OR WAIT null SECS
Instant messaging and other ubiquitous consumer technologies can be useful in your practice. But they also pose security threats you may never have thought of.
Imagine this common scenario: One of your group’s physicians walks into a busy coffee shop in a public area of the local hospital before making rounds. At the checkout, the physician digs into every pocket of his lab coat in search of his wallet, laying prescription pads, pocket references, and his cell phone on the counter. Once he finally locates his wallet and walks away, he realizes he’s left his cell phone behind. He quickly returns, only to learn that his phone is long gone.
At that moment back in your office, your front-desk staffer is using her PC to quickly cut and paste text messages to that very same missing cell phone. Those messages contain a list of patients the physician is to round on, his list of in-office patients scheduled for his afternoon clinic (including the patients’ dates of birth and Social Security numbers, as the staffer just cut and pasted the list from her scheduling screen), and a message that the physician’s broker called and is waiting to hear from him. On the same PC, the staffer is also using instant messaging, or IM, to chat with her best friend across town.
A few years ago, the lost cell phone scenario would have been nothing more than a minor annoyance, resulting in a few frustrating hours at the local cell phone shop to buy a replacement phone, the owner out nothing more than a few frequently dialed phone numbers, his pride, and some cash.
Today, a lost cell phone and your staff’s personal use of instant messaging could have much greater ramifications for everyone involved - including your patients.
What once was a lowly phone is now a pocket computer
The newest generation of cell phones can often synchronize data to and from your PC, connect to corporate e-mail mailboxes, carry robust documents and spreadsheets, store more data than four blank CDs, and, of course, support text messaging. These features can be a godsend to a busy, tech-savvy physician, enabling her to check e-mail, carry hospital rounding lists, store electronic medical reference materials, and receive and send text messages all in one small device. But these new capabilities also mean that you need to do a reality check on the security of your and your patients’ private information.
What used to be a simple device for making and receiving phone calls on the go is transforming into a pocket computer that also happens to make phone calls. Physicians at practices large and small are beginning to utilize the advanced features of these tools. They are on an evolving path, using their cell phones in new ways that can make both their own and their office staff’s lives easier.
While the instant flow of information made possible by sophisticated cell phones can lead to high-risk scenarios like the one described above, you can minimize such risks by keeping and enforcing a few fundamental rules:
The perils of instant messaging
In our imaginary scenario, the front-desk staffer was chatting with a friend using an instant messaging (IM) software client on her PC while also doing her work. Surely no harm could come from such an innocent use of IM, right?
Wrong. Many large businesses (medical and otherwise) block the use of IM on their networks or run a “corporate” IM system that filters dangerous or nonwork-related messages - for good reason. Instant messaging has its place, but you have to weigh its benefits against its risks. Among the troubles IM in the workplace can cause:
As you can see, as more and more useful technologies become available, the more vigilant you must be. Sophisticated cell phones, text messaging, and instant messaging are clearly here to stay. The question you must ask yourself is: Have I planned for the appropriate use of these technologies in my practice?
Jonathan McCallister is a client-site IT manager for a major healthcare consulting firm, and he is currently assigned to a 140-physician practice. He has worked in healthcare IT management for more than eight years and in general IT management for more than a decade. He can be reached via email@example.com.
This article originally appeared in the January 2008 issue of Physicians Practice.