In 2020, the U.S. Department of Health and Human Services (HHS) finalized rules that gave patients unprecedented access to their healthcare data, enabling them to make informed decisions and better manage their care. The ruling afforded patients the ability to manage their healthcare the same way they manage their finances, travel and many other components of their lives – online.
But what about the exposure of data shared from digital devices as a product of remote or home-based care? While mobility brings accessibility to the equation, connecting data across platforms also brings risk. In general, patients don’t take the same steps to protect their protected health information (PHI) that a provider would take. Understanding the risks involved with using mobile devices in healthcare means that providers must create the appropriate policies and procedures to protect both patients and their organization from loss of patient data or damaged patient trust.
This is particularly true when providing services where both the health professional and the patient are using laptops, tablets or mobile phones. Patient devices, and even those of healthcare providers, can be left unencrypted, or lacking in adequate password protection. Mobile devices are also easily lost and unfortunately sometimes stolen. Screenshots containing PHI can be quickly grabbed, then forwarded without the proper permissions.
Home Wi-Fi networks, found in 76% of American households, are only as secure as the least secure device attached to them. Even if health professionals ensure that their own mobile devices and Wi-Fi connections are secure, the risk remains that a patient has not taken the necessary steps to ensure the security of their personal Wi-Fi network.
Health care providers can easily address protecting PHI through online training modules, helping employees understand what types of information need to be encrypted and what types do not. Training can also provide information about what the organization’s encryption process is and how employees can use it. In this respect, education is key to compliance.
Moving forward, regulators will continue to take a strong stance on the need to secure data. Consumer surveys show that patients trust their local hospitals and providers more than insurers, big tech or big pharma. With connected health becoming more essential to patients, how providers handle data will make or break that patient trust in the future. Healthcare organizations with highly integrated IT systems that allow easy and secure transfer of information, therefore, will have an advantage over those that don’t.
This is an excerpt from our White Paper
Going the Distance: Why Remote Work Solutions Work for Patients and Providers
Download the full version below.