HIPAA Compliance with Mobile Devices Among ACGME Programs

Mcknight, Randall; Franko, Orrin I.

doi:10.1007/s10916-016-0489-2

Cited by 27 publications

(13 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Apps are often designed without enough or appropriate security and privacy measures in place to protect users’ health information [26]. There are numerous options for safeguarding health information and creating HIPAA compliant apps that allow for efficient and convenient data transfer [27] and these should be incorporated into new adolescent asthma app designs.…”

Section: Discussionmentioning

confidence: 99%

Parent and Clinician Preferences for an Asthma App to Promote Adolescent Self-Management: A Formative Study

Geryk¹,

Roberts²,

Sage³

et al. 2016

JMIR Res Protoc

View full text Add to dashboard Cite

BackgroundMost youth asthma apps are not designed with parent and clinician use in mind, and rarely is the app development process informed by parent or clinician input.ObjectiveThis study was conducted to generate formative data on the use, attitudes, and preferences for asthma mHealth app features among parents and clinicians, the important stakeholders who support adolescents with asthma and promote adolescent self-management skills.MethodsWe conducted a mixed-methods study from 2013 to 2014 employing a user-centered design philosophy to acquire feedback from a convenience sample of 20 parents and 6 clinicians. Participants were given an iPod Touch and asked to evaluate 10 features on 2 existing asthma apps. Participant experiences using the apps were collected from questionnaires and a thematic analysis of audio-recorded and transcribed (verbatim) interviews using MAXQDA. Descriptive statistics were calculated to characterize the study sample and app feature feedback. Independent samples t tests were performed to compare parent and clinician ratings of app feature usefulness (ratings: 1=not at all useful to 5=very useful).ResultsAll parents were female (n=20), 45% were black, 20% had an income ≥US $50,000, and 45% had a bachelor’s degree or higher education. The clinician sample included 2 nurses and 4 physicians with a mean practice time of 13 years. Three main themes provided an understanding of how participants perceived their roles and use of asthma app features to support adolescent asthma self-management: monitoring and supervision, education, and communication/information sharing. Parents rated the doctor report feature highest, and clinicians rated the doctor appointment reminder highest of all evaluated app features on usefulness. The peak flow monitoring feature was the lowest ranked feature by both parents and clinicians. Parents reported higher usefulness for the doctor report (t(10)=2.7, P<.02), diary (t(10)=2.7, P<.03), and self-check quiz (t(14)=2.5, P<.02) features than clinicians. Specific participant suggestions for app enhancements (eg, a tutorial showing correct inhaler use, refill reminders, pop-up messages tied to a medication log, evidence-based management steps) were also provided.ConclusionsParent and clinician evaluations and recommendations can play an important role in the development of an asthma app designed to help support youth asthma management. Two-way asthma care communication between families and clinicians and components involving families and clinicians that support adolescent self-management should be incorporated into adolescent asthma apps.

show abstract

Section: Discussionmentioning

confidence: 99%

Parent and Clinician Preferences for an Asthma App to Promote Adolescent Self-Management: A Formative Study

Geryk¹,

Roberts²,

Sage³

et al. 2016

JMIR Res Protoc

View full text Add to dashboard Cite

show abstract

“…11 However, the ease and utility of SMS has prompted medical staff to continue to use insecure technology to communicate electronic protected health information (ePHI). 2,12,13 Personal health care information is confidential and has extensive legislative protection against unintentional disclosure. The Health Insurance Portability and Accountability Act (HIPAA) security rules require covered entities to:…”

Section: Background and Significancementioning

confidence: 99%

“…2,5,12 In the routine delivery of patient care, ePHI such as initials, patient names, room, and medical record numbers are commonly included in such text messages. 4,6,12,13 Accidental or unintended disclosure of ePHI through insecure text messaging located on portable devices puts health care organizations at risk for monetary penalties in addition to the direct risk to patient privacy. 12 Although there have not been any reported HIPAA breaches due to insecure SMS to date, many cases of lost or stolen devices have resulted in breach notifications and corrective action plans from the Office for Civil Rights.…”

