Ways to Reduce the Risk
If you do allow clinicians to use their own devices, there are a couple of options for boosting security. The devices can be used as "thin clients": Essentially, this means the user can view -- but not download -- patient information on the practice's in-house servers, and no patient data reside on the device.
Another option is to allow patient data to reside on the physicians' personal device but have a set of security controls in place that can remotely remove all that information from the device if it's lost or stolen -- the "remote wipe" mentioned earlier.
Bob Dupuis, director of technical and managed services at Arcadia Solutions, a healthcare consulting firm, described yet another solution: Implement a cloud-based EHR system that's enhanced from day 1 with the encryption and related IT tools needed to allow physicians to securely access the practice's patient records from mobile devices owned by a group practice. In the process of helping one of its clients put this system in place, Arcadia "applied a standard set of hardware and software that includes security controls, centrally monitored antivirus software, and centrally monitored encryption of mobile devices, " explained Dupuis. To allow employees who wish to gain secure access at home through their personal device, the team set up a VPN (virtual private network).
Gone are the days when physicians could concentrate all of their efforts on caring for patients and leave any support services to their support staff. To remain actively engaged in patient care, one now has to remain up to date on the perils and promise of healthcare technology. Any other approach is just too risky.
Medscape Business of Medicine © 2013 WebMD, LLC
Cite this: How Your Own Laptop or Smartphone Can Wreak Havoc at Work - Medscape - Apr 03, 2013.