Presentation is loading. Please wait.

Presentation is loading. Please wait.

WIRELESS MOBILE TECHNOLOGY PROTECTING PERSONAL HEALTH INFORMATION (PHI). ARE YOU READY?

Published byRosemary Tice Modified over 9 years ago

Similar presentations

Presentation on theme: "WIRELESS MOBILE TECHNOLOGY PROTECTING PERSONAL HEALTH INFORMATION (PHI). ARE YOU READY?"— Presentation transcript:

1

2 WIRELESS MOBILE TECHNOLOGY PROTECTING PERSONAL HEALTH INFORMATION (PHI). ARE YOU READY?

3 MHST/NURS 602 Week 10 July 9 – 15, 2014 Assignment 2 Patricia Wright

4 OBJECTIVES ▪ To review the then, now and reach of wireless mobile technology ▪ To identify what wireless technology is and why it is important ▪ To review the challenges and risks associated with wireless technology and personal health information ▪ To identify the directive and steps to protecting personal health information when using wireless mobile technology ▪ To review future trends

5 SUGGESTED READINGS ▪ Cavoukian, A. (2007). Wireless communication technologies: safeguarding privacy & security. Fact Sheet, August (14). http://www.ipc.on.ca/images/Resources/up- 1fact_14_e.pdfhttp://www.ipc.on.ca/images/Resources/up- 1fact_14_e.pdf ▪ Mobile Devices in the Workplace. (2014). Alberta RN, 69(4), 13-14. http://0- eds.b.ebscohost.com.aupac.lib.athabascau.ca/ehost/detail?vid=3&sid=9d5a7cb8-af49- 4f0c-8962- d73b49daf37a%40sessionmgr111&hid=101&bdata=JkF1dGhUeXBlPXVybCxpcCx1aWQm c2l0ZT1laG9zdC1saXZl#db=rzh&AN=2012465924http://0- eds.b.ebscohost.com.aupac.lib.athabascau.ca/ehost/detail?vid=3&sid=9d5a7cb8-af49- 4f0c-8962- d73b49daf37a%40sessionmgr111&hid=101&bdata=JkF1dGhUeXBlPXVybCxpcCx1aWQm c2l0ZT1laG9zdC1saXZl#db=rzh&AN=2012465924 ▪ Office of the Privacy Commissioner of Canada. (2011). Privacy on the Go: 10 Tips for individuals on protecting personal information on mobile devices. Fact Sheet. https://www.priv.gc.ca/resource/fs-fi/02_05_d_47_dpd_e.asp https://www.priv.gc.ca/resource/fs-fi/02_05_d_47_dpd_e.asp ▪ Office of the Privacy Commissioner of Canada. (2011). Privacy impact assessment. Fact Sheet. https://www.priv.gc.ca/resource/fs-fi/02_05_d_33_e.asphttps://www.priv.gc.ca/resource/fs-fi/02_05_d_33_e.asp

6 DISCUSSION QUESTIONS ▪ Does your area of practice use wireless technologies to provide care and if yes, how does the use of this technology enhance the principles of providing the right care at the right time for your patients? What safeguards are in place to secure and retain the PHI collected and used with this technology? ▪ Could the application of a Privacy Impact Assessment be utilized to eliminate or reduce privacy risks in the area of mobile wireless technology in your area of practice? ▪ Does your employer have policies in place for safeguards related to use of mobile technology in your practice area? How is compliance monitored? Find Ways to Eliminate or Reduce Privacy Risks at an Acceptable Level Apply the 10 Privacy Principles Assess the Risk & the Level of Risk

7 THEN & NOW ▪ Handheld computing dates back to the early 1970’s ▪ 1980’s handheld computers were developed and marketed ▪ 1990’s brought the PDA – coined by Apple Currently: PDA’s Robots Telehealth Apparatus Pagers Tablets & Sub-note Books Wireless Networks Mobile Hardware Peripherals

8 NOW & THE REACH OF TECHNOLOGY Currently: Smartphones Email/Texting Patient Portals eConversations iPads  Greater than 27 million Canadians use mobile devices including smart phones and tablets to stay in touch, work, study and shop  63% of all wireless service subscribers use a smartphone  Currently radio waves may be received by anyone with in range of the signal

