According to Skycure, a network security company, about 14% of physicians keep patient-related data on their phone without a password. In addition, approximately 60% of physicians send such protected information via text messaging. Almost 46% of physicians use or intend to use apps and directly interact with patients on mobile devices in the next couple years. This may create heightened for potential HIPAA-related violations.
In 2016, Nokia reported malware on smartphones had risen by almost 400%. Other problems associated with physician mobile device usage include distractions during surgery and bringing devices contaminated with bacteria into the operating room.
Unsecured Transmission of Patient Data
Doctors must not underestimate the importance of keeping up with the latest in security and upgrades for HIPAA compliance. Many are unaware of risks such as transmitting over public networks or unsecured transfers to cloud storage. Some best practices in securing mobile devices include:
- Require two-factor verification to access protected data
- Sending sensitive data should be done using a HIPAA-compliant app
- Encryption should always be used
- Consider a separate “work-only” device with only those apps necessary for work, as many personal and social apps store data from devices and might be HIPAA violations
Cyber Security Concerns
Many more medical devices are now online, thus potentially exposed to security problems that could have an adverse impact on how they operate. The FDA recently explained some potential cyber-security concerns including:
- Infection of medical devices by malware
- Malware reaching the network through computers, smartphones, and other devices that could gain access to protected patient information and perhaps even implanted devices
- Passwords that are unwisely distributed, are disabled, or accessible to those who are not privileged to do so
Mobile Health Apps
Thousands of health-related apps are now available in the market. Many enable physicians to have remote access to monitor critical patient conditions. Mobile apps may raise the expectations of patients, who think the doctor will always be immediately responsive because they have access to data in real-time. In fact, doctors have a legal duty to respond when presented with adverse patient data. Doctors could potentially face malpractice claims for failing to respond. Stored metadata could be used as evidence in court against them.
Would you be alarmed if a doctor was frequently checking a smartphone while conducting surgery on you? Is a surgeon more likely to commit a medical error when distracted? Roseanne Milne died amid a minor heart operation at a Dallas hospital. Her daughter hired an investigator. Dr. Christopher Spillers had allegedly sent text messages, used the internet, and made several voice calls during the procedure. When asked, Spillers said he used the phone for only a “very brief period”.
Hospital-acquired infections are a problem in many hospitals. Operating rooms are typically where the utmost hygienic standards are maintained. Two studies have shown that over 60% of mobile devices carried by hospital staff carry bacteria. Those in the operating room using mobile devices are clearly putting patients at risk for infection.