Privacy threats hiding in plain sight

Rather than just react to bad things happening, let's be proactive to prevent it in the first place

Joseph Choi, MD, MPH, FRCPC - Chief Operating Officer
Mar 30, 2019 · 4 min read

If you were to imagine how to access a patient’s personal health information (PHI) illegally, what would the operation look like? You may think of a Watergate-esque operation, sneaking into a doctor’s office or hospital ward under cover of night, wearing all black and ski masks, frantically flipping through charts while trying to get by undetected, and afterwards slinking back into the darkness.

Nowadays, it’s as easy as just waiting for someone to get up from their shared workstation and accessing thousands of patient charts instantly.

Or maybe wait until a doc puts their phone down to grab a coffee, and if it’s not PIN locked give it a quick swipe-through.

Or even easier, get $20 worth of widely available equipment and pick sensitive patient information right out of the air from miles away.

Delivering care is complex and hectic, and we need to be as efficient as possible to meet the rising demand and patient volumes. Communication is one of the biggest determinants in delivering high quality care. But if clinicians are only given ineffective and unencrypted tools such as pagers and fax machines, they will find more efficient workarounds.

Studies have shown that clinicians text each other all sorts of patient information on their own (often non-secure) mobile devices with alarming regularity. They don’t do this out of malice or laziness, they are truly trying to provide the best care for their patients, and this just happens to be the most effective and convenient way.

Unfortunately, the majority of hospitals in Canada do not offer secure ways of communicating patient information in a convenient way that reflects modern care pathways and workflows. The default option is to have a policy to tell everyone not to send any PHI on mobile devices, and throw the book at those who get caught.

As the old adage goes: an ounce of prevention is worth a pound of cure. Why not take up tools that already exist to make the lives of clinicians and patients better, to improve efficiency, to reduce the risk of a privacy breach, and to improve patient care?

Secure messaging is widely available now, and it is offered at a price that is cheaper than a pager subscription or a switchboard operator. Messaging has been extensively shown to improve user satisfaction and improve hospital operations (references below). This will also give clinicians who already rely on non-secure messaging a safer and more efficacious alternative. We’ve tried policies and regulations, but that has failed. It is time for real options, real tools, and real alternatives if we’re going to take safeguarding patient privacy seriously.

References

  1. Pandian, S.S., Srinivasan, P. and Mohan, S., 2014. The maxillofacial surgeon’s march towards a smarter future—smartphones. Journal of maxillofacial and oral surgery, 13(4), pp.355-358.
  2. Wu, R., Rossos, P., Quan, S., Reeves, S., Lo, V., Wong, B., Cheung, M. and Morra, D., 2011. An evaluation of the use of smartphones to communicate between clinicians: a mixed-methods study. Journal of medical Internet research, 13(3).
  3. Wu, R.C., Morra, D., Quan, S., Lai, S., Zanjani, S., Abrams, H. and Rossos, P.G., 2010. The use of smartphones for clinical communication on internal medicine wards. Journal of hospital medicine, 5(9), pp.553-559.
  4. Ighani, F., Kapoor, K.G., Gibran, S.K., Davis, G.H., Prager, T.C., Chuang, A.Z. and Godley, B., 2010. A comparison of two-way text versus conventional paging systems in an academic ophthalmology department. Journal of medical systems, 34(4), pp.677-684.
  5. T.C. Nguyen, A. Battat, C. Longhurst, P.D. Peng, M.J. Curet. Alphanumeric paging in an academic hospital setting. Am. J. Surg., 191 (April (4)) (2006), pp. 561-565
  6. J.P. Abenstein, J.A. Allan, J.A. Ferguson, S.D. Deick, S.H. Rose, B.J. Narr. Computer-based anesthesiology paging system. Anesth. Analg., 97 (July (1)) (2003), pp. 196-204
  7. S. Breslin, W. Greskovich, F. Turisco. Wireless technology improves nursing workflow and communications. Comput. Inform. Nurs., 22 (September (5)) (2004), pp. 275-281
  8. R.C. Wu, D. Morra, S. Quan, S. Lai, S. Zanjani, H. Abrams, et al. The use of smartphones for clinical communication on internal medicine wards. J. Hosp. Med., 5 (November–December (9)) (2010), pp. 553-559 (Epub 2010 August 5)
  9. Gulacti, U., 2017. Comparison of secure messaging application (WhatsApp) and standard telephone usage for consultations on Length of Stay in the ED. Applied clinical informatics, 8(03), pp.742-753.