Before I tell you the big problems with patient data and personal smartphones, I want you to keep one visual in mind:
You are surrounded by air, and it is vital for life. It’s free and plentiful, but I’m going to ask you to breathe through a cocktail straw from now on.
That’s the problem doctors, nurses, and PAs face every day when they need to quickly send and receive vital patient information such as photographs, medical records, and laboratory results to consulting physicians. Even though they are completely surrounded by iPhones, Droids, and high-speed wireless networks, clinicians are forced to breathe through a tiny straw.
Big Problem: Restrictive Security Policies Without Supporting Tools
That tiny straw is your hospital’s communications policy and supporting IT infrastructure. You have a policy for two very good reasons: patient privacy is important, and it’s also mandated by federal law, which is backed by large fines and negative publicity. But doctors often need to work quickly, and that free, plentiful supply of life-savings communication is in their pockets: mobile phones.
Dr. McBride in the emergency department knows Dr. Owen in surgery and has his contact info in her iPhone. When she needs an emergency consult for a critical patient, she pulls out her phone and quickly types a text message with the patient’s name, chart number, and a brief history, including lab results indicating illicit drug ingestion. Dr. Owen receives the message on his phone, reviews the chart and results, and responds with a diagnosis, also via text.
Later that night at a bar, Dr. Owen loses his iPhone and thousands of patient records. Now you are in the news for a breach and a fine, the doctors have been fired, and you have an urgent situation to handle.
Whose fault is this and whose problem is it to fix? Is the doctor at fault for breathing in the plentiful supply of air when you gave her a tiny straw to use for this purpose?
Big Problem: High Incentive to Circumvent Policies
The big obstacle your policies and IT have to overcome is WORKFLOW. Like water flowing downhill, people naturally flow to the easiest solutions. If your policies and IT services create enough obstacles, people will flow around them to readily available solutions until you ratchet up the penalties so high that all work comes to a halt. And it will come to halt because you didn’t do one critical thing: offer an effective alternative to that plentiful air supply.
Policies are easy to write, but providing effective technical solutions is very hard. We put the policies in place, and then we leave the users to deal with broken workflow resulting in decreasing patient outcomes, revenue, and employee satisfaction.
SMS text messages are especially hard to replace because they are so very, very easy to use – there has never been a more convenient method of instant communication to anyone anywhere, and every one of us has it on our pockets most of our waking lives.
The Hard Task: Think Long-Term
Are your users sipping air through a tiny straw? What effective tools do you have in place that meet your compliance goals but also facilitate efficient workflow?
You can meet your short-term compliance goals by checking the box that says, “Security Policy,” but if you don’t support user workflow, you will pay in the long term with decreasing quality of care, decreasing revenue, and increasing expenses.
Interact with your users to ensure their patient-care needs are met, and use meaningful metrics to measure efficiency before and after policy and IT changes. This sounds obvious in the C-suite, but I assure you it is frequently not happening on the ground. There is a disconnect – make sure it’s not in your organization.