SMS in Health Care: Privacy and Confidentiality

2,357 views

Published on

Presentation at the first annual convention of the Philippine Society for General Internal Medicine last May 6, 2012.

Published in: Health & Medicine, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,357
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
36
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SMS in Health Care: Privacy and Confidentiality

  1. 1. http://www.flickr.com/photos/katielips/1430878365/ SMS in Health Care Privacy & Confidentiality Iris Thiele Isip Tan MD, MSc, FPCP, FPSEM Chief, UP College of Medicine Medical Informatics Unit Clinical Associate Professor, UP College of Medicine Section of Endocrinology, Diabetes & Metabolism 6 May 2012Saturday, August 4, 12
  2. 2. Texting Capital of the World Philippines: 1.39 billion text messages sent (2009) Infographic by @shaneshow for MASHABLE http://www.socialhubnotes.com/philippines-texting-capital-of-the-world-2010/http://tehspoon.deviantart.com/art/Filipino-flag-56287173?q=favby%3AGrin-Reaper%2F2159272&qo=23Saturday, August 4, 12
  3. 3. http://www.flickr.com/photos/dave-friedel/4158114183/ m HEALTH mHealth, enabled by mobile phones and other wireless computing devices (mDevices), is the revolutionary adoption of new communication patterns in healthcare that is stimulating the introduction of Participatory Health. mHealth Observatory http://www.mobih.org/observatory/Saturday, August 4, 12
  4. 4. “Movement in which networked patients shift from being mere passengers to responsible drivers of their health ... providers encourage and value them as full partners” Society for Participatory MedicineImage by Liz Gracehttp://www.flickr.com/photos/liz-grace/5078868809/ Participatory MedicineSaturday, August 4, 12
  5. 5. “As opposed to the doctor-centric, curative model of the past, the future is going to be patient-centric and proactive.” Elias A. Zerhouni MD, NIH Director Dec 2007 Image by JD Hancock http://www.flickr.com/photos/jdhancock/4100030094/Saturday, August 4, 12
  6. 6. Patient Access to Point-of-Care Disease Communication Resources Documentation Management mHeal! Body Area Education Network Programs Pharma/Clinical Professional Trials http://www.mobih.org Communication Public Ambulance/ Financial Administrative Health EMS Applications ApplicationsSaturday, August 4, 12
  7. 7. Always on and always with you http://www.flickr.com/photos/maczter/3008375479/Saturday, August 4, 12
  8. 8. http://www.sxc.hu/photo/712415 Information is the essence of medicine: we create it, we collect it; we search for it; we adapt it; we drown in it; and at times, we ignore it. Pauker SG & Stahl JE. WJM 1997;166(2):148–50Saturday, August 4, 12
  9. 9. Outline • HIPAA and HITECH • Risks of use of SMS in healthcare • SMS policy • GSMA privacy principlesSaturday, August 4, 12
  10. 10. Original version http://www.flickr.com/photos/tonythemisfit/3644746113/ “All that may come to my knowledge in the exercise of my profession or in daily commerce with men, which ought not to be spread abroad, I will keep secret and never reveal.” Classic version “What I may see or hear in the course of treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep myself holding such things shameful to be spoken about.” http://en.wikipedia.org/wiki/Hippocratic_OathSaturday, August 4, 12
  11. 11. “I will respect the privacy of my patients, for their problems are not disclosed to me that the world may know.” Modern version of Hippocratic Oath HIPAA Health Insurance Portability & Accountability Act of 1996 HITECH Health Information Technology for Economic and Clinical Health Act of 2009Saturday, August 4, 12
  12. 12. http://www.sxc.hu/photo/49277 HIPAA Privacy Rule regulates use and disclosure of Protected Health Information (PHI) held or transmitted in any form (electronic, paper or oral) http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.htmlSaturday, August 4, 12
  13. 13. HIPAA Patient Identifiers • Names • Vehicle identifiers and serial numbers, including license plate • All geographic subdivisions numbers smaller than a State (including street address, county, precinct, • Device identifiers and serial zip codes) numbers • All elements of dates (except • Web Universal Resource year) for dates directly related to Locators (URLs) an individual; all ages over 89 • Internet Protocol (IP) address • Telephone numbers numbers • Fax numbers • Biometric identifiers (i.e. DNA), including finger and voice prints • E-mail addresses • Social security numbers • Full face photographic images and any comparable images • Medical record numbers • Any other unique identifying • Health plan beneficiary numbers number, characteristic, or code • Account numbers • Certificate/license numbersSaturday, August 4, 12
