The growing use of smart devices at the point of care exacerbates the dual, yet contradictory, challenges confronting hospital IT directors and compliance officers: making patients’ health information easier to access and share, while at the same time keeping it more secure.
A major problem is that there are just too many touch points that can create risk when sharing protected health information (PHI) inside and outside of the hospital. In addition to securing communications on cell phones, tablets and laptops, these tools can send output to smart multifunction printers (MFPs) that not only print, but allow walk-up users to copy, scan, fax and email documents. This functionality is why the Office of the National Coordinator for Health Information Technology now defines MFPs as workstations where PHI must be protected. These protections need to include administrative, physical and technical safeguards that authenticate users, control access to workflows, encrypt data handled on the device and maintain an audit trail of all activity.
Accurate, effective and secure use of patient information at point of care
Hospitals need to adopt an approach that automatically provides security and control at the smart MFP from which patient information is shared and distributed. This approach must also support the use of mobile computing technologies, which are helping to bring access to patient information and electronic health records (EHR) to the point of care. Advanced secure information technology and output management solutions can help hospitals protect patient health information as part of achieving HIPAA-compliant use of PHI with software by adding a layer of automated security and control to both electronic and paper-based processes. These solutions can minimize the manual work and decisions that invite human error, mitigate the risk of non-compliance and help hospitals avoid the fines, reputation damage and other costs of HIPAA violations and privacy breaches.
With this approach, vulnerabilities with capturing and sharing PHI are reduced with a process that ensures:
• Authorization — only authorized staff can access specific devices, network applications and resources with password or smartcard based authentication. Network authentication is seamlessly integrated with the document workflow and to ensure optimal auditing and security, the documents containing PHI are captured and routed to various destinations such as email, folders, fax and EHR systems.
• Authentication — user credentials must be verified at the device, by PIN/PIC code, proximity (ID), or by swiping a smart card access documents containing PHI. Once authenticated, the solution controls what users can and cannot do. It enables or restricts email or faxing and prohibits documents with PHI from being printed, faxed or emailed.
• Encryption — communications between smart MFP’s and mobile terminals, the server and destinations, such as the EHR, are encrypted to ensure documents are only visible to those with proper authorization.
• File destination control — simultaneously monitors and audits the patient information in documents, ensuring PHI is controlled before it is ever gets to its intended destination.
• Content filtering — automatically enforces security policies to proactively prevent PHI from leaving the hospital by filtering outbound communications and intercepting documents – rendering misdirected or intercepted information unreadable to unauthorized users.
Deploying smart computing technology to meet compliance
While it’s clear that hospitals continue to deploy smart technologies to deliver more efficient point of care to patients, those technologies continue to provide vexing security and compliance challenges. However, implementing a flexible and scalable solution that adds a layer of automated security and control to both electronic and paper-based processes significantly reduces non-compliance risks.
The solution should include five important attributes: authentication; authorization; encryption; file destination control; and content filtering. For example, electronic orders, referrals, reports and other sensitive information can be completed on smartphones, tablets, or laptops, electronically signed and safely and securely delivered to EHR.
With these security enhancements in place, hospitals can confidently open their networks and gain control of smart device proliferation in their patient point of care processes.