Slide 1

Slide 2 WIRELESS MOBILE TECHNOLOGY PROTECTING PERSONAL HEALTH INFORMATION (PHI). ARE YOU READY? Slide 3 MHST/NURS 602 Week 10 July 9 15, 2014 Assignment 2 Patricia Wright Slide 4 OBJECTIVES To review the then, now and reach of wireless mobile technology To identify what wireless technology is and why it is important To review the challenges and risks associated with wireless technology and personal health information To identify the directive and steps to protecting personal health information when using wireless mobile technology To review future trends Slide 5 SUGGESTED READINGS Cavoukian, A. (2007). Wireless communication technologies: safeguarding privacy & security. Fact Sheet, August (14). http://www.ipc.on.ca/images/Resources/up- 1fact_14_e.pdfhttp://www.ipc.on.ca/images/Resources/up- 1fact_14_e.pdf Mobile Devices in the Workplace. (2014). Alberta RN, 69(4), 13-14. http://0- eds.b.ebscohost.com.aupac.lib.athabascau.ca/ehost/detail?vid=3&sid=9d5a7cb8-af49- 4f0c-8962- d73b49daf37a%40sessionmgr111&hid=101&bdata=JkF1dGhUeXBlPXVybCxpcCx1aWQm c2l0ZT1laG9zdC1saXZl#db=rzh&AN=2012465924http://0- eds.b.ebscohost.com.aupac.lib.athabascau.ca/ehost/detail?vid=3&sid=9d5a7cb8-af49- 4f0c-8962- d73b49daf37a%40sessionmgr111&hid=101&bdata=JkF1dGhUeXBlPXVybCxpcCx1aWQm c2l0ZT1laG9zdC1saXZl#db=rzh&AN=2012465924 Office of the Privacy Commissioner of Canada. (2011). Privacy on the Go: 10 Tips for individuals on protecting personal information on mobile devices. Fact Sheet. https://www.priv.gc.ca/resource/fs-fi/02_05_d_47_dpd_e.asp https://www.priv.gc.ca/resource/fs-fi/02_05_d_47_dpd_e.asp Office of the Privacy Commissioner of Canada. (2011). Privacy impact assessment. Fact Sheet. https://www.priv.gc.ca/resource/fs-fi/02_05_d_33_e.asphttps://www.priv.gc.ca/resource/fs-fi/02_05_d_33_e.asp Slide 6 DISCUSSION QUESTIONS Does your area of practice use wireless technologies to provide care and if yes, how does the use of this technology enhance the principles of providing the right care at the right time for your patients? What safeguards are in place to secure and retain the PHI collected and used with this technology? Could the application of a Privacy Impact Assessment be utilized to eliminate or reduce privacy risks in the area of mobile wireless technology in your area of practice? Does your employer have policies in place for safeguards related to use of mobile technology in your practice area? How is compliance monitored? Find Ways to Eliminate or Reduce Privacy Risks at an Acceptable Level Apply the 10 Privacy Principles Assess the Risk & the Level of Risk Slide 7 THEN & NOW Handheld computing dates back to the early 1970s 1980s handheld computers were developed and marketed 1990s brought the PDA coined by Apple Currently: PDAs Robots Telehealth Apparatus Pagers Tablets & Sub-note Books Wireless Networks Mobile Hardware Peripherals Slide 8 NOW & THE REACH OF TECHNOLOGY Currently: Smartphones Email/Texting Patient Portals eConversations iPads Greater than 27 million Canadians use mobile devices including smart phones and tablets to stay in touch, work, study and shop 63% of all wireless service subscribers use a smartphone Currently radio waves may be received by anyone with in range of the signal Slide 9 WHAT IS WIRELESS TECHNOLOGY? Wireless technology uses radio signals to transmit data Radio waves may be encoded differently such as analog vs digital All radio waves are broadcast in all directions from the point of transmission Wireless implies a system is always connected and that data are in real time which is necessary for use in health care Wireless technology enables mobile health care providers access to data when ever and where ever it is required Slide 10 WHY IS MOBILE TECHNOLOGY IMPORTANT? It can seamlessly link patients, health services and health professionals together despite geography It allows nurses and other