I had the opportunity to attend and participate in the ONC Mobile Security Round Table held in Washington, DC, today at the Health & Human Services Headquarters. The event was well attended and provided a well rounded, no pun intended, coverage of the issue starting with a Regulatory enforcement overview by all of the Agencies within the USG with a role in that area, a great session with multiple physicians providing first hand insight into how they use mobile devices and how they fit into their workflow, and then a session to close with multiple practitioners talking about the Privacy and Security risks associated with mobile technologies.
The Round table was kicked off with an introduction by Dr. Mostashari who did an excellent job of framing the discussion that needs to be had regarding mobile technologies. All in all it was a fairly balanced discussion that highlighted both the benefits and risks of the mobile device landscape. One thing that was notable was the overwhelming agreement that it was access that was critical not having the data on the device itself that was the priority. In fact, the physician panel was consistent that the value and the need for these devices was to enable access and communication, but that they preferred not to have live information resident on the device thereby increasing risk. Also notable was their agreement that anyone who wanted to connect to a hospital network using a personal device should be ready to meet security requirements such as applying passwords, antivirus protections, locate and wipe controls if lost, and multifactor authentication for access to clinical applications.
They also discussed the increasingly important role of texting, but recognized its limitations, and its inappropriateness for conveying certain types of information, placing orders and its inability to communicate effectively with the EMR. All in all it was a good discussion, and credit should be given to the ONC and OCR for engaging the community in this dialogue. It also highlighted that we still have a long way to go in establishing an effective security framework for mobile technologies. It was also nice being able to spend some time visiting with the folks in OCR prior to and after the Round Table.