Strategies to safeguard emergency department mobile ePHI and compliance

With 85 percent of hospitals reportedly providing access to mobile devices on their local wireless networks, more and more healthcare organizations are taking proactive measures to protect their electronic patient health information (ePHI). As well, the hospital emergency department (ED) and its special data and compliance needs must be given top consideration as an essential component of any mHealth enterprise security strategy. 

Approximately 123.8 million ED visits are reported annually in the United States. The ED, considered the "front door" of the hospital, is defined by its fast pace, complexity and crisis management-style work environment; it requires a time-sensitive workflow typically not addressed with larger enterprise information systems.

The ED has also realized the exploding adoption of mHealth as a critical business commodity. A recent study by Emory University researchers validates that mobile devices could help ED doctors quickly diagnose eye-related conditions. According to the study, reviewers consistently rated the iPhone images as the same or of higher quality compared with the same images viewed on a desktop computer. Moreover, some ED-specific EHR systems now come with supporting mobile apps for patients and physicians alike.

Safeguarding emergency care ePHI, mitigating data breach risk and ensuring HIPAA and HITECH compliance in this high-acuity care setting will help hospital EDs safely incorporate mobile devices and apps into their clinicians' specialized workflow. 

To empower emergency physicians and nurses to take full advantage of efficient and cost-effective mobile tools, hospitals can establish a strong ED security infrastructure by deploying the following security control measures: 

1. Implement a mobile device management (MDM) solution. This software enables continuous visibility and monitoring of the device, leverages built-in security features, enables device access control, neutralizes and wipes clean lost, stolen or retired devices and encrypts data over air (OTA) and at rest (HIPAA requirement).

2. Enforce network security management "best practices." For example, providers can establish policies for strong passwords and wireless devices and usage.

3. Deploy an app-level security solution. Additionally, establishing app-level password policies can enable data loss protection, secure network access, and maintain persistent security compliance.