Nov 06 2014 by Don Lawrence

Controlling Protected Health Information in a Digital Healthcare World

As we approach the end of 2014, we are seeing an increase in the adoption of mHealth technologies in healthcare organizations. Mobile devices are gaining a lot of traction as physicians, surgeons and medical staff members begin to recognize the value of their mobile devices in improving daily operations and in improving patient care. However, with greater freedom and the rise of BYOD (bring your own device) – comes significant responsibility for medical professionals.




There are drawbacks to introducing mobile devices into the healthcare ecosystem. Security risks are a prime concern – the risk of lost or stolen devices and of   the matter of compliance in accordance with protected health information (PHI) and HIPAA rules. The rules governing PHI and HIPAA are strict and non-compliance can result in hefty fines and imprisonment.

In the case of medical image sharing and collaboration, personally identifiable patient photos are considered protected health information under U.S. law, which means they are governed by blanket HIPAA regulations. So while ‘social clinicals’ may want to share patient images with colleagues and peers, healthcare IT departments get a little nervous because they know that patient information must be protected to avoid heavy consequences. While many healthcare organizations have instituted strict policies and best practices, healthcare professionals (social clinicals) often feel restricted and inhibited. They feel as if they are not able to fully recognize the significant workflow benefits that mobile devices have promised to deliver. It’s about finding a balance between productivity and compliance and there are ways to accomplish this.


Best Practices for Mobile Device Risk Management

There are proven ways for mitigating risk and ensuring compliance when it comes to BYOD, but combining all of them into a multi-pronged approach is the best bet. From training medical staff on data security best practices and how to identify suspicious activity on a mobile device, to implementing a process of complete remote wiping of a device if it is lost or stolen – these are all pieces of a sound strategy in keeping BYOD in healthcare alive, while protecting patient information.


When it comes to medical image sharing and social collaboration on a mobile device, healthcare IT departments can get a little nervous. The posting of a patient image on a global community may seem like a way to open a huge hole in security. Yet the value of sharing patient images across a global community of other clinicians is where the world is headed in order to improve patient outcomes. It’s a fine line, no doubt. So how can we continue to promote and leverage emerging digital technologies like image sharing and collaboration while protecting patient data?


eRounds takes security and privacy very seriously, which is why we created a four-step process to keep our community free of protected health information.  Every user agrees to NOT include PHI in their posts, we educate them about what constitutes PHI, and we provide an innovative “swipe” tool that empowers our members take an image with their mobile device and immediately swipe away patient information with their fingertip in seconds. And as a final measure against PHI in our system, we utilize a proprietary system whereby every single image loaded into eRounds is reviewed by trained eRounds staffers.  If PHI is present it’s removed and the author is notified.   With this process images can then be shared on the eRounds social collaboration platform with complete confidence that no PHI and HIPAA guidelines have been compromised. This added layer of protection has been the missing link in existing medical image sharing technologies and yet it is one of the most powerful ways to avoid the estimated starting penalty of $50,000 and possible imprisonment.