While much of the attention on healthcare technology of late has focused on the federal government's end-of-year announcement on meaningful use, the interest in technology goes far beyond that. The HealthLeaders Media online news team has covered tech stories related to cell phones and HIPAA security concerns, Twitter and emergency response implications, and smartphones and medical applications. Here are excerpts from articles by Dom Nicastro, Scott Wallask, and Cynthia Johnson.
Experts: Treat Cell Phones Like Any Other Device with Protected Health Information
The U.S. Supreme Court's involvement in 2010 in a privacy case regarding text-messaging on work cell phones in the public sector could have implications for private companies like hospitals, experts told HealthLeaders Media.
The case involves text messages sent by members of a California police department—some of which were sexual in nature, according to The Tennessean—and whether the employees should have had a "reasonable expectation of privacy" through work cell phone use.
HIPAA privacy and security officers juggle compliance headaches each day because of text messaging on work phones. Experts told HealthLeaders Media the California case serves as a good reminder for covered entities to treat cell phones and texting as they would any other device that includes protected health information (PHI):
"If text messaging is allowed, it will need to be encrypted and only be sent and received by people with a 'need to know' and within minimum necessary guidelines," says John C. Parmigiani, president of John C. Parmigiani & Associates, LLC, in Ellicott City, MD.
Organizations must have "comprehensive, feasible, and well-written information on security and privacy policies, along with regular training and ongoing awareness communications," says Rebecca Herold, CISM, CISSP, CISA, CIPP, FLMI, an information privacy, security, and compliance consultant in Des Moines, IA.
"Even though this case is specific to government agencies," Herold adds, "the ruling will likely still be used as an example for all types of organizations with regard to what personnel can reasonably expect with regard to privacy of electronic communications, not only on equipment and systems owned by the organization, but also for noncompany-owned equipment that is used for business purposes."
Herold says compliance boils down to a hospital's policy and training programs.
"Hospitals should ensure their policies cover the use of organization-owned computing equipment for nonwork purposes, along with using nonorganization-owned equipment for business purposes," Herold says, "and ensure their training and ongoing awareness communications effectively educate their personnel about the requirements and their responsibilities."
Texting is "fairly common" between physicians when communicating about a patient, says Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR.
Apgar says he likens text messages sent from company-owned phones to e-mail messages sent via the company's e-mail system.
"In both cases, the employer [covered entity or not] owns the device, and, as it has been determined in the past with e-mail, I believe the same legal principle will hold true with text messages: The employer 'owns' the text messages, whether they are work related or not," Apgar says. "The moral of the story is if an employee wishes to send a personal text, he or she should use his or her own mobile device and then, like Web messaging, the text message becomes 'personal property' of the employee or the sender."
Written by Dom Nicastro on December 29, 2009
Twitter Can Play Key Role in Disaster Management
While it might not qualify yet as a warm embrace, safety and facilities professionals in hospitals have shaken hands with Twitter and found new ways to get their messages across using the social media site.
Disaster management seems to be a natural extension of Twitter for hospital safety officers and emergency management coordinators.
Here are two examples of many seen over the past year:
Tweeting has not been lost on The Joint Commission. In its August 2009 Environment of Care News, the accreditor noted that an emergency management standard requires hospitals to prepare for emergency communications with staff members, external authorities, patients, families, media, vendors, and other healthcare facilities. Social media sites are a good strategy for emergency communication, the commission said. Other hospitals use Twitter to promote safety initiatives to their staff members and the public.
The communications department at SSM Health Care in St. Louis created an animated safety champion named Super Carol, who appears in employee-focused print and online media, offering information on hot-button issues, such as handwashing protocols, patient lifting, and needlestick prevention. SSM uses its Twitter account in part to update people about the latest adventures of Super Carol.