Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Skype HIPAA Risks Not Given Enough Attention

Posted on December 5, 2012 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

At this point, I don’t imagine too many providers use Skype to communicate with patients, if for no other reason than I haven’t heard my wired physician friends mention it.

But even if the numbers are small, it seems we may not have been paying enough attention to services like Skype, whose security may be good enough for personal conversation, but not for patient communication.

A recent item on a legal blog offers a reminder that Skype — and other Web-based communications platforms — pose security risks that may compromise a provider’s ability to comply with HIPAA.

Why should providers be concerned about using Skype and its kin to conduct free videoconferences with patients?  Well, a quick look at the security requirements HIPAA imposes, as cited by Epstein Becker Green attorney Rene Quashie, offers an idea:

  • Access controls.
  • Audit controls.
  • Person or entity authentication.
  • Transmission security.
  • Business Associate access controls.
  • Risk analysis.
  • Workstation security.
  • Device and media controls.
  • Security management processes.
  • Breach notification.

I have no in-depth knowledge of the Skype infrastructure, but my guess is that it fails most of the tests above.  And given that it’s a proprietary platform, it’s not as though hospitals or medical practices can build these controls onto Skype with any ease.

However, Mr. Quashie does offer a series of procedures to help mitigate the risks associates with Skype and its relatives:

  • Request audit, breach notification, and other information from web vendors.
  • Have patients sign HIPAA authorization and separate informed consent as part of intake procedures when using web-based platforms.
  • Develop specific procedures regarding the use of Skype and similar platforms (interrupted transmissions, backups, etc.).
  • Train workforce regarding the privacy and security risks associated with these platforms.
  • Exclude the use of these platforms for vulnerable populations (i.e., severely mentally ill, minors, those with protected conditions such as HIV).
  • Limit to certain clinical uses (i.e., only intake or follow up).

All of that being said, this clearly suggests the need for HIPAA-compliant videoconferencing services via the Web. And while they may exist, I’m certainly not aware of any market leaders. Your turn, readers?  Do you agree that there’s a need for such services?  Do any exist already that have traction in the arena?

Broadband Mobile Should Change mHealth Game

Posted on June 22, 2012 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

You never know what you’re going to learn when you wander into a cell phone store,  other than being hit with some fairly slick marketing slicks and rapid-fire pitched on that sweet, sweet iPhone upgrade. (Sorry, letting my Apple lust get in the way here.)

In all seriousness, this time I learned something which excited the heck out of me. While this is probably old news to some readers, I was surprised to learn that the cellphone industry is now rolling out support for new mobile protocols allowing for dramatic improvements in broadband mobile speeds.

One standard, LTE, can offer peak downlink rates of 300 Mbps and peak uplinks of 75 Mbps.  LTE, which takes advantage of new digital signal processing techniques developed roughly 10 years ago, is being rolled out by more or less every major U.S. carrier. Existing 4G networks are should shoot up in capacity as well. The next revision of the family to which 4G belongs, standards-wise,  should have a throughput capacity of 627 Mbps.

So let’s bring this around to our ongoing EMR discussions.  What are the HIT implications of these mobile nodes having the throughput to process live streaming video, download multiple imaging studies, conference effortlessly with parties across the world and more?

Well, for one thing, it’s pretty clear that our idea of mHealth will have to change. It makes no sense to plan networks around data sipping apps like the current iPhone crop when you’ll soon have iPads, Android devices and even Microsoft’s Surface tablet drinking it in gulps.

Obviously, the whole notion of telemedicine will evolve dramatically, with roving doctors and nurses consulting effortlessly over mobile video.  Skype calls will be as easy to conduct as traditional calls. And reviewing charts from the road will make much more sense, including looks at, say, CT scan results.

But all of this wonderfulness will be severely constrained if EMR makers keep forcing clinicians to use their systems via mobile-hostile devices. This is the time — this month, week and even day — to admit that desktop computers aren’t the platform of choice for smart clinicians.Vendors will have to step up with native clients for remote devices, and moreover, clients that take advantage of the emerging high-speed phones and tablets. If they hang back, the whole mobile high-speed revolution won’t be happpening.