What to Watch for with Mobile Health Solutions
- Posted On July 16, 2020
- Posted By Vu Nguyen
Mobile health solutions are not something in the far distant future—they’re here now. Integrating mobile technology in a healthcare practice can help accessibility for patients, streamline workflow, and even have a positive effect on quality and outcomes. But as our healthcare delivery and records models shift, so do IT risk and security considerations.
There is specific medical guidance for clinicians to consider when adopting telehealth solutions, as well as different regulatory and payer considerations, but there are also crucial best practices for technical security.
Let’s take a look at some of the top concerns and considerations for mobile healthcare solutions.
Telehealth: Providing Virtual Care
Telemedicine, or telehealth, has actually been around for decades, but its popularity has exploded in the past 10 years, and has seen an exponential increase with the COVID-19 pandemic. Telehealth provides virtual care using telecommunication technology and is used across the healthcare spectrum, in primary, specialty, and ancillary care, and for both acute and chronic settings.
The application potential is immense and the benefits are many. It opens up care to patients who previously didn’t have access because of financial, transportation, time, or other issues. It reduces the burden on the healthcare system as a whole, by simplifying referrals, triaging, follow-ups, medication adherence, and routine check-ins. As we’ve seen with COVID-19, it’s also a critical tool to be able to deliver safe healthcare virtually when infection control risks are high.
Mobile health solutions can include:
- Live telephone or audiovisual interaction between patient and clinician with a computer, tablet, or smartphone.
- Remote evaluations by a clinician while a nurse, technologist, or medical assistant uses peripheral medical equipment on the patient.
- Patient portals, in which electronic medical records (EMR), images, data, and messages are entered and stored for patient access.
- Clinical documentation through EMR, allowing mobile access to clinical data and improving workflow for clinical data entry.
- Monitoring patients remotely, with electronic transmission of clinical measurements to a healthcare provider.
Secure Connectivity and Reliability
The foundation of a good mobile health solution program is secure connectivity and transmission of clinical information. Data can be sent via the Internet, by satellite, or using a virtual private network (VPN), but however data is being transmitted, the following security measures need to be in place:
- Authentication: This allows only authorized users into the system, by requiring log-in, most commonly with password or smart/swipe card. Not only will this protect your system against unauthorized use, but it also allows you to audit access and usage of the system.
- Patient Identification: Your system should be able to cross-reference patient identifiers from multiple domains or from a central server in order to have accurate and compliant verification.
- Data Confidentiality: It’s essential to have data controls in place to make sure PHI and other private information is stored and transmitted confidentially, by means of a VPN, encryption, or file anonymization.
- Data Tracking: All mobile spaces with PHI and private information need to have the ability for data tracking, so that audits can take place and so that vulnerabilities, such as hacking and technical problems can be caught quickly.
- Malicious Program Protection: Security measures such as firewalls and antivirus softwares must be in place for mobile health solutions to protect against hacking and other malicious IT attacks.
- Legal Compliance: With any mobile health solution, it’s important to make sure you have knowledge of all legal and regulatory compliance for the technology.
Additional Considerations
User Error
It’s not the computer. It’s you.
No technology is going to protect against a HIPAA breach, malicious hacking attempts, connectivity interruptions, and other IT problems if the proper policies and procedures are not in place and being followed by staff. It’s important to have protocols in place and to make sure your staff have the correct training to use all mobile health solutions properly to keep PHI and other important data safeguarded and to prevent workflow interruptions.
Equipment Maintenance and Technical Support
Regular review and maintenance of equipment is not only important to make sure software and other IT capabilities are up-to-date for security considerations, but also to ensure workflow isn’t interrupted and patient and clinician satisfaction aren’t affected. Have processes in place on how equipment will be tested and checked, and how you will respond to malfunctions and unexpected problems. Make sure a robust technical support system is in place for all non-equipment issues for mobile health solutions as well.
System Redundancy
To ensure uninterrupted connectivity and access, it’s important to provide redundant systems and accessibility. Without redundancy, you risk workflow and even patient care interruptions.
Vendor and Product Selection
With the increased popularity and use of mobile health solutions, there has been an explosion of product development. It’s crucial to have expert guidance when choosing vendors and products that will be used for telehealth in order to prevent vulnerabilities with untested or inappropriate products. Expert guidance on vendor and product selection can also ensure you get the most bang for your buck by evaluating strategically what is and isn’t needed for your practice.
Case Studies
Babylon Health
Babylon Health, a U.K.-based software company with a mobile health appointment application experienced a privacy breach in June 2020, in which some U.K. patients using the telehealth app were able to see video consultation “replays” for other patients’ tele-appointments.
Babylon was able to identify and correct the problem within hours, but it was a serious security and privacy breach, described as being caused by a software error, not a malicious hacking effort. Misconfigured IT can lead to enormous privacy and security control problems.
Walgreens
Walgreens began notifying customers in March 2020 of a problem in their mobile app which may have allowed PHI in the personal secure messaging feature to be accessed by other people. This feature of the app lets customers receive text notifications for prescription refills and other services—the app error allowed some private data to be viewed by the wrong customers.
Walgreens reports the app error was discovered by them in January and they were immediately able to disable message viewing to prevent further problems while the incident was investigated and mobile app testing took place.
Solutions With VNC
Mobile Health solutions offer a world of possibility for patients and clinicians, but it’s important to have proper IT management to address its unique considerations. VNC has expertise in the healthcare industry, with knowledge of the platforms and processes that can help safeguard healthcare data with mobile health solutions.
We help clients develop a customized strategy for the best mobile health solutions to adopt for each individual practice, how to implement them with all the proper IT safeguards in place, and how to maintain systems to prevent vulnerability.
Learn more about the services we offer and contact us about how we can help you address your IT security concerns.