health care providers to provide patients with the right care at the right time at the right location, principles which are expectations for effective and safe health care practices and delivery of services The rising integration of technology into our lives is changing the way we communicate and access information including how we conduct daily activities both personally and at work Slide 11 WHY IS MOBILE TECHNOLOGY IMPORTANT? Health care providers have a responsibility to use communication channels that will reach their target communities and population effectively Wireless and mobile technologies may reduce costs and increase efficiencies Wireless and mobile technologies increase access to important information and data, making it readily available when needed Slide 12 CHALLENGES AND RISKS WITH MOBILE AND WIRELESS TECHNOLOGIES There is a need to understand the risks of using mobile technologies in order to prevent adverse consequences Unauthorized disclosure of PHI is a risk with mobile devices as data may be stored and retained on the device itself Mobile devices are vulnerable to loss and theft due to their size and portability Without security such as encryption email, voicemail, pictures or text messages containing PHI could be accessed or disclosed if a mobile device is lost or stolen Unauthorized disclosure of PHI can occur during the wireless transmission of data Slide 13 CHALLENGES AND RISKS WITH MOBILE AND WIRELESS TECHNOLOGIES The use of wireless technologies means taking data at rest and placing it into data in motion a process which adds to the complexities of established requirements outlined in PHIPA Personal Health Information Protection Act FIPPA Freedom of Information and Protections of Privacy Act MFIPPA Municipal Freedom of Information and Protection of Privacy Act As each Act sets out the requirements for the protection of personal information including information which is collected in varying electronic formats Slide 14 CHALLENGES AND RISKS WITH MOBILE AND WIRELESS TECHNOLOGIES The use of wireless mobile technologies without work place security supports in place such as adequate encryption can: Increase the risk of privacy breaches Create a loss of control over data due to the ease of sharing information by the ability to forward data or images Decrease the ability to audit data when data is forwarded Place an organization in a position of liability and loss of reputation Decrease public confidence Slide 15 CHALLENGES AND RISKS WITH MOBILE AND WIRELESS TECHNOLOGIES The use of unreliable devices for remote health care monitoring may compromise information quality and the security of PHI The existence of a wireless signal can unknowingly reveal PHI i.e. cellphone or other mobile transmissions can reveal a persons location or movement patterns Once a text message has left the circle of the originating vendor it enters a domain of wireless telephone carriers in which an organization would have not contractual agreement End receivers of messages may not password protect their devices leaving messages and data open to unauthorized access Slide 16 A DIRECTIVE TO PROTECT PHI SIMPLY STATED: ANY TIME WIRELESS TECHNOLOGY IS USED TO TRANSMIT PERSONAL HEALTH INFORMATION THAT INFORMATION MUST BE STRONGLY PROTECTED TO GUARD AGAINST UNAUTHORIZED ACCESS TO THE CONTENTS OF THE SIGNAL (CAVOUKIAN, 2007) Slide 17 PROTECTING PHI WITH WIRELESS MOBILE TECHNOLOGIES PROFESSIONAL OBLIGATION Nurses have a professional and legal obligation to protect PHI Protection of PHI is achieved through strong passwords and the use of encryption and encrypted devices when communicating using mobile devices EMPLOYER OBLIGATION Employer policies require the use of safe guards Strong encryption is the expected safe guard for data protection on mobile devices Slide 18 WIRELESS PROTECTION ARE YOU READY? http://www.youtube.com/watch?v=G_z2 