Smartphone Use Putting Personal Healthcare Data at Risk

Healthcare data is some of the most personal and private information we have. Legal protections and healthcare providers tightly control access to our health data for our protection.

Healthcare workers are very careful to limit access to our information — or are they?

While hospitals, physician’s offices and other healthcare facilities have controls in place to protect our privacy, not to mention protecting them from liability over the release of personal information, healthcare workers may be unwittingly risking the exposure of that data.

Through the use of their personal smartphones.

Smartphone Practices Study

Millions of Americans are using smartphones as part of their jobs, with a large number of them being personal phones. Not surprisingly, a term has been coined to cover this, Bring Your Own Device or BYOD.

The spread of BYOD has led to questions about how these devices are being used and whether they are being used securely.

A group of firms who are partners with the IT giant Cisco commissioned a study to learn how employees from several industries are using their smartphones. The results – which are consistent with some of our own personal observations – are somewhat disconcerting to those who assume strong protections are in place for our healthcare data.

Healthcare Workers Using Their Smartphones

9 out of 10 healthcare workers in the study indicated they use their smartphones for work purposes. While the study didn’t report whether sensitive or confidential data is used on the smartphones, we know at least some do so.

Healthcare workers using their smartphones for our private health data isn’t in itself necessarily a cause for concern. Combined with the rest of the results from the study, however, there is enough to cause one to wonder about the privacy of our data or that of senior loved ones, especially those living full time in nursing homes or other care facilities.

  • Only 41% of healthcare workers using their smartphones for work said they password protect their devices. That means phones that are lost or simply left unattended could put patients’ personal data at risk.
  • More than half of the healthcare workers reported using their smartphones with wireless networks or hotspots (WiFi) that are unsecured or unknown. Does the thought of personal data being available at your local coffee shop or fast food restaurant make you uncomfortable?
  • Barely half of the BYOD smartphones of health workers in the study had the Bluetooth discovery mode disabled. Bluetooth is thought to be the means by which so many celebrities and others have the photos and other contents of their smartphones compromised.

Healthcare Employers & BYOD Risks

Employers who allow, or even require, healthcare workers to use their own smartphones to access private health records have policies to address data security, right? You might think so, but it doesn’t appear that is the case often enough. Just over a third of the healthcare workers in the study said they thought their employers were prepared to address the problems that might arise.

This appears to be another case of technology racing ahead faster than companies’ policies to address the implications of its use. The healthcare industry is not alone in being under-prepared, which doesn’t really make us feel better.

Clearly action is needed by businesses and institutions to go beyond their own systems to protect our data when it’s on their employees’ smartphones, tablets and other mobile devices.

What Should WE Do As Patients & Family Caregivers?

Does this discussion have you concerned or even scared? That’s understandable, but not the reason we are publishing this post.

Bring this to the attention of healthcare providers when you have an appointment or accompany loved ones, asking them to check the security of any devices they use. We’re not suggesting you put anyone on the spot by demanding to check, as we believe the vast majority of healthcare workers are conscientious and will take action when informed.

We’re also hoping this post brings the issue to the attention of employers themselves, making them aware of the risk BYOD smartphones pose to their patients/customers. Making them think about the potential liability will probably do even more to drive home the need for change in policies and procedures, if not the ability to use personal devices for private data.

While you’re at it, think about your own smartphones and other mobile devices. Do you carry healthcare, financial or other personal information, either your own or that of loved ones, you consider sensitive? If so, are you taking appropriate precautions on your own devices?

It’s something to think about, especially with apps and all the new digital medical technology (with so much more to come) that has our smartphones playing integral roles in our lives and those of our senior loved ones.

4 thoughts on “Smartphone Use Putting Personal Healthcare Data at Risk”

  1. While some data may reside in the providers mobile device it is not necessary. HIPAA certified cloud storage allows secure storage and credentialed “read only” access to the data.

  2. Echoing what Rik said, healthcare workers may be using their smart phones to access health records, but they’re doing it through services designed for it. Apps or web services that share health data encrypt it in transmission. They also require someone to log into the service to access the data, not just logging into the phone. The systems require them to either continue to be active on the service or log back in after a period of inactivity. They’re also not storing any patient data on your device – you’re just accessing it remotely. So if your smart phone is sitting around after you were in a health record, somebody couldn’t pick it up and jump back into the record.

    Or at least that’s how we’re building the technologies at CareTree.

    • Thank you for sharing that, Carl. I wish that were the case everywhere and suspect it will be soon. In the meantime, though, we have heard from and about healthcare workers who are storing information on their phones, either directly or because it is being sent via an email, which is then accessible to anyone who has access to the phones.

      Until everyone is using technology such you are building at CareTree, safe mobile practices add a measure of protection. Those same practices are also beneficial for the smartphone users, even if there is no risk to health data posed, in keeping their personal data secure.

Comments are closed.