Is mobile and wearable tech a security risk when it comes to general practice?
Almost everyone uses some kind of mobile or wearable device today, but how secure are they for use by GPs?
According to the Royal Australian College of General Practitioners (the RACGP), while mobile and wearable tech offers GPs some exciting possibilities, it is important to proceed cautiously.
The most recent research by the RACGP, the 2016 report Technology in General Practice: Mobilising Healthcare shows that while technology is fast and convenient, it is also insecure.
Email is so widespread and accepted that some patients assume it will be used by their GP. The problem is that most email is unencrypted and insecure. A malicious actor or third party may be able to access the information. This is even more of a risk when email is sent from a mobile device.
Since general practices must comply with the Australian Privacy Principles to protect patient confidentiality, there are serious risks for GPs who breach these principles. These could range from fines to legal action.
GPs can encrypt their emails, but there is no widespread solution for patients, leaving email as a potentially dangerous channel.
GPs who use their personal phones to send SMS to patients are compromising their own privacy and revealing their contact details. Patients may expect that their doctor will now be available around the clock.
It’s a great tool and so convenient, but consider the risks if you take a photo of a patient’s condition. Your phone has now become part of the record system. Is it secure? How do you ensure confidentiality? Can you transfer it securely to the patient’s records? How can you ensure it is no longer identifiable on your phone?
Fitbits and other wearable devices present similar issues with security. These devices can feed information to GPs, such as blood sugars or blood pressure. What process is in place for an urgent or emergency situation in the middle of the night? Does the patient expect the GP to be constantly monitoring her data or safety?
mHealth systems should be implemented, but only when a business case has been prepared. Safety and security issues are only one component of the overall system. Resources need to be allocated for support and training of admin staff if the move to mobile tech is going to be successful.
GPs need to have official policies concerning mobile devices, to clarify the issues and processes for both staff and patients. Preparing a policy brochure for patients that details confidentiality issues means they can make informed decisions and provide consent. As one example, using SMS for appointment reminders can be safe and effective if clinical information is excluded.
GPs looking to make more use of mobile and wearable tech, and wanting to avoid some of the security risks, would be well advised to read the RACGP’s resource: mHealth in general practice: A toolkit for effective and secure use of mobile technology.
EOFY isn’t only about getting your financials in order. It’s a great time for small businesses to review and plan.
Protecting your patient data is increasingly complex with threats of cyber-attacks and data breaches coming from both inside and outside your practice.
Global recession, wealth inequality, trade tariffs between China and the US, Brexit, global warming and volatile housing markets are just a few of the challenges we'll face in 2020.
An hour of awkward discomfort or a career-shaping moment? The choice is largely up to you…
How to overcome the convergence of platforms and devices and build a wall between work-you and home-you.
Email our customer support teamSend an enquiry
For customer service and sales enquiries just give us a call from within New Zealand
(8.30am to 5pm, Monday - Friday)