5g3Cfio To view click or copy and paste into your browser. Slide 19 PROTECTING PHI Mobile applications and technologies when integrated into work flow processes need to meet stringent protection requirements which must interoperate with networks, applications and the computing resources of specific health care practices using this technology Data security includes confidentiality, availability and data integrity The full scope of security includes making data available when and where it is needed via secure mechanisms Without appropriate safeguards in place transmitting data via wireless applications can be like using an open filing cabinet in a waiting room (Cavoukian, 2007) Slide 20 PROTECTING PHI TEXT & EMAIL Strong encryption is an option when using email for PHI Encryption is not an option for text messaging given current technology parameters Recommend end users of text messages password protect their devices Inform clients of the risks of using email or text messages document the discussion and their consent/agreement to the use of this technology in their record Slide 21 PROTECTING PHI TEXT Use only limited PHI in a message Restructure messages to remove PHI Implement additional safeguards with text messaging Ensure adequate security certificates from text messaging vendors Explore risks to the end user Limit who may send text messages Slide 22 STEPS TO PROTECTING PHI Complete a Privacy Impact Assessment (PIA) to identify potential privacy risks of a wireless application Use up to date transmission encryption to minimize the risk of unauthorized access of data Larger organizations consider using Virtual Private Networks (VPNs) for mobile technologies and to support mobile work processes Smaller organizations consider using Wi-Fi protected access: Wi-Fi Protected Access (WPA) or Wi-Fi Protected Access II (WPA2). Both types of access are security protocols and security certification programs which are used to secure wireless computer networks Slide 23 STEPS TO PROTECTING PHI Ensure IT infrastructures use appropriate security technologies such as strong encryption Ensure the use of encryption standards which meet minimum standards including being independently validated, designed and implemented appropriately Ensure that encrypted data remains available for appropriate retention periods Ensure encryption installations are regularly reviewed and updated Slide 24 STEPS TO PROTECTING PHI Use employer issued mobile devises vs personal devices If using a personal device ensure it has features and software that comply with the employers security polices Use strong passwords Limit the use of devices for recording and transmitting data Slide 25 Where will we go? How far will we reach? How will the protection of data via wireless transmission evolve to stay current? FUTURE TRENDS Slide 26 TODAY AND TOMORROW An increasing number of health care providers are using mobile devices to communicate with colleagues and patients Employers are implementing bring your own device programs for professional use Employers are implementing policies, protocols and systems to enable the use of wireless devices with enhanced security processes and systems with in a variety of health care practices Tens to hundreds of thousands of medical applications are available for download on smartphones and tablets Mobile applications are continually being developed Mobile devices can and will be able connect to evolving monitoring devices including GPS devices to assist in locating wandering confused patients Slide 27 LETS RECAP WHY PROTECT? AS HEALTH CARE PROFESSIONALS WE ARE OBLIGATED TO AUTOMATICALLY AND CONTINUOUSLY PROTECT PHI THROUGHOUT ITS WHOLE LIFE CYCLE KEEPING IT SECURE AT ALL STAGES OF COLLECTION, USE, DISCLOSURE AND RETENTION FOR WITHOUT SECURITY THERE CAN BE NO PRIVACY (CAVOUKIAN, 2013) Slide 28 REFERENCES Abbott, P. (2012). The effectiveness