9 WHAT IS WIRELESS TECHNOLOGY? ▪ Wireless technology uses radio signals to transmit data ▪ Radio waves may be encoded differently such as analog vs digital ▪ All radio waves are broadcast in all directions from the point of transmission ▪ Wireless implies a system is always connected and that data are in real time which is necessary for use in health care ▪ Wireless technology enables mobile health care providers access to data when ever and where ever it is required

10 WHY IS MOBILE TECHNOLOGY IMPORTANT? ▪ It can seamlessly link patients, health services and health professionals together despite geography ▪ It allows nurses and other health care providers to provide patients with the right care at the right time at the right location, principles which are expectations for effective and safe health care practices and delivery of services ▪ The rising integration of technology into our lives is changing the way we communicate and access information including how we conduct daily activities both personally and at work

11 WHY IS MOBILE TECHNOLOGY IMPORTANT? ▪ Health care providers have a responsibility to use communication channels that will reach their target communities and population effectively ▪ Wireless and mobile technologies may reduce costs and increase efficiencies ▪ Wireless and mobile technologies increase access to important information and data, making it readily available when needed

12 CHALLENGES AND RISKS WITH MOBILE AND WIRELESS TECHNOLOGIES ▪ There is a need to understand the risks of using mobile technologies in order to prevent adverse consequences ▪ Unauthorized disclosure of PHI is a risk with mobile devices as data may be stored and retained on the device itself ▪ Mobile devices are vulnerable to loss and theft due to their size and portability ▪ Without security such as encryption email, voicemail, pictures or text messages containing PHI could be accessed or disclosed if a mobile device is lost or stolen ▪ Unauthorized disclosure of PHI can occur during the wireless transmission of data

13 CHALLENGES AND RISKS WITH MOBILE AND WIRELESS TECHNOLOGIES The use of wireless technologies means taking data at rest and placing it into data in motion a process which adds to the complexities of established requirements outlined in PHIPA – Personal Health Information Protection Act FIPPA – Freedom of Information and Protections of Privacy Act MFIPPA – Municipal Freedom of Information and Protection of Privacy Act As each Act sets out the requirements for the protection of personal information including information which is collected in varying electronic formats

14 CHALLENGES AND RISKS WITH MOBILE AND WIRELESS TECHNOLOGIES The use of wireless mobile technologies without work place security supports in place such as adequate encryption can: Increase the risk of privacy breaches Create a loss of control over data due to the ease of sharing information by the ability to forward data or images Decrease the ability to audit data when data is forwarded Place an organization in a position of liability and loss of reputation Decrease public confidence

15 CHALLENGES AND RISKS WITH MOBILE AND WIRELESS TECHNOLOGIES ▪ The use of unreliable devices for remote health care monitoring may compromise information quality and the security of PHI ▪ The existence of a wireless signal can unknowingly reveal PHI i.e. cellphone or other mobile transmissions can reveal a persons location or movement patterns ▪ Once a text message has left the circle of the originating vendor it enters a domain of wireless telephone carriers in which an organization would have not contractual agreement ▪ End receivers of messages may not password protect their devices leaving messages and data open to unauthorized access

16 A DIRECTIVE TO PROTECT PHI SIMPLY STATED: “ANY TIME WIRELESS TECHNOLOGY IS USED TO TRANSMIT PERSONAL HEALTH INFORMATION THAT INFORMATION MUST BE STRONGLY PROTECTED TO GUARD AGAINST UNAUTHORIZED ACCESS TO THE CONTENTS OF THE SIGNAL” (CAVOUKIAN, 2007)

17 PROTECTING PHI WITH WIRELESS MOBILE TECHNOLOGIES PROFESSIONAL OBLIGATION ▪ Nurses have a professional and legal obligation to protect PHI ▪ Protection of PHI is achieved through strong passwords and the use of encryption and encrypted devices when communicating using mobile devices EMPLOYER OBLIGATION ▪ Employer policies require the use of safe guards ▪ Strong encryption is the expected safe guard for data protection on mobile devices

18 WIRELESS PROTECTION ARE YOU READY? http://www.youtube.com/watch?v=G_z2 5g3Cfio To view click or copy and paste into your browser.

