Personal Smartphones in a Clinical Setting: Useful, But Can Patient Privacy Be Ensured?

Personal smartphone use by doctors and nurses can provide the best functionality and the promptest patient care. But here are some key questions that need to be addressed to ensure privacy.
It’s no secret that nurses and doctors are using their personal smartphones at work. A 2015 article by Cheryl Parker published in PSQH (Patient Safety & Quality Healthcare) found that “although potentially in violation of their organizations’ policy, nurses and other employed clinicians use their personal devices to support their patient care activities in part because the communication equipment their hospital provides lacks the functionality, applications, and workflow support of a smartphone.”
In other words, personal smartphone use enables nurses and physicians to deliver the fastest care. It also allows physicians who are credentialed at multiple hospitals to provide timely responses about all patients, on one device, regardless of their location.
However, as Parker reported, while “updating an organization’s ‘bring your own device’ or BYOD policy to include nurses and other employed clinical staff may seem like a natural solution for this situation…it actually might expose the organization to increased operational costs, Health Information Portability and Accountability Act (HIPAA) violations, and patient safety risks.”
Parker urges executive leaders to consider some critical questions before allowing nurses and physicians to use their own smartphones at work. While a full list of questions can be found in the article, here are a few highlights:

  • A recent survey of healthcare workers found that 39% did not password protect their smartphones (Cisco, 2013), so how will those devices be secured to protect the organization, such as with a numerical password or fingerprint reading capabilities?
  • How will compliance be monitored and validated every time an employee buys a new phone?
  • What happens when a device is lost or stolen?

While there are multiple apps on the market that allow hospital employees to use a secure, HIPAA- compliant network for texting and other medical communication, none ensures the privacy of photos taken on a personal smartphone, since such photos can still be saved to the device itself,  even if the employee is using a HIPAA-compliant app for other patient-related activities.
So if an employee’s phone is lost or stolen, especially if it is not password-protected, there is a risk of a HIPAA-violation. Even if a personal device is not lost or stolen, any photos saved to a personal device may be at risk for accidental sharing since they are mixed in with the employee’s personal photos.
How PrivateEye solves the patient image privacy problem
That’s why we developed the PrivateEye case–to ensure the privacy of every patient-related photo taken on an a clinician’s personal smartphone. The case fits over a smartphone and covers the shutter; unless the clinician’s phone is logged into a secure network, no photos can be taken. Once logged in, the shutter can be uncovered–but any photos taken can only be saved to the secure network; they cannot be saved to the device itself. Plus, any screenshots the employee takes of app-related content will be recorded and flagged for review.
In addition, we’ve built a fail-safe into the PrivateEye case. Because the PrivateEye case alerts hospital administrators when a particular employee is logged in, it’s possible to cross-check who is scheduled to be on-duty with who is actually logged in. If a particular employee is expected to logged in but is not, administrators will receive a warning that there is potentially an out-of-compliance phone. The clinician will also receive a text reminding them to put the case on their phone and log in.
As physicians and nurses continue to use personal smartphones in a clinical setting, it’s critical that hospital administrators develop clear, coherent, bulletproof policies to protect patient privacy and ensure patient safety.
Learn more about how a PrivateEye case can help your hospital or clinic ensure HIPAA-compliance for patient photos and other patient-related images.

Try PrivateEyeHC™

Enter your mobile number to receive a download link for the PrivateEyeHC™ app.

As more healthcare providers integrate personal devices in their practices, there’s a growing risk of HIPAA violations with sensitive patient images. Here’s how to protect patient privacy.

Personal smartphone use by doctors and nurses can provide the best functionality and the promptest patient care. But here are some key questions that need to be addressed to ensure privacy.

Mobile sharing of clinical images can save lives, but current software solutions can’t prevent HIPAA-violations when it comes to patient images. Here’s one device that can.