You’re the CIO of your healthcare IT (HIT) group. You have been recently tasked to make sure all authorized staff have access to the various networks among the group’s clinics and hospitals. This doesn’t mean just the technicians, programmers, and analysts in your department, but providers, medical support staff like RNs and CNAs, to the cleaning crews. Even patients will need some form of access as they lay in their beds in recovery from their ailments.
You’ve heard of Bring Your Own Device, or BYOD, as a possible solution. And you can see why, everyone has a smartphone, right? With BYOD, you simply authorized the appropriate staff to download the medical software they’ll need for their jobs, and you’re done. There’s no need to order medical grade tablets and their support software, nor upgrade the networks to accommodate them. Members of your staff won’t have to be pulled away to do the installation and perform any training, which is another plus as HIT is already short-handed. Even better, this frees up your department’s already limited budget. You can finally get another technician or upgrade that five-year old in-house server, or even both! BYOD continues to sound like a Win-Win solution for everyone, right?
You may want to sit back in your office and rethink that.
BYOD had its start in the business world. There, companies saw opportunities to cut costs for office equipment and software ranging from office phones to email clients. These features could simply be added to their staff’s personal smartphones.
The practice, to put it mildly, has proven to be controversial. Some of these controversies, like separation of work and personal life, carry over into BYOD in healthcare. Many others, though, are thoroughly unique for the medical sector. Two are HIPAA compliance and medical grade.
Lack of HIPAA Compliance
This is the big one. The Health Insurance Portability and Accountability Act was enacted into law in 1996 to protect patient information. That includes everything from patient electronic medical records (EMR) to insurance financials. Most are stored electronically, making it easy to access with a computing device and a network connection.
HIPAA enacts strict guidelines to protect those patient records from hackers and other breaches in cybersecurity. Penalties for non-compliance by healthcare groups can be in the hundreds of thousands up to a million and a half a year and up to a year in prison.
Yet most BYOD are not configured with the appropriate software and other features to provide such protections. And HIT may not be able to set them up legally, either. HIT needs deep access to phones’ operating systems to make sure it – and its software – are compliant with HIPAA. Most OS companies will not allow such access.
A medical grade tablet has no such issues. Its manufacturer has made sure the tablet is compliant. Any OS running on it will be compatible and open enough for HIT to run its software securely.
This brings up another advantage to medical tablets. Smartphones update their OS periodically. And this can lead to some dramatic results like the updates shutting down apps. While this is usually an irritation to most phone owners, this could have potentially lethal consequences in a hospital. Imagine a surgeon on a video call with a colleague thousands of miles away during a particularly delicate surgery. Suddenly the video app shuts down due to an incompatibility issue with the phone’s OS. Impossible, you think? Tell that to the Office for Civil Rights, which enforces HIPAA.
“Do No Harm.” That’s part of a medical student’s oath and the major focus of their job once they’ve graduated into a full-fledged physician / provider. The healthcare industry is similarly focused, making sure patients do not suffer further while being treated for their current ailments.
Ironically, a potential source for further harm are the very tools themselves. Today’s modern providers have a dazzling number of ways and methods to stabilize, diagnose, treat, and follow their patients. There are monitors to detect and measure heartbeats or breathing; telehealth systems to stay connected with patients hundreds of miles away; and scanning equipment that can both see deep into patients and figure out if they have cancer or not. The list goes on.
All these tools, though, have to work in harmony. The above medical devices have undergone rigorous development and testing to make sure they won’t harm the patient. Providers are assured they won’t shock an already critically-ill patient when attached a monitor to him or her. Or somehow ignite any flammable anesthetic gas in the air during surgery with the flip of a switch.
BYOD like personal smartphones have not undergone such testing. They’re meant to be used for casual purposes like ordering a pizza or rideshare. Smartphone manufacturers have little incentive, motive, or even requirement to build such a device.
Medical grade tablets are built with the setting in mind. “Medical grade”, in fact, means equipment that has been built, tested, vetted, and certified to be 60601-1 compliant. This allows it to be used safely near patients without risk to them and their life-saving devices. You can almost view them as “Do No Harm” in box form (or whatever’s the shape of your equipment.)
As head of your healthcare group’s IT department, it makes sense you’ll want to find the easiest solution to connect all the clinics and hospitals together in one harmonious network system. And BYOD, which uses employees’ personal smartphones as work devices, is tempting as a solution. But a couple of unique traits to healthcare – HIPAA compliance and need for Medical Grade – should give you pause and look for other solutions like medical grade tablets. The risks, from fierce penalties to risking patients’ lives, are just not worth it.