- Seven out of 10 health systems in the U.S. are making mobile communications a priority in light of the shift to value-based care and improved care management strategies, according to a new report. But more than 80 percent are worried that the platform won’t be secure.
“Despite increased investments in mobile device management solutions and secure text messaging solutions, cybercriminals have become more sophisticated and knowledgeable about the capabilities and vulnerabilities of existing security products, and the strategies and tools used by hospital IT to detect a potential intrusion,” Gregg Malkary, of the Spyglass Consulting Group, said in a release accompanying his 90-page report.
Despite the concerns, healthcare providers are moving toward an enterprise-wide mobile communications platform that connects not only physicians, but nurses, hospital staff and other members of the care team. And one-third of those providers have found or were in the process of finding “compelling ROI models to justify an investment in mobile communications.”
The Spyglass report shines the spotlight on nurses, which comprise the largest professional healthcare group in the country, at some 3.13 million members.
“They are mobile professionals who are constantly on the go, working in high-stress, data-intensive environments dominated by inefficient paper-based processes,” the report notes. “They have a constant need for direct and immediate communications with colleagues and patients, as well as real-time access to relevant patient information at (the) point of care.”
But those nurses at the forefront of the healthcare communications landscape are seeing a number of challenges, Malkary reports. These include inefficient communications platforms dominated by overhead and handheld pagers, landlines and VoIP handsets, lack of integration with electronic medical records platforms, and a general feeling of being overwhelmed by all the devices, monitors and alarms in the healthcare setting, “which leaves them little time for direct patient care.”
Faced with those issues, the survey found that 76 percent of providers are developing an enterprise-wide communications platform, and more than half are expanding that platform beyond doctors and nurses to improve care team coordination.
But while they’re investing in a platform that brings together hospital-issued smartphones as well as personal devices carried in by clinicians, 82 percent of the providers surveyed “expressed grave concerns about their ability to adequately support and protect mobile devices, patient data and the hospital’s technology infrastructure as a result of the growing threat of cybersecurity attacks.”
Those threats, the report found, include malware, blastware and ransomware.
Of particular concern to hospital executives are personal devices. Some 90 percent of providers surveyed have BYOD (Bring Your Own Device) policies to accommodate smartphones, tablets and other devices owned and used on the job by hospitalists, physicians with their own practices, care team members who work in other locations and advance-practice nurses.
According to the survey, providers fear those devices will have inadequate password protection and won’t have the tools necessary to stop an attack. In addition, those devices are often used to transmit SMS and text messages that might include personal health information, they operate on unsecured public WiFi and cellular networks that could be hacked, and they might not integrate with the health systems mobile device management platform, which could monitor the device and prevent malicious attacks.
Roughly one-quarter of all healthcare data breaches are traced back to mobile devices, and providers are facing fines in excess of $1 million for breaches in which personal health information is placed at risk.
Ironically, while providers are developing BYOD policies to accommodate mobile employees, nurses aren’t part of that equation. Only 8 percent of those surveyed have a BYOD policy that includes staff nurses, a 25 percent decrease from the 2014 Spyglass survey.
Reasons for not including nurses include cost, technical support, business justification, security and potential conflicts with a nurse’s union.