The iPad revolution is coming to a hospital near you

Despite what fearmongers say, iPads not only satisfy HIPAA rules but may be the best tool for doctors and nurses

For years, hospitals have longed to bring computers into the exam rooms, waiting rooms, and treatment rooms to get rid of hard-to-read patient charts, make sure everyone treating a patient was seeing the same information, record everything from vital signs to care delivery, and let doctors, nurses, and hospital techs stay connected to vital information and services as they move throughout the hospital.

In the last decade, most have adopted computers on wheels (known as COWs), basically PCs strapped to a cart, but they need to be plugged into a wall socket and tend to get in the way. Some hospitals tried Windows tablets, but they were both hard to use (poor touchscreen interface) and didn't last very long on a battery charge. Since 2010, the iPad has been the device hospitals have wanted to bring computing to their highly mobile environments. For a variety of reasons, they'll soon make the shift.

[ See InfoWorld's detailed comparison of how iOS and Android stack up for mobile security. | Subscribe to InfoWorld's Consumerization of IT newsletter today. ]

That is, unless they get scared off by mercenary vendors who cite big fines they might get if they violate rules like the 15-year-old HIPAA (Health Insurance Portability and Accountability Act) that these vendors claim is a certain risk on mobile devices such as the iPad. It's pure baloney, but I've seen such vendor scare tactics in action.

Let me first debunk these myths, then explain how easy it is for hospitals, clinics, and other health care providers to adopt iPads and comply with rules like HIPAA, the federal law that governs the privacy protection of patient data and established standards to ensure such information can be used by all entities treating that patient. Whether you're a patient or a provider, you should be demanding iPads in your care arsenal.

Recognizing the false risks in mobile health care
Just this week, Derek Smith, co-founder of Orchard Parc, a desktop virtualization vendor, took to Twitter with the kinds of outrageous claims that scare off health care pros and spook health care IT staff into buying expensive management and virtualization tools to solve a nonexistent problem.

First, he claimed that hospitals risk "average" costs of $2 million in the event of a privacy breach, and he suggested the risk of a breach was much higher if mobile devices were used. Yes, it can cost that much, but I know many people who work in health care IT management, and they tell me that the costs are usually much lower, involving notification to the affected patients and the administrative costs of reporting the incident and implementing a correction plan (usually training and monitoring). Many HIPAA privacy breaches result in very low to relatively low fines, as long as they are promptly reported and a corrective action plan is issued. To get a meaningful fine means the organization covered up the breach, then got caught or has shown a severe pattern of negligence -- that's when the government really punishes you.

Then he claimed that 40 percent of HIPAA privacy breaches were from mobile devices -- not true at all. That stat actually refers to breaches from lost or stolen laptops that weren't encrypted. When I challenged him on that, he admitted it was laptops, not mobile devices, but then claimed that the "Wall of Shame" database of HIPAA privacy breaches (they are all made public) showed seven "portable device" breaches in its first 50 entries as proof of the mobile risk. I read through every single entry in that database categorized as "portable" and not one was a smartphone or tablet. They were USB drives, backup drives, backup tapes, and laptops (all unencrypted; lost or stolen encrypted devices and media aren't considered privacy breaches).

I'm sure you've heard similar scare stories if you're in the health care business. Or indeed any business -- some vendors play the same trick around the risks of lost PII (personally identifiable information), for which most states have HIPAA-like privacy regulations. If you look into PII breaches, you'll see again that laptops, USB drives, backup tapes, and data CDs are the vectors of loss. If anything should scare you about the use of client technology in health care, it should be the use of laptops.

1 2 3 Page
Join the discussion
Be the first to comment on this article. Our Commenting Policies