Canon Group
Close Close
Menu Menu Close Close Search

Is mobile and wearable tech a security risk when it comes to general practice?

Almost everyone uses some kind of mobile or wearable device today, but how secure are they for use by GPs?

According to the Royal Australian College of General Practitioners (the RACGP), while mobile and wearable tech offers GPs some exciting possibilities, it is important to proceed cautiously.

The most recent research by the RACGP, the 2016 report Technology in General Practice: Mobilising Healthcare shows that while technology is fast and convenient, it is also insecure.

Email

Email is so widespread and accepted that some patients assume it will be used by their GP. The problem is that most email is unencrypted and insecure. A malicious actor or third party may be able to access the information. This is even more of a risk when email is sent from a mobile device.

Since general practices must comply with the Australian Privacy Principles to protect patient confidentiality, there are serious risks for GPs who breach these principles. These could range from fines to legal action.

GPs can encrypt their emails, but there is no widespread solution for patients, leaving email as a potentially dangerous channel.

SMS

GPs who use their personal phones to send SMS to patients are compromising their own privacy and revealing their contact details. Patients may expect that their doctor will now be available around the clock.

Phone photography

It’s a great tool and so convenient, but consider the risks if you take a photo of a patient’s condition. Your phone has now become part of the record system. Is it secure? How do you ensure confidentiality? Can you transfer it securely to the patient’s records? How can you ensure it is no longer identifiable on your phone?

Remote monitoring of wearable devices

Fitbits and other wearable devices present similar issues with security. These devices can feed information to GPs, such as blood sugars or blood pressure. What process is in place for an urgent or emergency situation in the middle of the night? Does the patient expect the GP to be constantly monitoring her data or safety?

mHealth

mHealth systems should be implemented, but only when a business case has been prepared. Safety and security issues are only one component of the overall system. Resources need to be allocated for support and training of admin staff if the move to mobile tech is going to be successful.

Policies

GPs need to have official policies concerning mobile devices, to clarify the issues and processes for both staff and patients. Preparing a policy brochure for patients that details confidentiality issues means they can make informed decisions and provide consent. As one example, using SMS for appointment reminders can be safe and effective if clinical information is excluded.

RACGP toolkit

GPs looking to make more use of mobile and wearable tech, and wanting to avoid some of the security risks, would be well advised to read the RACGP’s resource: mHealth in general practice: A toolkit for effective and secure use of mobile technology.

Follow us on
Related Articles