19 PROTECTING PHI ▪ Mobile applications and technologies when integrated into work flow processes need to meet stringent protection requirements which must interoperate with networks, applications and the computing resources of specific health care practices using this technology ▪ Data security includes confidentiality, availability and data integrity ▪ The full scope of security includes making data available when and where it is needed via secure mechanisms ▪ Without appropriate safeguards in place transmitting data via wireless applications can be “like using an open filing cabinet in a waiting room” (Cavoukian, 2007)

20 PROTECTING PHI– TEXT & EMAIL ▪ Strong encryption is an option when using email for PHI ▪ Encryption is not an option for text messaging given current technology parameters ▪ Recommend end users of text messages password protect their devices ▪ Inform clients of the risks of using email or text messages – document the discussion and their consent/agreement to the use of this technology in their record

21 PROTECTING PHI– TEXT Use only limited PHI in a message Restructure messages to remove PHI Implement additional safeguards with text messaging Ensure adequate security certificates from text messaging vendors Explore risks to the end user Limit who may send text messages

22 STEPS TO PROTECTING PHI ▪ Complete a Privacy Impact Assessment (PIA) to identify potential privacy risks of a wireless application ▪ Use up to date transmission encryption to minimize the risk of unauthorized access of data ▪ Larger organizations – consider using Virtual Private Networks (VPN’s) for mobile technologies and to support mobile work processes ▪ Smaller organizations – consider using Wi-Fi protected access: Wi-Fi Protected Access (WPA) or Wi-Fi Protected Access II (WPA2). Both types of access are security protocols and security certification programs which are used to secure wireless computer networks

23 STEPS TO PROTECTING PHI ▪ Ensure IT infrastructures use appropriate security technologies such as strong encryption ▪ Ensure the use of encryption standards which meet minimum standards including being independently validated, designed and implemented appropriately ▪ Ensure that encrypted data remains available for appropriate retention periods ▪ Ensure encryption installations are regularly reviewed and updated

24 STEPS TO PROTECTING PHI ▪ Use employer issued mobile devises vs personal devices ▪ If using a personal device ensure it has features and software that comply with the employers security polices ▪ Use strong passwords ▪ Limit the use of devices for recording and transmitting data

25 Where will we go? How far will we reach? How will the protection of data via wireless transmission evolve to stay current? FUTURE TRENDS

26 TODAY AND TOMORROW ▪ An increasing number of health care providers are using mobile devices to communicate with colleagues and patients ▪ Employers are implementing bring your own device programs for professional use ▪ Employers are implementing policies, protocols and systems to enable the use of wireless devices with enhanced security processes and systems with in a variety of health care practices ▪ Tens to hundreds of thousands of medical applications are available for download on smartphones and tablets ▪ Mobile applications are continually being developed ▪ Mobile devices can and will be able connect to evolving monitoring devices including GPS devices to assist in locating wandering confused patients

27 LET’S RECAP WHY PROTECT? AS HEALTH CARE PROFESSIONALS WE ARE OBLIGATED TO AUTOMATICALLY AND CONTINUOUSLY PROTECT PHI THROUGHOUT IT’S WHOLE LIFE CYCLE KEEPING IT SECURE AT ALL STAGES OF COLLECTION, USE, DISCLOSURE AND RETENTION FOR WITHOUT SECURITY THERE CAN BE NO PRIVACY (CAVOUKIAN, 2013)

28 REFERENCES ▪ Abbott, P. (2012). The effectiveness and clinical usability of a handheld information appliance. Nursing Research and Practice, 1-8. doi:10.1155/2012/307258 ▪ Canadian Medical Protective Society. (2013). Using electronic communications, protecting privacy. Retrieved from https://oplfrpd5.cmpa-acpm.ca/-/using- electronic-communications-protecting-privacyhttps://oplfrpd5.cmpa-acpm.ca/-/using- electronic-communications-protecting-privacy ▪ Canadian Nurses Association (2009). The next decade: Canada’s vision for nursing and health. Retrieved from http://www.cna-aiic.ca/en/advocacy/policy-support- tools/the-next-decadehttp://www.cna-aiic.ca/en/advocacy/policy-support- tools/the-next-decade ▪ Cavoukian, A. (2007). Encrypting personal health information on mobile devices. Fact Sheet, May (12). Retrieved from http://www.ipc.on.ca/images/Resources/up- fact_12e.pdfhttp://www.ipc.on.ca/images/Resources/up- fact_12e.pdf ▪ Cavoukian, A. (2007). Wireless communication technologies: safeguarding privacy & security. Fact Sheet, August (14). Retrieved from http://www.ipc.on.ca/images/Resources/up-1fact_14_e.pdf http://www.ipc.on.ca/images/Resources/up-1fact_14_e.pdf

