A few paragraphs down in my recent post entitled Surface computing and the future of health IT, I wrote about Motion Computing's C5 Mobile Clinical Assistant, the first truly usable portable computer for clinicians I have seen. If you weren't interested in Microsoft's Surface Computing initiative, you may not have got that far in reading the post; the post title didn't reflect that it was partly about the C5. I'll need to do it more justice in a future post. While looking into the C5, I ran across a page on their anti-theft technology service. It definitely deserves attention of its own.
Losing portable devices containing HIPAA protected health information (PHI) is one of the nightmares everyone suffers from on our Health System's IT security workgroup, and I'm sure it's on the minds of everyone responsible for securing healthcare information technology against preventable loss of PHI, a serious violation of HIPAA.
Called ComputraceComplete, their service has several facets, as can be seen in this quote:
- Computer Theft Recovery: virtually undetectable software runs in the background of your PC and reports the computer’s location to a secure monitoring center. When a PC is reported stolen, a recovery team immediately begins working to track it down. If the machine cannot be returned, the customer may be eligible for up to a $1,000 Recovery Guarantee.
- Secure Asset Tracking: For IT asset management, ComputraceComplete can give IT staff visibility to up to 100% of their client computer assets utilizing a selection of twenty-six unique reports.
- Data Delete: ComputraceComplete provides the ability to remotely delete data on stolen computers to it from falling into the wrong hands. This feature can help customers meet strict regulatory requirements.
I can see a lot of potential for this service. It's too bad they limit the service to their own devices; it's probably a good strategy for promoting sales of their computers, but it would be a great service to the public if it were available for the protection of PHI on all the legacy laptops and handheld computers for which every health system is responsible. Frankly if they have a patent on it and managed to lobby Congress to mandate use of software like theirs, it could be a bigger business than the C5 and their other portables.
I'm sure that's not part of their business plan at this point, though. It's too much of a distraction from their Job One, which is to market the dickens out of their cool toys.
The trick is not in the device, rather its in the device's access to the PHI - you see a huge trend upward in Remote Desktop, Virtual Desktop, SSL VPN, etc - where the device is merely the presentation layer in a class three-tier model. This being said - in the near future - devices will be all about access control, gateways to PHI but storage of PHI on them is not only ridiculous but unnecessary. I think the last remaining bastion will be VNA's their roaming, remote clinician model is tough but with a Verizon wireless card and SSL VPN, they too can be rendered free of the potential disaster than is locally stored PHI.
Thanks,
Rob
I run a Healthcare Pro List on HIPAA here, please subscribe if interested:
http://www.freelists.org/list/hipaa
Posted by: Rob Bergin | June 25, 2007 at 09:43 AM
Two great links on Surface computing:
Popular Mechanics (7/2007)
http://www.popularmechanics.com/technology/industry/4217348.html?page=1
TED & Jeff Han
http://www.ted.com/index.php/talks/view/id/65
Posted by: Rob Bergin | June 25, 2007 at 09:48 AM
Thanks for the comments, Rob, and also for the suggested links on surface computing. I've subscribed to the HIPAA list.
I don't think any mobile solution will ever be perfectly reliable. I think that one of the first hospitals to depend on wireless to support mission-critical clinical care will prove this to some patient or patients' detriment.
This will take the form of a 'system accident', a kind of 'normal accident' where multiple component failures interact in unexpected ways - e.g., a serious adverse event requires immediate intervention, the computer system fails to deliver prescribing information due to a network outage, and the nurse or doctor failing to recall the prescribing information due to over-dependence on technology. See http://oak.cats.ohiou.edu/~piccard/entropy/perrow.html for more on system and normal accidents.
Wireless apps need to support intermittent connectivity and to continue to function as normally as possible in a disconnected state. Even this level of sophistication is not enough, though. Health professionals need to be able to function without access to information technology.
Posted by: Hunscher | June 26, 2007 at 11:14 AM