Discussing Modern Electronic Records, Online Venues and Mobile Devices
INTRODUCTION
This is the 21st century, an era of ever-increasing advancements in the realm of science and technology. Year after year more advanced, more innovative and more efficient technologies continued to be developed. We see this in how many people rely on technological devices, like computers, “i-pads” or tablets and smart phones, to fulfill their job requirements, to gain an education and in their every day social lives. There are no major industries that have not developed or placed their dependence in some kind of technology, be it farming and manufacturing or banking and construction; the healthcare industry is no exception. Healthcare is an industry that has been innovated by advancing technologies, from medical devices, to prosthetic development and testing options for many diseases. There is no question that these technologies have benefitted healthcare providers, but, also, the patients they treat. One of the most recent technologies to begin being adopted in the healthcare professions are “electronic medical” protocols. This is how many professionals are collecting and storing patient records and personal information via multiple devices, again, like smart phones, tablets and other portable platforms. There are also technological exchanges between patients and healthcare professionals via medically dedicated social media or “tele-medical” online sites. There are many people who argue that such platforms and technological exchanges is the future of medicine. However, there are others that disagree, they argue that placing sensitive personal and medical details via mobile devices, online platforms and electronic record keeping software is too risky and may place patient information and personal privacy in danger. After reviewing the available information it becomes clear that there is likely no slowing the use of technological devices and platforms in the healthcare fields but with the right control factors and innovative protections in place, the practice could become much safer and more secure.
BACKGROUND
Over the last 20 years more and more new technologies has been developed and it will inevitably continue to advances for many years to come. When looking at the use of technology within the healthcare fields and the security of patient information it has received mixed reviews and skeptical opinions. The intention of such technologies involves better organization of healthcare information, but, also, a means to standardize medical information so that no matter where the patient is, in the country or around the world, then healthcare professionals would be able to access any patients history, diagnoses and treatments anywhere, ideally simplifying and streamlining care that patients receive (Kamel-Boulos, Brewer & et. al., 2014).The ability to use mobile devices, social media and tele-medical sites is considered innovative. Patients can speak with healthcare professionals via such platforms and sites, available on mobile devices, where they can receive follow-up information, monitor medications and, essentially, treat patients in online, mobile settings. Whether it is the storage of patient information via devices or the “private” conversations between physicians and patients in online platforms, it has become a highly debated issue with both support and opposition. Making the implementation of such technologies controversial and, very often, ethically debated. The reality is that more than 80% of adults are engaged with technology on a day-to-day basis; 55% of those admit that most of that usage was via a mobile devise. More than 17%, also, admit that they have used and given personal information in order to use certain healthcare applications on their home computer and through mobile devices (Weaver, Lindsay & Gitelman, 2012). Making it safe and secure has become imperative.
DISCUSSION
While most people in the United States and in developed countries around the globe rely on modern technologies for their employment, day-to-day life functions and for their entertainment; It is not surprising that the same technologies have been considered, developed and implemented with the healthcare industry. At present there are, at least, 10,000 different healthcare related applications available to download. The use of such technology via the internet and mobile devices does raise a number of security and information safety issues that cannot go unacknowledged or unaddressed (Washington, 2016). Most people know that the internet and the personal information they post there is not 100% safe and secure. There are sites online that has poor security, hackers that can steal personal information and any number of technological errors that could affect patient records. Many are asking, why are medical systems and mobile devices any different? There are a number of specific risks, obstacles to security, ethical considerations and necessary control factors that need to be addressed (Kamel-Boulos, Brewer & et. al., 2014). In order to understand these aspect better it is best to discuss the individually.
Challenges to Safe Storage: Many people as patients have an expectation that the rules of privacy that has applied to medical record keeping in the past still applies to modern electronic record keeping via technological means and mobile devices. This is simply not true. While hard copy records were often kept in locked files, where access to anyone other than their treating physician is limited, that is not true today. Today when individual patient information is saved to mass databases, where it is possible for outside infiltration, but could be accessed, also, by healthcare employees gaining access to information that they do not have any business knowing (Ashford, 2015). That being said it is impossible for such databases to be impenetrable and properly secured against outside, influence and staff, as well. There are many different ways that viruses, hackers and other forms of infiltration that can place patient information at risk (Poarch, Zimmermann, Grahn & Cook).
