New opportunities present new challenges

2007.10.30 av Jan Fredrik Frantzen

The use of portable equipment such as PCs, mobile telephones and PDAs is becoming increasingly popular in the health service. But even though the requirements for protecting personal privacy are the same as for the use of desktop equipment, the challenges are different.

Shoulder surfing can be a problem when using portable computers, telephones and PDAs. Luckily, such situations are relatively easy to avoid, but there are other things to consider Photo by Jan Fredrik Frantzen, NST.

For the home-care service, bringing the patient record on a handheld PC when staff are out on an assignment can provide great benefits. For example, it gives them access to information about the user's medication, so that they have up-to-date information about which medicines the person they are visiting is to take.

At the hospital, too, it can give the patient greater peace of mind and the doctor necessary information when he or she can look up the record at the patient's bedside and obtain access to the case history and the results of that day's blood tests.

Vulnerable to attack

The use of such wireless and portable solutions also involves the risk that patient information will end up in the wrong hands. What if a handheld PC is stolen and the thief can read the record of someone who has just received an HIV diagnosis? Not exactly a desirable situation.

“One problem may be ‘shoulder surfing’, where someone simply observes what you are reading or entering in the patient record. But another and equally great challenge is that people use personal equipment at work or use work equipment for personal activities,” says security adviser Eva Skipenes at the Norwegian Centre for Telemedicine.

The problem with using personal equipment is that it is often not adequately secured against attack with protection such as firewalls, antivirus programs, secure logon mechanisms, and encryption of data stored in the unit. On the other hand, you can expose your work PDA to threats it is not designed to block, if you use it for personal activities and connect it to the Internet.

Simple measures secure the information

For the IT department, these challenges mean that they need to take steps such as securing the mobile unit with good routines for logon and systems to prevent hacking via the wireless network. In addition, patient data must be encrypted, if it is to be stored on the unit. Long-term storage on the unit is not recommended, and communication between the unit and the specialized health systems must also be encrypted.

There is also a great deal that you as a user can do to ensure that patient information does not end up in the wrong hands. Physically, you can avoid “shoulder surfing” by simply using the equipment so that no one can read the display or switching off the device when you are not using it yourself. Electronic protection of the data also involves simple rules.

“It is incredibly important to use only equipment that your employer has configured and to use it in the way they have decided, so that the information is protected. In addition, if you avoid using work equipment for personal activities such as surfing on the Internet, you will also avoid exposing patient information to unnecessary risk,” concludes Eva Skipenes.

More information about mobile units and data security

Please contact adviser Eva Skipenes on mobile phone (+47) 911 77 515 or email Eva.Skipenes@telemed.no for more information about the subject.

Tips en venn

Del på Facebook

Del på Twitter