29 REFERENCES ▪ Cavoukian, A. (2010). Health-care requirement for strong encryption. Fact Sheet, July (10). Retrieved from http://www.ipc.on.ca/images/WhatsNew/fact-16-e_1.pdfhttp://www.ipc.on.ca/images/WhatsNew/fact-16-e_1.pdf ▪ Gallagher, L. A. (2013). Accessing and sharing data to avoid security risks. The Nurse Practitioner, 38(5), 8–11. doi:10.1097/01.NPR.0000428822.80127.6a ▪ Google Images. n.d. Photographs of: wireless connection, key board, iphones, palm pilot, tablet with pda, side by side iphones. Retrieved from http://images.google.com/http://images.google.com/ ▪ Karasz, H.N., Eiden, A. & Bogan, S. (2013). Text Messaging to communicate with Public Health audiences: How the HIPAA security rule affects practice. American Journal of Public Health, 103(4), 617-622. doi: 10.2105/10AJPH.2012.300999 ▪ Minho, S. (2012). Secure remote health monitoring with unreliable mobile devices. Journal Of Biomedicine & Biotechnology,2012 1-5. doi:10.1155/2012/546021 http://0- eds.b.ebscohost.com.aupac.lib.athabascau.ca/ehost/detail?vid=3&sid=9d5a7cb8-af49- 4f0c-8962- d73b49daf37a%40sessionmgr111&hid=101&bdata=JkF1dGhUeXBlPXVybCxpcCx1aWQm c2l0ZT1laG9zdC1saXZl#db=rzh&AN=2011906878 http://0- eds.b.ebscohost.com.aupac.lib.athabascau.ca/ehost/detail?vid=3&sid=9d5a7cb8-af49- 4f0c-8962- d73b49daf37a%40sessionmgr111&hid=101&bdata=JkF1dGhUeXBlPXVybCxpcCx1aWQm c2l0ZT1laG9zdC1saXZl#db=rzh&AN=2011906878

30 REFERENCES ▪ Mobile Devices in the Workplace. (2014). Alberta RN, 69(4), 13-14. http://0- eds.b.ebscohost.com.aupac.lib.athabascau.ca/ehost/detail?vid=3&sid=9d5a7cb8- af49-4f0c-8962- d73b49daf37a%40sessionmgr111&hid=101&bdata=JkF1dGhUeXBlPXVybCxpcCx1a WQmc2l0ZT1laG9zdC1saXZl#db=rzh&AN=2012465924http://0- eds.b.ebscohost.com.aupac.lib.athabascau.ca/ehost/detail?vid=3&sid=9d5a7cb8- af49-4f0c-8962- d73b49daf37a%40sessionmgr111&hid=101&bdata=JkF1dGhUeXBlPXVybCxpcCx1a WQmc2l0ZT1laG9zdC1saXZl#db=rzh&AN=2012465924 ▪ Newbold, S. K. (2004). New uses for wireless technology. Nurse Practitioner, 29(4), 45-6. Retrieved from http://0- search.proquest.com.aupac.lib.athabascau.ca/docview/222360340?accountid=8408http://0- search.proquest.com.aupac.lib.athabascau.ca/docview/222360340?accountid=8408 ▪ Tooey, M. J., & Mayo, A. (2004). Handheld technologies in a clinical setting state of the technology and resources. Critical Care Nurse, 28-36. Retrieved from http://0- search.proquest.com.aupac.lib.athabascau.ca/docview/228195339?accountid=8408http://0- search.proquest.com.aupac.lib.athabascau.ca/docview/228195339?accountid=8408

31 REFERENCES ▪ Office of the Privacy Commissioner of Canada. (2011). Privacy impact assessment. Fact Sheet. https://www.priv.gc.ca/resource/fs-fi/02_05_d_33_e.asphttps://www.priv.gc.ca/resource/fs-fi/02_05_d_33_e.asp

32 THANK YOU

Download ppt "WIRELESS MOBILE TECHNOLOGY PROTECTING PERSONAL HEALTH INFORMATION (PHI). ARE YOU READY?"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation – College of Nursing August 22,2014 Cheryl Webber, MS, RHIA University.

Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation – College of Nursing August 22,2014 Cheryl Webber, MS, RHIA University.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Complying with Privacy to Enable Innovation & Research

Complying with Privacy to Enable Innovation & Research
Information Security Policies and Standards

Information Security Policies and Standards
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

Similar presentations

Ads by Google