- Implementing new technical solutions, such as secure texting, can help healthcare providers of all sizes and in different locations better care for patients and ensure PHI security. Regardless of where an organization is based though, federal laws on data privacy and security must be considered and kept a top priority.
Smartphones were a logical step in upgrading technological options, according to Dr. Sean Spina, who is a coordinator of the clinical pharmacy program at Island Health, in British Columbia, Canada.
With his pharmacist staff specifically, Spina explained that they had been using pagers all of the time as the main mode of communication.
“We would sit down at a landline, page a physician and then they would wait for that physician to call back,” Spina told HealthITSecurity.com. “Then they would end up saying to a unit clerk or someone else, ‘When Dr. ABC calls back, can you tell him about this important drug issue?’ We were wasting a lot of time just sitting there by a landline waiting for it to ring.”
Spina added that a real turning point for him though came in 2008, as he was going through airport security. He said he put his pager in the bin to go through the security line, and the guard said, “You work in healthcare, don’t you?”
Other industries, such as finance and law, are not still tied to pagers, he said. He felt, it was time to propose a change that would improve efficiency and not hinder daily workflow.
“In response to this proposal, the health authority basically said, ‘We are interested in deploying smartphones, but show us the evidence that they improve workflow,’” Spina explained.
From there, Spina started studying smartphones, to assess their effect on healthcare and to evaluate their impact on patient care and user experiences.
“We studied the impact the iPhones have on pharmacist efficiency,” he said. “It showed that smartphones allowed pharmacists to answer drug information questions faster than without the smartphone. Through the project, we identified several issues that needed resolving to ensure we were following Canadian privacy law.”
“In our personal lives, many of us use commercial texting tools to regularly communicate but we needed to ensure that we were providing a secure clinical communication tool within the health organization.”
READ MORE: BYOD Security in the Healthcare Setting
Since Island Health is a Canadian health authority, it is essential to adhere to Canadian privacy regulations with regard to patient information security, Spina stressed. Some commercial texting tools send the messages outside of Canada before delivering them to recipient. This violates provincial privacy legislation, he explained, which requires that all communications containing personal information stay on Canadian soil.
“That, along with the idea that we needed a Global Address List in place so that staff knew who was calling, got us to the point of implementing the Vocera Collaboration Suite with local servers for our second project,” Spina said.
For US-based healthcare providers, HIPAA regulations must remain top of mind for all mobile devices. Specific technological solutions are not discussed in the HIPAA Security Rule, but organizations need to implement reasonable and appropriate security measures for their daily operations.
“HHS recognizes that covered entities range from the smallest provider to the largest, multi-state health plan,” HHS states on its website. “Therefore the Security Rule is flexible and scalable to allow covered entities to analyze their own needs and implement solutions appropriate for their specific environments. What is appropriate for a particular covered entity will depend on the nature of the covered entity’s business, as well as the covered entity’s size and resources.”
Along with federal regulations, US-based covered entities should also consider guidelines instituted by various agencies that can help the covered entities stay compliant and keep data secure.
For example, ONC collaborated with the Federal Trade Commission (FTC), the Food and Drug Administration (FDA) and OCR in 2016 to create an informative online tool for improved mobile app security.
Looking ahead to other benefits from mobile solutions
Spina and his research team are now working on the next phase of the project. Spina has been encouraged by the positive responses from clinicians. “The project has been designed to objectively assess measurable outcomes as opposed to focusing on user satisfaction survey type of data only,” he said.
“Our current project will include between 250 to 300 participants (including Island Health and community physicians),” Spina explained. “One of the challenges we have in healthcare is bridging the communication gap between hospital clinicians and community clinicians.”
The project aims to improve communication as patients transition between community and acute care, he added. Patients are usually cared for by their family physicians the majority of time, but might have to go to a hospital for an intervention (i.e. surgical, cardiac intervention). The patient is then sent back to their family physician for further care.
“During the transition in care, effective communication with the hospital staff and the family physicians is essential,” Spina stated. “We designed a project to actually use the same communication platform in the community and the hospital to allow hospital clinicians and Family Physicians to talk with each other securely during patient transfer.”
“It’s a secure product allowing them to communicate confidential patient information over servers sitting on Canadian soil,” he continued. “We’ve launched the pre-pilot to better understand what our needs are going to be when we launch the big trial. We are aiming to launch the project in January 2018.”
About 30 participants are using the tool during the pre-deployment so that Island Health research teams can learn from the experience.
“We need people to use the product, but we need to ensure that it is user friendly, intuitive and that there’s adequate security in place to maintain the integrity of the patient information that’s being communicated,” Spina said.
Spina and the Island Health research team hope to learn about quality adjusted physician time as well, so they can determine whether physicians are actually gaining quality patient time back by utilizing a secure texting or secure messaging solution.
Island Health decided to focus on secure texting for the first phase of the project, Spina explained, but is open to exploring and assessing additional features in the future.
“The Vocera Collaboration Suite does have the ability to integrate with the EHR in the future so that we could actually receive notifications from the EHR,” he said. “And there’s a multitude of different things that can be done with it, but physicians have expressed over the last couple projects that we need to keep it simple to improve physician use of the product.”
Spina admitted that he wants to use other features, but is aware that implementing too many “bells and whistles” could impact physician engagement.
“The Vocera Collaboration Suite provides a secure, encrypted communication platform that supports two way communication between care providers,” he said. “By formally evaluating the implementation, we are hoping that we can quantify the impact that this technology has on patient care.”