Obstacles to Security: There are many obstacles to creating security. There are a number of basic security issues that could compromise patient privacy, including computer screens left open where anyone can read them, that information could be easily copied onto less secure outlets, like a personal laptop, employees trolling patient files and discovering private information, unauthorized access to sensitive information that could be used against them, like HIV statues and finally, password security. A password is just some letters and numbers, really and they can be shared with others inappropriately, misused or stolen (Health Resources and Services Administration, 2015). One of the greatest obstacles to security in the modern era is not just from the technological side, but from the users. There needs to be updated training that focuses healthcare workers about the dangers and risks regarding online options and mobile devices. It is a much more complex issue than ever before. Cyber security is a concern for all technological industries, from business to entertainment and the healthcare industry is no different. In the case of healthcare the information is far more personal and sensitive and therefore greater security must be embraced, at least according to many experts that have studied the topic (Williams & Woodward, 2015).
There are government interventions, as well as, concerned parties and agencies that are invested in improving such medical formats in a way that maintains patient’s rights to privacy. The patient privacy rights and the guidelines of HIPAA have been directed towards the more traditional, in person form of medicine. Unfortunately, that means that they do not have the authority over the more modern and mobile means of the technological innovating online and mobile alternatives. In attempt to address the areas of modern technology and use of mobile devices, in 2012 it inspired the investment of five major agencies (Washington, 2016).
The Food and Drug Administration (FDA): Primarily this agency is focused on the safety of online medical protocols; they regulate the applications that control medical devices, applications on smartphones that is then used as a medical device and, finally, and monitor algorithms used to produce a diagnosis, testing, treatment and prognosis to patients (Washington, 2016).
The Federal Communications Commission's (FCC): This agency focuses upon the determining when to authorize carriers of networks that are used by mobile devices that are being used in the medical setting where patient information is being transferred or transmitted. The FCC also oversees certain radio frequencies used for medical devices (Washington, 2016).
The Federal Trade Commission (FTC): The FTC works to combat any unfair and suspicious practices that are being related and levied against healthcare specific mobile devices. It monitors for any misleading and false claims that may exist with some applications and devices (Washington, 2016).
The National Institute of Standards and Technology (NIST): This is a non-regulatory agency at the federal level that exists as part of the U.S. Department of Commerce. It focuses upon setting reasonable standards and testing in order to provide security improvements and guidance (Washington, 2016).
The Office of Civil Rights (OCR): This agency has the responsibility of enforcing HIPAA regulations as they should apply to technological formats and mobile devices. They are the agency suggesting means that will better prevent electronic information from be lost or stolen. They ask that the HIPAA laws be updated to address electronic options and mobile devices (Washington, 2016).
Concerns regarding the safety, security and ethical expectations of patients in a healthcare system reliant on electronic storage, mobile devices and social media and tele-medical platforms are incredibly important. However, there are avenues being discussed and developed to address these problems (Seaman, 2013).These strategies have the potential to improve security in electronic record-keeping, taken and transferred information via mobile devices and safeguard patient personal medical history on online media venues and tele-medical sites.
Security: There is a five-step process that has been suggested when considering how to secure healthcare information in online, mobile and tele-medical settings, which was first suggested by the Office of the National Coordinator for Health Information Technology
Decide: Clearing outlines exactly what mobile services are going to be allowed and have a process prepared and dedicated to maintaining the security of such systems (Seaman, 2013).
Assess: Research and study the technologies that are being considered and determine if their benefit outweighs their potential risks (Seaman, 2013).
Identify: Research and implement security and cyber-safe guards that are already in place to address and security issues with patient information may arise (Seaman, 2013).
Develop, Document and Implement: Policies regarding the use and misuse of such technologies and mobile devices in the facility setting. Remain proactive in enforcing such policies (Seaman, 2013).
Train: Innovate and adapt training as each new technology is included and make certain that the healthcare professionals are always aware of security importance and its changing policies (Seaman, 2013).
Implementation of Passwords and Password Authentication: Encourage the proper use of passwords in the transferring of patient data via mobile devices or online venues by requiring not only password but also a form of authentication, which guarantees that the correct user is accessing the files requested. There should also be a time out on any particular page or file, so if a staff member was to leave their screen open it is less likely that another staff member would be able to access the data left unattended (Seaman, 2013).
Encryption Protocols: Encryption is a technological means by which a system can protect the information from infiltration and unauthorized eyes from viewing the information. There are different types of encryption software and tools that essentially make the information difficult to read when accessed (Seaman, 2013).
Remote Wiping and Remote Disabling: This is a protocol that allows all data transferred or saved via a particular mobile device to be deleted or erased if that device should be lost or stolen (Seaman, 2013).
Secondary Security Regarding Wi-Fi Information Transfers: Any kind of electronic data is at risk when it is subject to electronic record keeping and downloaded on mobile devices, but when that information is shared and transferred over Wi-Fi means it becomes even more risk. That being said healthcare facilities must be able to provide all necessary securities to maintain patient confidentiality and privacy (Seaman, 2013).
