyond. 83% 60% 98% own and regularly use personal smart phones at work using mobile technology to facilitate patient care found benefit in ability to view and interact with data remotely 3

But such BYOD use requires careful governance, with HIPAA compliance being a main driving force for the intense spotlight on mhealth security. While many industries now allow employees to use their own wireless devices for work purposes, the demands of HIPAA regulations and healthcare s unique needs regarding patient data have made some organizations hesitant to follow suit. Studies continue to show that BYOD has the power to improve physician morale, decrease costs, increase productivity and improve patient care. 5 But to find this kind of success, healthcare organizations need to understand the risks involved and to put proper policies in place that will prevent and contain any potential security breaches. The Security Risks of BYOD There are several types of security risks that may compromise HIPAA compliance when hospital employees start using their own devices to transmit patient information. And each should be considered when developing your organization s BYOD policy. Studies continue to show that BYOD has the power to improve physician morale, decrease costs, increase productivity and improve patient care. 5 4

The Top 4 BYOD Security Risks 1. Lost devices. A majority of data breaches reported to the Department of Health and Human Services have been due to the theft or loss of a mobile device or laptop. 6 According to an Ernst and Young research report, 22% of the total number mobile devices produced will be lost or stolen over their lifetime, with 50% never to be recovered. 7 Handheld devices, tablets, and smart phones are all too easy to lose. What happens when one of your employees leaves a device at a restaurant? Or in the hospital bathroom? Anyone might pick it up and gain access to protected health information. 2. Password protection for clinician devices. Many physicians may not password protect their personal devices or the different applications used therein. Or, alternatively, they may choose simple passwords that are easy to crack. 3. Encryption of only certain data elements. Even a locked phone with encrypted data may not be completely secure. Some smartphones deliver snippets of texts or emails to the screen even when it is locked down and that information is easy for any passers-by to see. Furthermore, personal devices may contain a variety of applications that may be able to inadvertently collect private data from your hospital network on the back end. # of mobile devices lost or stolen during their lifetime 22% 50% of these are never recovered 4. Mixing personal and PHI data. BYOD blurs the line of what data is professional and what data is personal. Everyone has a story about a text sent in error. What happens when a physician accidentally sends PHI intended for a colleague to his Mom? Or accidentally sets his device to send all photos, even those of a recent post-op examination, to his personal icloud account? Both personal and professional data need to co-exist on the device but in such a way that PHI is always protected. 5

Key Considerations and Rules for HIPAA Compliance with BYOD In 2014, the Ponemon Institute s Fourth Annual Benchmark Study on Patient Privacy and Data Security found that BYOD usage in the healthcare space continues to rise. In fact, 88% of respondents stated employees at their organization were permitted to access the network using a personal mobile device. Yet, despite that policy, more than half of the respondents stated that they were not confident that said access was secure. 8 88% >50% not confident that access was secure Percentage of employees permitted to access the network using a personal mobile device Additionally, a recent PwC research report found that both physicians and payers identified security and privacy as the leading barriers to the use of mhealth, with around only half of the physicians surveyed believing the mobile Internet technologies at their workplace are secure. 9 In an industry where many organizations don t have strict policies in place governing company-issued mobile device use, it may be hard to know where to start when it comes to BYOD. 10 But with the HIPAA HITECH Omnibus final rule now in place, it s more important than ever to create and enforce clear programs for use. First and foremost, mobile devices are no longer immune to breach notification requirements. If a breach occurs on a mobile device, it needs to be handled in the same manner as one that occurs on any desktop computer. Second, a cloud service, or any subcontracted organization that stores or processes PHI, needs to be part of the chain 6

of compliance. Since most mobile devices take input and store information in cloud services, the onus is on healthcare organizations to direct how, where, when and why PHI is uploaded and downloaded to these associated entities. 11 Mobile device security though, starts at the user level. Healthcare organizations must set similar policies that businesses across a number of industries have already set. The importance of encryption, device lock down, and requirement of passwords are among a few important considerations. With the prevalence of third-party application use on personal devices, the monitoring and security assessment of vulnerabilities must be addressed through use of mobile anti-virus programs, internal management of mobile apps, continual assessment of mobile apps to uncover greater security risks, and many other important considerations 12. If they don t, the costs and related HIPAA penalties may be too great to bear. Healthcare organizations must set similar policies that businesses across a number of industries have already set. The importance of encryption, device lock down, and requirement of passwords are among a few important considerations. The Future of BYOD and mhealth: Supporting the Need for Clinical and Patient Collaboration The mobile revolution will not be denied. Physicians and patients alike want the ability to use their personal mobile devices to communicate with healthcare organizations and share protected health data. And it s possible to do so and remain HIPAA compliant. You just need the right policies and products in place. To start, you can ensure HIPAA compliance by adopting a cloud-based communications system one that securely encrypts both calls and data, whether in-transit or at-rest. This enables hospital workers to both send and receive PHI safely and efficiently as well as protect the privacy of physicians and patients as they do so. RingCentral s HIPAA Compliant cloud phone system for healthcare delivers just that kind of solution. It offers robust call routing and handling so providers can take and make calls from their business line via their personal mobile devices for secure BYOD usage. As mhealth technologies evolve, healthcare organizations 7

