Turning the Page on Texts in Emergencies
The October NEWSLETTER article that discussed smartphones and HIPAA ably illustrated the security implementations necessary for the use of smartphones in the hospital setting (“Texting, Safety and Privacy: How Your Smartphone Interfaces With HIPAA”). There are a couple of key points.
In a truly controlled environment, the institution would have the right to remotely wipe the user’s phone as in the case of device loss or employee dismissal. Phones used in the institution would be restricted to a list of IT-approved apps. Sensitive data would have to be encrypted and passwords could not be chosen solely by the end user but in conjunction with the IT department.
I have noted the increasing use of SMS (texting) in urgent situations. To paraphrase Mark Twain, “reports of the death of the pager have been greatly exaggerated.” We have all experienced dropped calls and dead zones when using our mobile phones. In the event of a disaster, mobile phone systems are notorious for loss of power and user overload. The cell phone communicates with one tower at a time. Pager systems broadcast from all their local or national towers simultaneously with significant overlap. In addition, paging towers broadcast at far higher power levels than cell towers, ensuring that their signals penetrate buildings. How often does one change the pager battery? How often must a smartphone be recharged? Which device is more likely to break when dropped? At this juncture, urgent alerts should only be delivered by a paging system.
I appreciate this opportunity to clear up some misconceptions.
Samuel Tirer, M.D.
Response to Dr. Tirer
We appreciate Dr. Tirer’s comments, which address two important issues not included in the original article.
First, Remote Wipe Authority is a common security feature included in mobile device management policies at many institutions. While a remote wipe can effectively delete sensitive data on a device, it is not specific to HIPAA-related data and can limit the ability to subsequently track the device (depending on the operating system). A more elegant approach would be selective wiping of HIPAA-compliant apps and data to limit the impact of personal data loss (should the device be recovered later) while also more effectively preserving tracking functionality.
Second, we agree that pager technologies still provide significant advantages over cellular-based mobile devices in some settings. However, despite their limitations, generational changes are driving rapid expansion of smartphone utilization. While not as dependable as traditional pagers today, cellular service areas have dramatically increased in size with significant improvement in reliability in the past decade, and at some point in the future will likely exceed pager capabilities. Cellular signal penetration within buildings will continue to be an issue, but this effect may become less significant as Wi-Fi signals become ubiquitous. As cellular technology continues to improve and the economics of pager technology wanes, we may see providers limit and eventually eliminate traditional pagers as a result of diminishing economics to maintain these costly infrastructure investments.
Jaideep Mehta, M.D., M.B.A.
Peter Killoran, M.D.
The views and opinions expressed in the “Letters to the Editor” are those of the authors and do not necessarily reflect the views of ASA or the NEWSLETTER Editorial Board. Letters submitted for consideration should not exceed 300 words in length. The Editor has the authority to accept or reject any letter submitted for publication. Personal correspondence to the Editor by letter or e-mail must be clearly indicated as “Not for Publication” by the sender. Letters must be signed (although name may be withheld on request) and are subject to editing and abridgement. Send letters to firstname.lastname@example.org.