  14. 14. http://www.sxc.hu/photo/1105263 HIPAA Privacy Rule Ensure confidentiality of communications with individuals i.e. call work number instead of home or cell number http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act#HITECH_Act:_Privacy_RequirementsSaturday, August 4, 12
  15. 15. http://www.flickr.com/photos/jdhancock/3618602355/ HITECH Act Establishes a federal breach notification requirement for unencrypted health information http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act#HITECH_Act:_Privacy_RequirementsSaturday, August 4, 12
  16. 16. TigerText Survey (US Data, Oct 2011) 73% of MDs are sending work-related text messages TigerText. "Physician and Hospital Texting Is on the Rise." Press release. October 12, 2011. www.tigertext.com/physician-texting-on-rise.Saturday, August 4, 12
  17. 17. Text Messaging Risks https://safermobile.org SMS can be intercepted Cloned SIM SIM command to forward SMS GSM interception devicesSaturday, August 4, 12
  18. 18. Text Messaging Risks https://safermobile.org SMS can be intercepted Filtered for key wordsSaturday, August 4, 12
  19. 19. Text Messaging Risks https://safermobile.org SMS can be intercepted Filtered for key words Stored data on phone includes SMSSaturday, August 4, 12
  20. 20. Text Messaging Risks https://safermobile.org SMS can be intercepted Filtered for key words Stored data on phone includes SMS Apps may intercept, read or send SMSSaturday, August 4, 12
  21. 21. Are text messages subject to HIPAA? HIPAA privacy rule Right to access and amend protected health information (PHI), “used, in whole or in part, by or for the covered entity to make decisions about individuals.” Text messages if used to make decisions may be subject to above HIPAA privacy rule. Greene, Adam H. "HIPAA Compliance for Clinician Texting." Journal of AHIMA 83, no.4 (April 2012): 34-36.Saturday, August 4, 12
  22. 22. HIPAA security rule Requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity and security of ePHI Threats to ePHI • Theft or loss of the mobile device • Improper disposal of the device • Interception of transmission of ePHI by an unauthorized person • Lack of availability of ePHI to persons other than the mobile device user Greene, Adam H. "HIPAA Compliance for Clinician Texting." Journal of AHIMA 83, no.4 (April 2012): 34-36.Saturday, August 4, 12
  23. 23. http://www.sxc.hu/photo/49277 Security controls Administrative policy Workforce training Password protection Inventory and proper sanitization of mobile devices Use of alternative technology i.e. vendor-supplied secure messaging app Greene, Adam H. "HIPAA Compliance for Clinician Texting." Journal of AHIMA 83, no.4 (April 2012): 34-36.Saturday, August 4, 12
  24. 24. SMS Policy for WA Health Services Nov 2011 Governance SMS Policy Oversight Group responsive to both positive and negative consumer feedback Health Services responsible for the costs and day to day administration of SMS usage SMS administrator ensures all SMS users are aware of policy Health Information Network responsible for management of IT and telecommunications components of SMS usage WA Health Strategic System Support Branch reports WA Health Executive on outcomes of the service www.health.wa.gov.au/CircularsNew/attachments/617.pdfSaturday, August 4, 12
  25. 25. SMS Policy for WA Health Services Nov 2011 Automated SMS reminders using Telstra Integrated Messaging Service (TIMS) Use requires completion of a standard SMS approval form I agree to use the SMS system within the prescribed guidelines for services in my Department that may benefit from this initiative. I understand the cost of SMS messages will be charged to my Department and agree to fund this from the Department budget. www.health.wa.gov.au/CircularsNew/attachments/617.pdfSaturday, August 4, 12
  26. 26. SMS Policy for WA Health Services Nov 2011 Privacy and Confidentiality Telco only transmits WA Health does not hold or collect any information All identified information remains with Health Services www.health.wa.gov.au/CircularsNew/attachments/617.pdf http://www.sxc.hu/photo/883988Saturday, August 4, 12
  27. 27. http://www.sxc.hu/photo/899402 SMS Policy for WA Health Services (Nov 2011) Patient providing a mobile telephone number is deemed to have agreed to SMS reminders www.health.wa.gov.au/CircularsNew/attachments/617.pdfSaturday, August 4, 12
  28. 28. Consent form for use of SMS texting Lincolnshire Community Health Services We will get in touch with you approximately 2 weeks before your appointment is due. The text will not identify the sender and will read as follows - Appointment reminder: Date and time Please let us know if your phone is lost, stolen or you have changed your number. www.lincolnshirecommunityhealthservices.nhs.ukSaturday, August 4, 12
  29. 29. Consent form for use of SMS texting Lincolnshire Community Health Services I agree to the service communicating with me by SMS I confirm that the mobile number the service holds on my record is correct and I will notify them of any changes I agree to receive a reminder of my appointment by SMS I am aware that I can withdraw consent at any time by informing the Health Professional either verbally or in writing www.lincolnshirecommunityhealthservices.nhs.ukSaturday, August 4, 12
  30. 30. http://www.flickr.com/photos/pasukaru76/4368389868/ SMS Policy for WA Health Services (Nov 2011) SMS reminders will NOT be sent to prisoners, estranged (non-custodial) parents, deceased, children www.health.wa.gov.au/CircularsNew/attachments/617.pdfSaturday, August 4, 12
  31. 31. http://www.flickr.com/photos/dpstyles/4058142601/ Standard Message SMS Policy for WA Health Services (Nov 2011) Reminder: appointment at [xx] Hospital [appt_time], [appt_date]. DO NOT SMS REPLY. Please call [clinic number or OPD number] business hours if you cannot attend. Reminder: your child has an appointment at [xx] Hospital [appt_time], [appt_date]] DON’T SMS REPLY Call [clinic number or OPD number] business hrs if unable to attend. www.health.wa.gov.au/CircularsNew/attachments/617.pdfSaturday, August 4, 12
  32. 32. http://www.sxc.hu/photo/1072482 www.health.wa.gov.au/CircularsNew/attachments/617.pdf SMS Policy for WA Health Services (Nov 2011) Automated SMS reminders will be sent between 9 am-5 pm, 7 days a week, 2 days in advance of appointmentSaturday, August 4, 12
  33. 33. http://www.flickr.com/photos/jurvetson/512412202/ SMS Policy for WA Health Services (Nov 2011) Automated SMS reminders configured so that recipients cannot reply www.health.wa.gov.au/CircularsNew/attachments/617.pdfSaturday, August 4, 12
  34. 34. GSM Association Mobile and Privacy http://www.gsma.com January 2011 Mobile Privacy Principles April 2011 Privacy Design Guidelines for Mobile Application DevelopmentSaturday, August 4, 12
  35. 35. January 2011 Mobile Privacy Principles Mobile and Privacy Openness, transparency and notice Provide information on identity and data privacy practices Purpose and use Limited to meet legitimate business purposes Data minimization and retention http://www.gsma.com Only minimum personal information necessary; not be kept for longer than is necessarySaturday, August 4, 12
  36. 36. http://www.flickr.com/photos/pasukaru76/4948494811/ Mobile Privacy Principles Mobile and Privacy User choice and control Exercise meaningful choice and control over personal informationSaturday, August 4, 12
  37. 37. January 2011 Mobile Privacy Principles Mobile and Privacy Respect user rights Easy means to exercise rights over use of personal information Security Reasonable safeguards appropriate to the sensitivity of the information Education Information about privacy and http://www.gsma.com security issues and how to protect privacy Children and adolescents Accountability and enforcementSaturday, August 4, 12
  38. 38. April 2011 Mobile and Privacy Privacy Design Guidelines for Mobile Application Development Privacy by Design approach ensures that mobile applications are developed in ways that respect http://www.gsma.com and protect the privacy of users and their personal informationSaturday, August 4, 12
  39. 39. http://www.flickr.com/photos/27528906@N04/4152954614/ mHealth & Privacy in Developing Countries Phones are often shared by families Policy Engagement Network for the International Development Research Center (The London School of Economics & Political Science)“Electronic Health Privacy and Security in Developing Countries and Humanitarian Operations” Dec 2010Saturday, August 4, 12
  40. 40. http://www.flickr.com/photos/bfishadow/4931375578/ mHealth & Privacy in Developing Countries Some governments are requiring citizens to register SIM cards with personal information Policy Engagement Network for the International Development Research Center (The London School of Economics & Political Science)“Electronic Health Privacy and Security in Developing Countries and Humanitarian Operations” Dec 2010Saturday, August 4, 12
  41. 41. http://www.flickr.com/photos/london/25783697/ SMS in Healthcare Know the risks. Follow rules. Have a policy.Saturday, August 4, 12
  42. 42. Thank You http://www.endocrine-witch.net @endocrine_witch Image from http://wthr.frumph.net/Saturday, August 4, 12

×