Section: Background and Significancementioning

confidence: 99%

Evaluation of Secure Messaging Applications for a Health Care System: A Case Study

et al. 2019

View full text Add to dashboard Cite

Objective The use of text messaging in clinical care has become ubiquitous. Due to security and privacy concerns, many hospital systems are evaluating secure text messaging applications. This paper highlights our evaluation process, and offers an overview of secure messaging functionalities, as well as a framework for how to evaluate such applications. Methods Application functionalities were gathered through literature review, Web sites, speaking with representatives, demonstrations, and use cases. Based on similar levels of functionalities, vendors were grouped into three tiers. Essential and secondary functionalities for our health system were defined to help narrow our vendor choices. Results We stratified 19 secure messaging vendors into three tiers: basic secure communication, secure communication within an existing clinical application, and dedicated communication and collaboration systems. Our essential requirements revolved around functionalities to enhance security and communication, while advanced functionalities were mostly considered secondary. We then narrowed our list of 19 vendors to four, then created clinical use cases to rank the final vendors. Discussion When evaluating a secure messaging application, numerous factors must be considered in parallel. These include: what clinical processes to improve, archiving text messages, mobile device management, bring your own device policy, and Wi-Fi architecture. Conclusion Secure messaging applications provide a Health Insurance Portability and Accountability Act (HIPAA) compliant communication platform, and also include functionality to improve clinical collaboration and workflow. We hope that our evaluation framework can be used by other health systems to find a secure messaging application that meets their needs.

show abstract

“…A variety of approaches have studied health organizations' security requirements in EHRs, medical information systems and mobile devices. For instance, Farhadi et al [3] and McKnight and Franko [13] studied EHRs and mobile devices respectively, in terms of their compliance with HIPAA and Meaningful Use requirements. In another example, Uwizeyemungu and Poba-Nzaou [20] studied health information systems in Europe for their compliance with basic security measures, defined in terms of Confidentiality, Integrity and Availability.…”

Section: Related Workmentioning

confidence: 99%

The danger of missing instructions

Lamp

Rubio-Medrano

Zhao

et al. 2018

Proceedings of the 2018 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologi

View full text Add to dashboard Cite

The proliferation of networked medical devices has resulted in the development of innovative Medical Cyber-Physical Systems (MCPS) that promise more coordinated and high quality of care for patients. Unsurprisingly, the cybersecurity of MCPS is of high concern, as they are life-critical systems that, if compromised, may result in dire consequences to the patient. A variety of security requirements have been developed over the past 10 years as a result of governmental acts such as HITECH in order to better secure and protect healthcare environments. However, it is unclear how applicable these requirements may be to MCPS infrastructures. As a result, this case study analyzes current healthcare security requirements and their applicability to MCPS using an approach that leverages ontological representations and automated requirement traversal techniques. Using such a methodology, we find that 70% of applicable requirements/risks for MCPS components are missing from the security documentation, including serious items such as Authentication, Data Encryption, DoS attacks, and Legacy Vulnerabilities. We also validate our results within real-world instances and find that almost half of the relevant requirements are not implemented within existing MCPS architectures. CCS CONCEPTS • Security and privacy → Security requirements; • Computer systems organization → Embedded and cyber-physical systems;

show abstract

HIPAA Compliance with Mobile Devices Among ACGME Programs

Cited by 27 publications

References 24 publications

Parent and Clinician Preferences for an Asthma App to Promote Adolescent Self-Management: A Formative Study

Parent and Clinician Preferences for an Asthma App to Promote Adolescent Self-Management: A Formative Study

Evaluation of Secure Messaging Applications for a Health Care System: A Case Study

The danger of missing instructions

Contact Info

Product

Resources

About