Healthcare Information Security

Mobile News

Healthcare Apps Privacy, Security Top Provider Concern

A recent survey shows that providers are highly concerned over healthcare apps privacy and security capabilities, along with app credibility.

Healthcare app security key worry for providers

Source: Thinkstock

By Elizabeth Snell

- Healthcare providers stated that their top concern with third party healthcare apps was their privacy and security capabilities, according to a recent Substitutable Medical Applications, Reusable Technology (SMART) Health IT study.

Just under half of surveyed organizations reported that healthcare app privacy and security was a key worry, followed by app credibility and the ongoing app maintenance.

For the research, KLAS interviewed clinical leadership at larger healthcare organizations about how they currently use apps, what they would like to see in the future, and what concerns they have with healthcare apps. The report was developed with SMART Health IT and funded by the Office of the National Coordinator for Health Information Technology (ONC).

“For years, healthcare providers have been adopting increasingly integrated healthcare IT (HIT) suites from a single vendor, but healthcare apps buck this trend, with many organizations looking to third-party vendors to supply niche solutions to improve organizational efficiency and patient care,” the report’s authors explained. “The recent passage of the 21st Century Cures Act, which states that a year from now open APIs will be necessary for EHR system certification, is expected to drive further growth in the app ecosystem.”

SMART Health IT graph of app privacy and security concerns

Source: SMART Health IT

One surveyed CMIO explained that there is a rigorous screening process to ensure healthcare app privacy and security.

READ MORE: Mobile App Security Top Concern for Health IT Decision Makers

There is a security review, a privacy review, and a legal review, the CMIO stated. An internal champion is also found, someone “who can look out for the effort and speak for it.”

“We obviously have concerns about security and privacy around PHI,” the CMIO said. “I don't know if there is anything novel about that, but we have a rigorous process that handles those things.”

The survey also found that at the point-of-care, healthcare apps were most commonly used for EHR data viewing, diagnostic tools, and reference tools. However, 51 percent of healthcare organizations reported that they formally use apps at the point-of-care currently.

Patient engagement was a top priority for future use of healthcare apps, with approximately one-third of respondents saying they would like to utilize apps for that purpose.

“Providers would like to purchase or develop patient engagement apps to help monitor patient health, provide patient education, and allow patients to access records and results with ease,” the report explained. “Monitoring apps particularly stand out as an area in which providers would like to see development.”

READ MORE: Mobile Health App Privacy Policies Not Easily Accessible

In terms of selecting healthcare apps, usability, cost, clinical impact, and integration were the top criteria healthcare providers listed.

One interviewed CMO explained that the product must be useable because this will impact the product’s clinical care utility.

“Ease of use will also greatly outweigh any upfront or maintenance costs,” the CMO stated. “If I end up wasting 30 minutes per patient using an unfriendly interface, then I don't care how much money I am saving; I am going to lose it in the end.”

The survey also showed that 38 percent of organizations have both clinical and IT members involved in the app selection process. Approximately one-quarter of those interviewed – 24 percent – said that primarily IT selects apps, while 21 percent of respondents said that mainly clinical members have the final purchasing decision.

“Some larger healthcare organizations have established formal app selection committees run by the IT department and more and more organizations anticipate formalizing the role of app selection by creating a new role within IT,” the report’s authors wrote, noting that this is a rare scenario but that selection committees are becoming more common.

READ MORE: Are Better HIPAA Guidelines Needed for Health Apps, Devices?

Approximately one-third of respondents stated that pilots or trials are the most effective ways to learn about healthcare apps, while vendor demos were listed as the next most effective learning tool for apps.

“These pilots and trials are seen by providers as invaluable to the app selection process,” the report explained. “Unlike some healthcare IT segments that have a limited number of reputable players, the number of companies who can develop and market a healthcare app is unlimited and knowing how these apps will perform can be next to impossible.”

Healthcare app security is quickly becoming a top concern for organizations, especially with the continued push for mobile device usage and interoperability.

In 2016, ONC collaborated with the Federal Trade Commission (FTC), the Food and Drug Administration (FDA) and the HHS Office for Civil Rights (OCR), to create an informative online tool to assist app developers.

The groups maintained that the potential legal concerns and mobile application security should be a priority as technologists, clinicians, and patients work on developing healthcare apps.

“This interactive tool helps guide developers through a short assessment of their app with a series of questions about the nature of the app, including its function, the data it collects, and the services it provides to its users,” ONC Chief Privacy Officer Lucia Savage, J.D. and ONC Senior Health Information Privacy Program Analyst Helen Caton-Peters, MSN, RN wrote in a blog post.

The tool also highlighted how HIPAA regulations, the FTC Act, the FTC’s Health Breach Notification Rule, and the Federal Food, Drug and Cosmetics Act (FD&C Act) would potentially apply to mobile applications.

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks