Bring on the BYOD: Providing Mobile Access to Patient Data
When it comes to mobile access to patient data, CIOs have two choices: Provide a secure access method, or continue to plug the hole in the dike with their fingers—and pray. With smartphone use among physicians at 98%, according to a 2012 report from Spyglass Consulting, attending and referring physicians who find themselves locked out of mobile access to patient data are likely to be looking for workarounds to circumvent hospital policy.
According to Chris (Kip) McMillan, CEO of Diversified Radiology (Lakewood, Colorado), the requests for mobile access to medical images are coming from specialists, particularly orthopedists and neurosurgeons, as well as from physicians who refer to the 14 hospitals that the 55-radiologist practice covers. The issue, however, is a delicate one. “You don’t want to be working at cross-purposes; you don’t want to be developing a service that is being developed, using a slightly different method, by your hospital partner,” McMillan says.
One of Diversified Radiology’s hospital partners is Platte Valley Medical Center (Brighton, Colorado), where Darrell Messersmith, director of information services and functioning as CIO, has taken a progressive view of mobile access and the bring-your-own-device (BYOD) movement. Founded in 1960, the hospital moved, in 2007, to a new facility—on a 50-acre campus that includes a patient tower, a diagnostics/treatment center, and a medical office building of more than 58,000 square feet (with plenty of room to grow).
“We buy into the idea of anywhere, anytime access to patient data,” Messersmith says. Data are made available, through a secure connection on a virtual desktop, to anyone who has the proper credentials. He explains, “Our physicians who are off-site have complete access to their patients’ records, from anywhere that they have Internet access to data.”
Pervasive Demand
Demand for mobile access is pervasive. “Everybody is clamoring for mobile access,” Messersmith reports, including both consultant specialists and attending physicians who need data at the bedside and elsewhere in the hospital. “We can also provide that access on their mobile devices.”
CIOs can blame ubiquitous mobile technology. On-site, attending physicians are carrying their iPads around the hospital. Off-site, access is equally important. “For our specialists, our attending physicians, and our referring physicians, who may have gone home or back to their offices—or who may be at a hockey game, for that matter—being able to take a phone call from a nurse, to log into the system, and to place an order or to look at results in our electronic medical record (EMR) is of high importance,” Messersmith says.
In an open-access environment, data security and ensuring that information is presented on the mobile device as it would be in the hospital are primary concerns. “Usability of the data is important, and for the most part, we have crossed that barrier,” Messersmith says, “but making sure data are secure is paramount; limiting access to the data to one or two points of access is key.”
Currently, physicians have just one point of access: through the hospital’s EMR. Platte Valley Medical Center, however, just went live with a second access point: a private health information exchange (HIE) operating in partnership with a vendor. Branded internally as eCareNet Exchange, physicians who have access will be able to share information directly with the hospital and view results.
Further Access
As hospital CIOs get accustomed to the idea of allowing physicians to have mobile access to patient data, Diversified Radiology is in a good position to help provide that access—at least, to medical images and radiology reports. Several years ago, the practice initiated a single nighttime reading environment across its 14 hospital clients using a web-based distributed radiology solution that unites medical imaging workflows from disparate PACS, HIS, and RIS into a unified reading solution.
“We are in the process of migrating [all hospital clients] to our InteleOne® single reading environment, because we have 14 hospitals each with their own flavor of PACS or transcription or voice recognition,” McMillan says. The single reading environment provides better access to subspecialists and improved turnaround times.
In addition to facilitating the efficient routing of studies, the single reading environment offers the opportunity to enhance quality oversight—a practice that was complicated by having to access 14 different databases and merge the data into a common database to review technologist performance, exam appropriateness, and follow-up care. “It’s so much easier for us to provide meaningful statistical information to all of our partners when we have that kind of access,” McMillan adds.
Who Owns the Data
When it comes to the question of who owns the data, McMillan has no question: It’s the hospital. “We very clearly define that while we acquire images, produce the voice recognition, and send back a final report, all of this information is the responsibility and property of the hospital,” he notes.
The world is changing fast, however, and the burden on hospital IT departments is growing heavier with the progression of the meaningful-use program. Just as hospitals are getting comfortable with BYOD policies for physicians, McMillan suggests that they consider offloading image access to radiology practices.
“Many radiology groups have invested heavily in their IT environment, as hospitals have,” McMillan notes. “We are telling our hospitals, ‘Look, we’ve got this one. There is enough going on in technology and health care, being driven by the government, on multiple levels. We are your partner in so many things; we also will be your partner in this.’ There are some capabilities that can be offloaded to radiology because, largely, we are going to produce them anyway.”
McMillan acknowledges that pressure is mounting from referrers in environments where mobile access has not been provided. Even where access is offered through a hospital’s EMR, some referrers prefer more direct access through the practice’s PACS.
“We tell our hospital partners that as the radiology group, we can provide this service,” McMillan says. “Let’s talk about how we are going to go about doing that—and about making you comfortable. Therein lies the trick: It is critically important to have a good, strong relationship—built on trust—with your hospital IT team.”
Diversified Radiology provides mobile access through an app that can be downloaded from the Apple App Store. Referring physicians typically access the service because they receive email messages, sent by PACS, when the status of an order changes (for example, when a final report is available or when there are critical results). Clinicians also can log in directly.
The app is Web-based, through a streamlined portal: Nothing is downloaded to the device. Physicians log in over an SSL connection, and all data are encrypted remotely.
Meaningful Data Access
As CIOs look ahead at stage 2 meaningful-use requirements, the need to demonstrate that 5% of patients access their data electronically looms large. Messersmith sees image access as a vehicle for achieving compliance, prompting talks with his HIE provider about image access. “Having images available through the HIE will be a high priority for us,” he reports.
In theory, Diversified Radiology could provide that access, McMillan says, and technology is not the limiting factor: Operational issues are the hurdle. How would logging in be set up so that patients could access their studies (and no one else’s)? What should you do if the patient has a question? Is it the radiologist or the referring physician who responds?
“We always run up against a tricky question: How do we pay for this?” McMillan notes. “One of the big considerations is not just the investment in the technology, but the support aspect, whether it’s a referring physician who is trying to download an image to the iPad or—a little more challenging—a patient trying to access a Web portal to look at his or her studies.”
Nonetheless, mobile access to patient data is a wave that is building into a tsunami. “We are sitting down with our hospital partners and saying we need to set aside the not-invented-here or the control issues with IT,” McMillan says. “The world has begun to change, and it is more about providing easy access to as much information as possible—to both the physicians and the patients—in a secure environment. We need to work together to do that.”
Cheryl Proval is editor of Health CXO.
Cheryl Proval is editor of Health CXO.