need to support mobile applications that facilitate real-time access to patient data. They will need to push information, through use of messaging and mobile alerts, to consulting physicians. But communication cannot, will not, and should not be limited to devices. Healthcare organizations should embrace apps and new technologies that also facilitate the patient-physician interaction. As wearable technologies progress, your organization may have to support wearable devices that communicate PHI as well as alert physicians to potential complications. Physicians and patients alike want the ability to use their personal mobile devices to communicate with healthcare organizations and share protected health data. And it s possible to do so and remain HIPAA compliant. You just need the right policies and products in place. Looking to the future, hospitals and other healthcare organizations should also be preparing for on-demand medicine capabilities. As more ACOs take root across the industry, physicians need to be able to participate in case discussions with referring doctors and organizations as well as distributed care team members. But patients also desire secure video chat offerings. Worried parents can talk to a nurse or pediatrician during a baby s late night fever. Mental health patients can open up to providers from the comforts of home. And patients with chronic illnesses can regularly check in with providers without the inconvenience of a monthly in-person appointment (or simply waiting until their health deteriorates). And payers are prepared to answer the bell. A recent survey revealed that 60% of payers surveyed have either already started paying for video consultations or plan to in the next few years. Healthcare organizations should embrace apps and new technologies that also facilitate the patient-physician interaction. As an example, RingCentral Meetings allow both physicians and patients to connect online easily and securely with real-time screen and file sharing when meeting face to face is not an option. Physicians can impart real-time video communication as well as media collaboration on items like X-Rays, lab results and discharge notes. And patients 8

can confer with care providers with comfort and ease. Taken together, promoting ondemand services improves patient satisfaction and care and also results in significant cost savings for healthcare organizations. 14 60% of patients have either started paying for video consultation or plan to in the next few years The Future is Mobile We are all connected. And the future of healthcare, both in terms of patient-to-physician and physician-to-physician communication, has gone mobile. While person-to-person communication will never be completely replaced, mhealth, including BYOD, is becoming increasingly important. Patients expect it and more importantly, quality care demands it. Providers must facilitate the secure exchange of information while providing transparency of communication between key care providers and their patients or risk being left behind. Your organization can facilitate value-based care through mobile communications. But it requires the development and acquisition of tested, reliable solutions that facilitate your connections and your organization s ultimate goals, rather than impede them. We are all connected. And your choice of technologies can ensure you and your patients stay securely, reliably connected no matter what comes next. 9

About RingCentral The RingCentral cloud communications system enables professionals to work the way they want in today s mobile, distributed and always connected world. Delivered on a state-of-the-art cloud infrastructure, RingCentral helps more than 320,000 organizations provide seamless voice, text, fax, audio conferencing and web meetings along with integration into their favorite SaaS applications. RingCentral combines powerful, secure, and flexible enterprise-class solutions that support healthcare professionals in hospitals, clinics, medical offices, and in-home care environments. Learn more Discover more about RingCentral s HIPAA-compliant, all-inclusive cloud phone system for healthcare. Visit RingCentral.com Sponsored by: CUSTOM MEDIA 10

References 1 Porter, M.E. and Lee, T.H. (2013). The strategy that will fix health care. Harvard Business Review. https://hbr.org/2013/10/the-strategy-that-will-fix-health-care/ 2 Leventhal, R. (2014). Top ten tech trends: Getting the green light on clinician-to-clinician texting. Healthcare Informatics. http://www.healthcare-informatics.com/article/top-ten-tech-trendsgetting-green-light-clinician-clinician-texting 3 HIMSS Analytics. (2014). Third Annual HIMSS Analytics Mobile Survey. http://www.himssanalytics.org/ research/assetdetail.aspx?pubid=82144&tid=127 4 Spyglass Consulting Group. (2014). Point of care communications for physicians 2014. http://www.spyglass-consulting.com/wp_pcomm_physician_2014.html 5 Perna, G. (2014). Q&A: Implementing an effective BYOD protocol (Part 1). Healthcare Informatics. http://www.healthcare-informatics.com/article/qa-implementing-effective-byod-protocol-part-1 6 Deloitte Center for Health Solutions. (2012). mhealth in an mworld: How mobile technology is transforming health care. http://www2.deloitte.com/content/dam/deloitte/us/documents/ life-sciences-health-care/us-lhsc-mhealth-in-an-mworld-103014.pdf 7 Ernst and Young. (2013). Bring your own device: Security and risk considerations for your mobile device program. http://www.ey.com/publication/vwluassets/ey_-_ 8 Raths, D. (2014). Survey: Data breaches decline slightly, but threat remains high. Healthcare Informatics. http://www.healthcare-informatics.com/article/survey-data-breaches-decline-slightly-threatremains-high 9 PwC. (2014). Emerging mhealth: Paths for Growth. http://www.pwc.com/en_gx/gx/healthcare/ mhealth/assets/pwc-emerging-mhealth-full.pdf 10 Raths, D. (2014). Survey: Data breaches decline slightly, but threat remains high. Healthcare Informatics. http://www.healthcare-informatics.com/article/survey-data-breaches-decline-slightly-threat-remains-high 11 Hagland, M. (2013). Mobility and malpractice: One legal expert looks at the implications of mhealth on legal processes. Healthcare Informatics. http://www.healthcare-informatics.com/article/mobility-andmalpractice-one-legal-expert-looks-implications-mhealth-legal-processes 12 Ernst and Young. (2013). Bring your own device: Security and risk considerations for your mobile device program. http://www.ey.com/publication/vwluassets/ey_-_bring_your_own_device:_mobile _security_and_risk/$file/bring_your_own_device.pdf 13 PwC. (2014). Emerging mhealth: Paths for Growth. http://www.pwc.com/en_gx/gx/healthcare/ mhealth/assets/pwc-emerging-mhealth-full.pdf 14 American Telemedicine Association. (2013). State Medicaid best practice: Remote patient monitoring and home video visits. http://www.americantelemed.org/docs/default-source/policy/state-medicaidbest-practice---remote-patient-monitoring-and-home-video-visits.pdf?sfvrsn=6 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback