Ask the Expert: Mobile Collaboration Tools are Touted in Healthcare Circles for Their Ability to Help Improve Patient and Staff Safety. But Do They Compromise Data Security?

Not if certain measures are taken, says one mobility solution engineer who has spent his whole career innovating workforce communications tools for front-line workers.

A nurse talks on a Zebra clinical smartphone
by Your Edge Blog Team
December 02, 2021

The pandemic is not the only global crisis straining hospitals right now. A growing number of cyberattacks have left healthcare systems around the world in “critical condition” and struggling to recover. With more patient records, medical devices, pharmaceutical supply chains and healthcare information systems targeted every day, a concerted effort must be made to reduce vulnerabilities – especially as mobile device use increases.

That’s why we asked Gopi Polavarapu to join us for a quick conversation about the risks versus rewards of workforce collaboration apps in healthcare settings.

He spends his days helping hospitals decisions makers understand ways to automate both clinical and non-clinical workflows, which is now a top priority with pandemic-related patient surges, staffing shortages, and supply shortages persisting. Care team members must be able to consult with one another from a distance and coordinate patient movements, equipment use, and room turnover with other departments. They must also be able to share and access information without having to put forth much effort, as the focus has to remain on patients. That’s where collaboration apps prove beneficial.

However, the alarms are sounding about the vulnerability of healthcare systems and connected devices, mobility solutions included. So, Gopi offers some advice to those who are not yet continuously monitoring their devices and talks about what everyone can do to reduce security vulnerabilities when using workforce collaboration tools so they can maximize their many benefits:

Your Edge Blog Team: In Zebra’s newly released Healthcare Vision Study, a growing number of hospital executives say they are turning to technology to overcome long-standing operational challenges. In fact, the majority plan to give mobile devices to all staff types in the next five years, as there’s consensus that the quality of patient care would improve if nurses, clinicians and non-clinical healthcare workers had collaboration tools and healthcare applications.

However, we know mobile devices are viewed as easy targets by cybercriminals, making it that much more important for hospitals to think about how they will manage security. Are there some high-level best practices they should consider?

Gopi: Any device or network used to capture, store, transmit or access sensitive personal information must be kept secure and comply with local data privacy regulations to protect patient records. In the U.S., this would be the Health Insurance Portability and Accountability Act of 1996, or HIPAA.

Therefore, all technology deployments in hospitals require the implementation and enforcement of strict security policies. Healthcare providers should be creating various layers of defense mechanisms to protect themselves from vulnerabilities and cyberattacks.

Your Edge Blog Team: Can you walk us through some examples?

Gopi: First, you must ensure both wired and wireless networks are appropriately secured and actively updating to the latest technologies. This means security patches and software updates must be pushed regularly. As a best practice, hospitals and other healthcare service providers should institute proactive monitoring and intrusion detection systems and perform regular assessments. Vulnerabilities should be corrected as soon as they’re identified.

It’s important to then ensure endpoints such as fixed and mobile devices are receiving the latest security updates provided by firmware and operating system (OS) vendors.

Mobile OS such as Android™ and iOS do not support enterprise multiusers like desktop operating systems such as Windows® and Linux do. Yet, most of the healthcare providers using Zebra Android devices as shared devices are allowing staff to login with the same passcode on all devices to make it easy to handoff from one person to the next during shifts. Instead, healthcare organizations should adopt single sign-on (SSO) solutions like the one from Imprivata to support multiple users, profiles, and roles. 

Remember, securing devices and making the user experience frictionless is as important to employee productivity as it is key to keeping information secure and protected. SSO tools help ensure all software solutions and mobile applications are integrated with identity providers such as Ping or Okta and leverage two-factor authentication and directory services for proper access control and authorization. From there, organizations can then use Near Field Communication (NFC)-powered ID cards to provide frictionless access to those devices with biometrics.

Your Edge Blog Team: Let’s talk a little bit about what can be done to protect more casual conversations between healthcare providers. With push-to-talk communication solutions replacing old-school paging systems and instant messaging on the rise among care team members, how can staff ensure patient information isn’t accidentally overheard or seen by others in the vicinity?

Gopi: Due to the social revolution and various free collaboration tools available in the marketplace, healthcare organizations are seeing the need to equip mobile devices used for patient care with enterprise-grade collaboration tools that can address – and reduce – many of these risks.

As you noted, there is a lot of employee collaboration occurring within the hospital network among both clinical and non-clinical staff. They’re sharing medical records and discharge papers, collecting patient data, coordinating facility turnover and schedules, and managing staff rosters and schedules – all of which contains sensitive information.

Most of the collaboration tools available today offer various communication modalities, including telephony with voice extension, push-to-talk (PTT), secure messaging and locationing of people and assets. Most healthcare professionals prefer to use secure messaging for patient data and make voice calls in headset mode to keep the conversations private and prevent physical eavesdropping.

With that in mind, it’s important for decision-makers to choose voice collaboration solutions that can integrate with the local PBX in the hospital network and leverage secure RTP protocols. This will keep voice payload encrypted and further protect from eavesdropping. For example, Zebra’s Workforce Connect PTT Pro solution offers secure transmission of PTT sessions to prevent eavesdropping between the endpoints.

It’s also critical to look at the security of messaging solutions. Choose one that offers various levels of access controls. This will allow you to limit application logins to authorized parties only. Just confirm the messaging solution also encrypts data during transit and when at rest in servers.