Policies and Legislature: As technologies continue to advance the laws that once applied are not termed or designed for the modern technology available. The healthcare industry was different 40, 30 or 20 years ago and the policies and legislature that guide such industries into maintaining patient health, but privacy and confidentiality, as well. Studies have been conducted to determine that show that without protections in place puts patient security and safety at risk (Cushman, Froomkin & et. al., 2010). That being said the government and interested agencies need to evolve and advance to meet modern technology and implement the necessary measures to make certain that technology is used correctly and is secure from all possible threats, from outside or within (Washington, 2016).
The technological advancements being seen in the healthcare settings today are in relation to how patients are treated and how the records of that care is stored is only going to become more and more convenient and more technologically dependent. That being said technologically and mobile devices are not going anywhere so the only way to ensure that patient safety, privacy, security and confidentialities are maintained is to be willing to advance the necessary security measures, safety protocols and policies needed to guarantee that patient information is not sacrificed in the name of advancement and technological efficiency (Health Resources and Services Administration, 2015). There is one thing that can be counted on in the ever-increasing dependence, reliance and use of advancing technologies is that the more advanced the technology becomes the more advanced and skilled the cyber-criminals become. If the healthcare industry, as with all industries, does not become proactive in the security practices, current with all new types of threats and does not continue training and preparing the staff throughout the growth of the technology then those systems could be compromised and placing sensitive patient information at serious risk (Cushman, Froomkin & et. al., 2010).
CONCLUSION
When someone is injured or sick they are likely to go to the doctor or, as in a dire situation, an emergency room. When you see a healthcare professional you tell them your symptoms and personal medical information regarding other conditions or issues. So the physician looks up your record via electronic files and mobile devices to look at your medical history, surgeries and medications taken in the past or present. But what if as you are sharing that intimate information and some random hacker is siphoning off that information via viruses or Wi-Fi signals. This could mean that someone has infiltrated that system, they could change it, steal needed information or use personal details like address or social security numbers. If healthcare professionals are not invested in implementing the greater and dedicated security, privacy and confidentiality factors needed for a telecommunication, social media and information transferred and stored in mobile devices, then that information is at risk and could be compromised at anytime. The reality is technology is not going anywhere and therefore the protocols need to be embraced and put into place to make those advancements beneficial to patients and not detrimental to their rights and privacies.
REFERENCES
Ashford, W. (2015). Social media: A security challenge and opportunity. Computer Weekly. 1.
Retrieved August 17, 2016, from http://www.computerweekly.com/feature/Social-media-a-security-challenge-and-opportunity
Cushman, R., Froomkin, A.M. and et. al. (2010). Ethical, legal and social issues for personal
health records and applications. Journal of Biomedical Informatics. 43(5). 51-55.
Kamel-Boulos, M.N,, Brewer, A. and et. al. (2014). Mobile medical and health apps: state of the
art, concerns, regulatory control and certification. Online Journal of Public Health
Informatics. 5(3). 229
Poarch, D., Zimmerman, R., Grahn, A. and Cook, M. (2016). Mobile Device Security in the
Workplace: 5 key risks and a surprising challenge. Focus Magazine. 1. Retrieved August 17, 2016, from http://focus.forsythe.com/articles/55/Mobile-Device-Security-in-the-Workplace-5-Key-Risks-and-a-Surprising-Challenge
Seaman, B. (2013). 7 Best practices for hipaa mobile device security. Becker's Health IT & CIO
Review. 1. Retrieved August 17, 2016, from http://www.beckershospitalreview.com/healthcare-information-technology/7-best-practices-for-hipaa-mobile-device-security.html.
Washington, L. (2016). Managing Health Information in Mobile devices. The American Health
Information Management Association. 1. Retrieved August 17, 2016, from http://bok.ahima.org/doc?oid=105597#.V7TeUjXV_IU.
Weaver, B., Lindsay, B. and Gitelman, B. (2012). Communication technology and social media:
Opportunities and Implications for Healthcare Systems. The Online Journal of Issues in Nursing. 17(3). 1. Retrieved August 17, 2016, from http://nursingworld.org/MainMenuCategories/ANAMarketplace/ANAPeriodicals/OJIN/TableofContents/Vol-17-2012/No3-Sept-2012/Communication-Technology-Social-Media.html
Williams, P.A.H. and Woodward, A.J. (2015). Cyber security vulnerabilities in medical devices:
a complex environment and multifaceted problem. Medical Devices: Evidence and
Research. 8. 305-316.
Health Resources and Services Administration. (2015). How do i ensure security in our system.
U.S. Department of Health and Human Services. 1. Retrieved August 17, 2016, from http://www.hrsa.gov/healthit/toolbox/HIVAIDSCaretoolbox/SecurityAndPrivacyIssues/howdoiensuresec.html.
