Are you Carrying Patient Medical Information in Your Pocket?

Given the advances with technology, the use of blockchain databases and the interoperability of various health data platforms, many electronic health record systems (EHRs) are now cloud-based. Cloud-based EHRs are medical record systems in which its end-user application and the data entered through the application is stored on an external server, usually hundreds or thousands of miles away from the facility. Throw a rock into California and you will probably hit one of these ginormous EHR datacenters.

Cloud-based EHRs are accessible from a device with an internet connection.  EHRs that are not cloud-based are client-server based and require that the software be downloaded onto the local computer or onto the facility’s local server. The data entered into a client-server EHR is stored in house. That could be scary and very costly for a small physician office, small facility or hospital that can’t afford the upfront hardware, IT support costs and that doesn’t want to carry the burden of security and hardening the data from potential breach or loss.  Cloud-based EHRs are becoming the new norm, not only because they are quicker, easier and cheaper to stand up, but also because of the COVID-19 pandemic requiring many providers and nurses to work remotely from home.  When working from home, most providers are using their home internet to access the EHR. Additionally, the explosion of mHealth technology is allowing many cloud-based EHRs to push out mobile apps and portals that allow nurses and providers to login from their smart phone and go right to work looking up patient records.  This can help a nurse be more efficient or help dampen their boredom when taking a break from Netflix bingeing or Facebook. Who doesn't like looking up patient charts, right?

Here are some of the top cloud-based EHRs:

• Epic
• ChartLogic
• Teladoc
• Kareo
• CommunityWorks Foundation - a new Cerner product just released
• MEDITECH as a Service – a small scaled down version of MEDITECH for CAHs
• KIPU

Many of these and other EHRs have mobile apps, such as Epic’s MyChart or Epic Haiku, Teladoc, Kareo Telemedicine, NextGen Patient Portal, PowerChart (Cerner) and MEDITECH mHealth.  The big advantage and allure to mobile EHRs and EHR apps for your phone or tablet are that they decrease the total time physicians and nurses spend logged into workstations while on duty, improve the efficiency of inpatient medical care by facilitating earlier order entry, and decrease inpatient data management time. This time savings, in return should allow providers and nurses to spend more time interacting directly with patients or their overly assertive and questioning family (Green, 2018).

 WARNING! – You May Be a Walking Mobile HIPAA Violation!

Because of this meteoric rise of telehealth apps, mobile EHRs, and cloud-based EHRs, nurse have become accustomed to using their own device to access patient medical records, to communicate with other healthcare team members about a patient or to coordinate care and services.

Do you notice how many apps request permission to access files on your phone, such as your messages, contacts, photos, etc.? Oh yah – they see it all. So, those text messages you are sending with protected health information probably aren’t encrypted, are they? Have you snapped a pic of an EKG, an injury, skin condition or x-ray? Oh, when you are sending messages or communications through an EHR, are you using public wi-fi? Most public wi-fi is unencrypted and a bit easier for John Q. Hacker to snoop around. Have you ever left your phone unattended and/or around someone who knows your password and could easily access the EHR app if they had your phone? What? You don’t have a passcode? Oh my, you need an 'intervention'.

THE SOLUTION TO AVOID BEING A MOBILE HIPAA VIOLATION

The simplest and easiest fix to avoid committing a potential HIPAA violation or data breach risk is to STOP USING YOUR PERSONAL CELL PHONE FOR WORK!  Was that too subtle? Let me say it another way, STOP!

If accessing patient medical records remotely via a tablet, internet or your smart phone is that important to you and your employer, then have them provide you with a secure smart phone or tablet with a secure Wi-Fi connection or VPN access. Your employer can disable the ability for you to take photos or screenshots with the device and block external sites such as Gmail. This would aid in preventing your from “accidentally” snapping a photo of an interesting lab result or EHR finding and accidentally texting it or sending it to coworkers.

To ensure that you are not putting yourself or your patient’s data at risk for inappropriate access, disclosure or breach, please reconsider how you are using that newfangled smart phone of yours. Nurses are one of the most trusted professionals, right? We all worked hard to earn this reputation. Therefore, we must not allow the desire for immediacy and ease to slowly erode our commitment to protecting patient privacy and dignity.  Maintaining respect for our patients and their data is necessary if we are to maintain their trust and respect. Trust in the nurse-patient relationship promotes patient engagement and improves the likelihood that the patient will be an active participant in their own care (Leslie, 2017).

References

Craig, D. (2017). Seven Ways Your Phone Could Be Making You a Mobile HIPAA Violation. SpruceHealth.com. https://blog.sprucehealth.com/seven-ways-phone-making-mobile-hipaa-violation/

 

Green, J. (20). iOS and Android mobile EHR apps: Everything you Need to Know. EHR in Practice. https://www.ehrinpractice.com/mobile-ehr-apps-ios-android.html

 

Leslie, J. (2017). Promoting Trust in the Registered Nurse-Patient Relationship. 34(1):38-42. doi: 10.1097/NHH.0000000000000322

Blog Responses

12/6/2020 4:35 AM - Jessica Durkin at https://ciedinterop.blogspot.com/2020/12/lets-talk-need-for-improved.html

12/6/2020 5:30 AM - Maureen Butts at https://nursinginforma.blogspot.com/2020/12/unethical-behavior-in-health.html