And I want to reinforce one thing to the healthcare community and other organizations with shared devices: you must consider how you will protect all data elements before, during and after the user’s mobile device session. Of course, assigning permissions for device, data or application access based on role entitlement is necessary. A bedside nurse will probably have access to certain apps that other healthcare professionals may not have access to. But when that charge nurse signs off, how do you ensure the next person who picks up that shared mobile device next doesn’t accidentally see those high-permission apps or the previous user’s history? It’s critical you choose communication and collaboration tools that enable you to clear the cache, patient data and user credentials after each use.

Your Edge Blog Team: What else do hospital administrators, IT teams and even device users need to think about when introducing collaboration apps into the mix, from a security perspective?

Gopi: They must ensure the network firewalls (IDS) are in place to protect against external threats, and always push the latest security updates to devices to protect from cyberattacks coming from outside those networks. IT teams should also enforce proper access controls based on the roles and profiles of the users and protect identities with SSO or even identity protection systems with two-factor authentication. This will require some validation and careful monitoring over time.

And device users – hospital staff – should think about the information being provided or requested before taking action. Ask yourself, why am I being asked for this data? Is the data relevant to the task at hand? If someone else gets this data, would it be harmful?  These questions are intended to raise awareness of one’s environment, especially when the data is being transmitted via electronic devices and applications.

Your Edge Blog Team: Let’s talk safety of patients and staff. We know communication is key to improving response times when a medical event occurs, whether the patient is at home and EMTs need to respond or they’re in a hospital room and need a nurse or doctor to intervene. What can a collaboration app offer in these situations? How does the experience differ from more traditional dispatch, voice calling or alerting systems?

Gopi: In healthcare, mobile collaboration tools are addressing several different use cases in the context of safety. For example, acute care nurses can have a telephone extension on the mobile device via the app to pick up calls coming into their departments while on the move. Without this, calls about urgent patient needs could be missed, or a nurse who would otherwise be more valuable at the bedside might have to sit by the phone at the nurse’s station in case a call comes in. With enterprise-grade collaboration solutions, specifically, hospitalized patients can push a button on the bed to communicate with nurses for any care-related information. Again, the nurse can interact with that patient while making rounds using the collaboration app.

Healthcare professionals are also using enterprise-level secure messaging, voice communications and user locationing features found within these apps to collaborate better across distances, which is key to improving patient care. This is true in hospitals and on the front lines, where EMTs and non-acute care healthcare workers are using two-way radios or PTT solutions to communicate and coordinate care actions.

Mobile devices built for healthcare environments also have duress buttons on the back. When the button is long pressed, then the collaboration app can route voice calls, PTT calls and/or messages to hospital security or emergency services. This is beneficial when a user needs help with aggressively behaved patients. There’s also a drop detection feature that could automatically call for help if the app senses a device was dropped and not picked up. It could indicate the user fell and needs assistance.

Healthcare providers are also using telehealth solutions in non-acute care scenarios and offering remote monitoring solutions with software/hardware solutions to track health records like heart rates, blood pressure and blood glucose levels. All of this can be integrated into enterprise collaboration and communication platforms to aid with patient or care team communications and inform decisions.  

For more routine, automated workflows, the communications capabilities of workforce collaboration solutions are targeted for the task at hand. For example, users can initiate a PTT session to signal responders for a “Code” event, follow-up with text, and then escalate if required. 

Fundamentally, the integration of various communication mechanisms such as the telephone, PTT, messaging, alerting, and task management with existing and future backend systems allows for efficient seamless interoperability of the applications, tools and devices necessary for patient care and provider safety. That is, assuming they’re married with a versatile user/role management system protected by secure authentication.

Your Edge Blog Team: We know workflow automation is a top priority in the next year or two for hospital administrators. So, can you talk about how workforce collaboration tools can support that ambition?

Gopi: Imagine an EMT starting patient admission before arriving at the emergency room. A dynamic group chat could be created with patient details to admit the patient and automatically assign doctors, nurses and other support staff based on who is currently free or has bandwidth to take new patients in the shift. This dynamic group chat/feed will continue to provide updates to everyone in the group until the patient is discharged from the hospital. 

Collaboration tools can also be integrated into hospitals systems and nurse calling systems to monitor the health of the patients with real-time metrics and automated alerts. It can use what we call IFTTT logic to automatically dial/text everyone who needs to attend to patients in emergency situations.

What many of our customers like is the ability to use collaboration tools to locate assets like IV pumps, ventilators and other medical equipment in facilities. It improves utilization. Even patient locations can be tracked, which is helpful when it comes time to process patient discharge paperwork.

Your Edge Blog Team: Are there any other capabilities IT teams and tech buyers should consider when selecting workforce collaboration toolsets and deciding which apps to authorize?

Gopi:  Compliance is important, of course, as well as integration with existing infrastructure like Wi-Fi and PBXs. Also think about voice quality. Enterprise-grade tools should provide jitter and noise cancellation capabilities, and support voice roaming via multiple Wi-Fi access points.

###

Editor's Note: 

Want to learn more about how workforce collaboration tools can help your healthcare teams? Check this out.

###

Related Reads:

 
null
Your Edge Blog Team
We want to hear from you! Submit your comments, questions and topic ideas to blog@zebra.com.
Want Our Bi-Weekly Blog Roundup?

Subscribe to Zebra's Blog

Prefer Real-Time Notifications?

Get the RSS feeds

Search the Blog
Are You a Zebra Developer?

Find more technical discussions on our Developer Portal blog.

Reflexis is Now Part of Zebra Technologies

Visit the Reflexis blog for more retail, hospitality and banking-related insights.