and clinical usability of a handheld information appliance. Nursing Research and Practice, 1-8. doi:10.1155/2012/307258 Canadian Medical Protective Society. (2013). Using electronic communications, protecting privacy. Retrieved from https://oplfrpd5.cmpa-acpm.ca/-/using- electronic-communications-protecting-privacyhttps://oplfrpd5.cmpa-acpm.ca/-/using- electronic-communications-protecting-privacy Canadian Nurses Association (2009). The next decade: Canadas vision for nursing and health. Retrieved from http://www.cna-aiic.ca/en/advocacy/policy-support- tools/the-next-decadehttp://www.cna-aiic.ca/en/advocacy/policy-support- tools/the-next-decade Cavoukian, A. (2007). Encrypting personal health information on mobile devices. Fact Sheet, May (12). Retrieved from http://www.ipc.on.ca/images/Resources/up- fact_12e.pdfhttp://www.ipc.on.ca/images/Resources/up- fact_12e.pdf Cavoukian, A. (2007). Wireless communication technologies: safeguarding privacy & security. Fact Sheet, August (14). Retrieved from http://www.ipc.on.ca/images/Resources/up-1fact_14_e.pdf http://www.ipc.on.ca/images/Resources/up-1fact_14_e.pdf Slide 29 REFERENCES Cavoukian, A. (2010). Health-care requirement for strong encryption. Fact Sheet, July (10). Retrieved from http://www.ipc.on.ca/images/WhatsNew/fact-16-e_1.pdfhttp://www.ipc.on.ca/images/WhatsNew/fact-16-e_1.pdf Gallagher, L. A. (2013). Accessing and sharing data to avoid security risks. The Nurse Practitioner, 38(5), 811. doi:10.1097/01.NPR.0000428822.80127.6a Google Images. n.d. Photographs of: wireless connection, key board, iphones, palm pilot, tablet with pda, side by side iphones. Retrieved from http://images.google.com/http://images.google.com/ Karasz, H.N., Eiden, A. & Bogan, S. (2013). Text Messaging to communicate with Public Health audiences: How the HIPAA security rule affects practice. American Journal of Public Health, 103(4), 617-622. doi: 10.2105/10AJPH.2012.300999 Minho, S. (2012). Secure remote health monitoring with unreliable mobile devices. Journal Of Biomedicine & Biotechnology,2012 1-5. doi:10.1155/2012/546021 http://0- eds.b.ebscohost.com.aupac.lib.athabascau.ca/ehost/detail?vid=3&sid=9d5a7cb8-af49- 4f0c-8962- d73b49daf37a%40sessionmgr111&hid=101&bdata=JkF1dGhUeXBlPXVybCxpcCx1aWQm c2l0ZT1laG9zdC1saXZl#db=rzh&AN=2011906878 http://0- eds.b.ebscohost.com.aupac.lib.athabascau.ca/ehost/detail?vid=3&sid=9d5a7cb8-af49- 4f0c-8962- d73b49daf37a%40sessionmgr111&hid=101&bdata=JkF1dGhUeXBlPXVybCxpcCx1aWQm c2l0ZT1laG9zdC1saXZl#db=rzh&AN=2011906878 Slide 30 REFERENCES Mobile Devices in the Workplace. (2014). Alberta RN, 69(4), 13-14. http://0- eds.b.ebscohost.com.aupac.lib.athabascau.ca/ehost/detail?vid=3&sid=9d5a7cb8- af49-4f0c-8962- d73b49daf37a%40sessionmgr111&hid=101&bdata=JkF1dGhUeXBlPXVybCxpcCx1a WQmc2l0ZT1laG9zdC1saXZl#db=rzh&AN=2012465924http://0- eds.b.ebscohost.com.aupac.lib.athabascau.ca/ehost/detail?vid=3&sid=9d5a7cb8- af49-4f0c-8962- d73b49daf37a%40sessionmgr111&hid=101&bdata=JkF1dGhUeXBlPXVybCxpcCx1a WQmc2l0ZT1laG9zdC1saXZl#db=rzh&AN=2012465924 Newbold, S. K. (2004). New uses for wireless technology. Nurse Practitioner, 29(4), 45-6. Retrieved from http://0- search.proquest.com.aupac.lib.athabascau.ca/docview/222360340?accountid=8408http://0- search.proquest.com.aupac.lib.athabascau.ca/docview/222360340?accountid=8408 Tooey, M. J., & Mayo, A. (2004). Handheld technologies in a clinical setting state of the technology and resources. Critical Care Nurse, 28-36. Retrieved from http://0- search.proquest.com.aupac.lib.athabascau.ca/docview/228195339?accountid=8408http://0- search.proquest.com.aupac.lib.athabascau.ca/docview/228195339?accountid=8408 Slide 31 REFERENCES Office of the Privacy Commissioner of Canada. (2011). Privacy impact assessment. Fact Sheet. https://www.priv.gc.ca/resource/fs-fi/02_05_d_33_e.asphttps://www.priv.gc.ca/resource/fs-fi/02_05_d_33_e.asp Slide 32 THANK YOU