Q&A with Tom Srail
Tom Srail Executive Vice President, Practice Leader: Technology, Media and Telecommunications Industry, Willis North America
Q
There seem to be fewer clipboards and more mobile devices in doctors’ offices these days. What’s driving that?
A
For productivity as well as regulatory reasons, many hospital facilities, insurance companies and doctors’ practices have moved towards electronic health records. Accessing data becomes a lot easier on mobile devices, iPads and tablets. The demand to streamline patient care and the healthcare process has led to utilization of more technology. That’s true in every industry but definitely in the doctors’ world.
I’ve been working with technology companies whose business is streamlining patient and asset movement within a hospital—diagnosis machines, medical equipment and carts going from point A to point B as quickly and efficiently as possible, getting restocked, cleaned and back into use with minimal downtime. As we see in retail, manufacturing and the logistics world, the healthcare industry is using technology in process improvement to really speed up the delivery of care and, of course, improve accuracy and quality.
Q
Are there heightened risks for mobile devices in healthcare?
A
Some IT security professionals who work in the healthcare industry refer to BYOD as “bring your own disaster,” meaning it could be rife with risk. A good risk management approach is to follow the three tenets of security: confidentiality, integrity and availability. Each is very important to the healthcare world and maybe more so than many other industries.
Confidentiality, making sure sensitive information doesn’t get into the wrong hands or get exposed, is number one.
Integrity is making sure the information the doctor is getting on the device is correct. This means the patient’s record is correct, the data hasn’t been corrupted and the information was input and coded correctly. Software glitches, security events and equipment failure can corrupt a database or make the data unreadable.
Availability is imperative. You can’t afford a system crash that says, “Sorry please try again later.” That’s not an option when you’re in an acute care scenario and you need to pull up the patient’s record and there’s no paper-based file anymore. The system has to be up and running. That would extend to mobile devices as well and the networks that connect them back to main system.
All three of these—confidentiality, integrity and availability—need to be considered potential risks when you’re considering using mobile devices in healthcare.
