HHS Mobile Devices Roundtable: Health Care Delivery Experts Discuss Clinicians’ Use of and Privacy & Security Good Practices for mHealth
Clinicians are increasingly finding mobile devices such as tablets, laptops, smart phones and PDAs useful in health care delivery due to their speed, convenience, and flexibility. But as the health care industry rapidly adopts these mobile devices, there is a growing concern about the potential privacy and security vulnerabilities that are cropping up in the process. The Office of the National Coordinator for Health Information Technology (ONC) is striving to better understand this evolving marketplace, particularly from a privacy and security perspective, against the backdrop of our overall efforts to promote and enable health IT.
Mobile Devices Roundtable: Protecting and Safeguarding Health Information in Health Care Delivery
Protecting the privacy and security of health information sent and received on mobile devices must be a primary goal of health care providers and organizations. On March 16, ONC’s Office of the Chief Privacy Officer and the Office for Civil Rights (OCR), co-hosted a Mobile Devices Roundtable as the first step in a process that will help identify health care provider user scenarios and develop good privacy and security practices to address those scenarios for health care providers on the front line.
Dr. Farzard Mostashari, the National Coordinator for Health Information Technology, provided opening remarks at the Mobile Devices Roundtable by noting the possibility and potential perils of the use of mobile devices in the health care setting. He pointed out that the recently released Notice of Proposed Rulemaking (NPRM) for Stage 2 of the EHR incentive program calls for health care providers to consider encrypting data on mobile devices such as laptops, tablet computers, and smart phones. The panels that followed delved into the federal regulatory and guidance framework; how health care providers are using mobile devices; and the real-world privacy and security practices, strategies, and technologies around mobile devices in the health care setting. A key message of the Mobile Devices Roundtable was that many health care providers are using mobile devices in health care delivery before they have appropriate privacy and security protections in place.
Setting the Federal Stage in mHealth
During the Mobile Devices Roundtable, we heard from government officials across various federal agencies, including the Federal Communications Commission , Food and Drug Administration, the Federal Trade Commission , National Institute of Standards and Technology, and OCR about their agency’s role in mobile health (mHealth) and how that role intersects with protecting and safeguarding health information in the context of mobile devices and health care delivery.
The graphic below provides an overview of the federal role in mHealth.
The Mobile Devices Roundtable confirmed mobile technology is a great equalizer in the delivery of health care, although there are still privacy and security concerns regarding use.
At the Mobile Devices Roundtable, we heard from clinicians across different delivery settings about how they use mobile devices. We also heard about the privacy and security challenges associated with accessing, storing, and/or transmitting health information, including:
- Bringing your own device (BYOD),
- Texting patient-specific information,
- Sending images,
- Security training of personnel, and
- Using mobile applications.
“The Mobile Devices Roundtable is an example of how the public, industry, and people on the front lines of health care can come together to discuss advances in health information technology and how powerful information tools, such as mobile devices, can help them reach their goals,” said Jon White, MD, Director of Health Information Technology at the Agency for Healthcare Research and Quality.
At the Mobile Devices Roundtable, health IT privacy and security experts seemed to agree that there is no magic panacea for effectively securing the rapid proliferation of mobile devices in the health care sector. Part of the equation is developing effective privacy and security policies and practices, ensuring that everyone follows them, and making changes to the overall workplace culture around privacy and security.
Visit the ONC website to view the archived video webcast of the Mobile Devices Roundtable. Although the comment period associated with the Roundtable closed on March 30, we invite you to continue the discussion on mobile devices by posting your thoughts below.
Related mHealth Projects
While this Mobile Devices Roundtable focused on the use of mobile technology by clinicians interacting with each other and their electronic health record systems, ONC has additional activities focused on the consumer use of mobile technology for health. As an outgrowth of HHS’ Text4Health initiative, ONC plans to conduct focus group research to begin to identify and explore consumer attitudes and preferences with respect to the privacy and security of communicating health-related information on mobile phones and devices, including text messaging. These focus groups will involve a diverse group of consumers from across the nation and will be held this summer.