Telemedicine: Protecting Patient PrivacyHow Mobile Clinics Will Secure Patient Data
Children's Health Fund, a not-for-profit provider of pediatric health services to the medically underserved, recently launched a national initiative with the Verizon Foundation to deliver secure telehealth services via mobile clinics. The clinics are equipped with broadband connectivity and upgraded telemedicine equipment, says Jeb Weisman, the fund's CIO.
The new program, which kicked off recently in Miami, will expand into other cities, including Dallas, Detroit, New York, Phoenix and San Francisco in coming the months.
"The fact that they're part of a mobile medical program because they can't physically get to the hospital and the typical pediatrician's office for one reason or another in no way separates them from any other pediatric patient at an operational level," Weisman says in an interview with Information Security Media Group (transcript below). "In fact, one of the things we've been working on for years - and this initiative enables - is that every child has a record in the institutional electronic health records" system, he says.
"Essentially what's taking place in these mobile clinics is exactly the same thing that takes place in a traditional doctor's office, so the basic rules apply," Weisman says.
That means dealing with similar privacy and security issues, he says, including compliance with HIPAA and the HITECH Act, but also FERPA, or the Family Educational Rights and Privacy Act, because these services might involve minors in school-based telemedicine settings, he says.
"That's the regulatory framework we all operate under ... the same safeguards you'd have in any doctor's office," he says. However, "because the data are traveling though wireless broadband networks, we immediately have to think about people grabbing those broadband signals."
As a result, the project is using a set of encrypted tunnels to transmit data, he says. "We're securing everything and ensuring that the health information associated with telemedicine and these children is as protected ... as it would for any other patient," he says.
Children's Health Fund was founded in 1987 by singer/songwriter Paul Simon and pediatrician/advocate Irwin Redlener, M.D., to provide healthcare for homeless and low-income children and their families.
In the interview, Weisman describes:
- How telemedicine technology will enable dermatology and other specialized medical services to be provided to patients who don't have easy access to that care;
- The technologies involved with the remote care delivery;
- The telemedicine advances that are on the horizons, and the regulatory challenges they present.
In addition to his role as CIO for Children's Health Fund, Weisman is also director of strategic Technologies for the National Center for Disaster Preparedness at the Earth Institute, Columbia University. Weisman has more than 25 years of application and development experience in health information systems and higher education. In his work with Children's Health Fund, he has overseen the conceptualization, design, and development of three generations of pediatric primary care EHRs, specialized electronic data-based systems targeted at managing sub-specialty referrals and transportation logistics, as well as a variety of software and health information exchange applications to support pediatric and family healthcare.
Children's Health Fund
MARIANNE KOLBASUK MCGEE: To start, very briefly describe what Children's Health Fund is and your role there.
JEB WEISMAN: The Children's Health Fund was founded back in 1987 by singer-songwriter Paul Simon and pediatrician Dr. Irwin Redlener principally to help bring high-quality primary care to homeless and medically underserved children living in the various shelters and welfare hotels in New York. Since then, it's grown to encompass more than 20 programs across the United States, all providing high-quality care to children and their families, and often through mobile medical clinics. My role here at CHF is as the chief information officer, which really spans a variety of roles, including not only information, but the technology and systems that underline much of that process, whether it's business or health information.
MCGEE: Why is this new telemedicine initiative important? What kinds of telemedicine services will be available?
WEISMAN: The telemedicine initiative is important for a variety of reasons, not the least of which is that very often these children can't get to the subspecialists that they would otherwise require access to. ... By bringing telemedicine to our mobile clinics, we're able to connect them in a way that they never were before and increase the quality of care, increase the services available to the children, and really reduce the overall long-term cost associated with a lifetime of health for these kids.
In terms of services, the sky is the limit. We're starting with dermatology, but over time we will include cardiology, pulmonology and mental health services, which are also very important.
Remote Care Technology
MCGEE: How will technology be used to enable the remote care, and what are the key technologies being used?
WEISMAN: The technologies involved that are actually enabling this care are standard telemedicine tools, cameras, stethoscopes that can broadcast a heartbeat through the network, video and a variety of other typical tools - ophthalmoscopes for looking in ears and eyes, that sort of thing. Then there are the bridging technologies at the telemedical side, the devices that convert these signals into appropriate formats, and clearly - the thing that has made our relationship with the Verizon Foundation so wonderful - the connectivity that simply didn't exist before. In addition to the care for the children, that's really the story here.
Protecting Health Data, Privacy
MCGEE: How will health data and patient privacy be protected?
WEISMAN: Well, you need to understand that essentially what's taking place in these mobile clinics is exactly the same thing that takes place in a typical traditional doctor's office. The basic rules apply. We have obviously HIPAA and HITECH [compliance], because we're dealing with children, and sometimes in school-based telecenters we're dealing with FERPA, which is the Family Educational Rights and Privacy Act, which has additional requirements and strictures. That's the regulatory framework in which all of this operates. There are all the standard regulations in place about what can and can't be shown, the same safeguards that you would use in any doctor's office.
Now, just because the data are traveling through wireless broadband networks, we immediately have to think of people grabbing those signals. The signals themselves travel through an encrypted set of tunnels, specifically because we're dealing with transmitting health information. The University of Miami ... and the Miller School of Medicine, which are our partners along with the Foundation in this particular pilot project, already have those security protocols in place so that we really are optimizing the quality of what we can move at the same time that we're securing everything and ensuring that the health information associated with telemedicine and these children is as protected or, frankly, in some cases, more [protected] than they would be for any other patient at a typical clinic.
Exchanging Patient Data and Records
MCGEE: How will the clinicians at the mobile clinics be able to securely exchange patient data and records with other healthcare providers, such as medical specialists, labs, primary care doctors, etc.?
WEISMAN: Health information exchanges take place at multiple levels. I think the one that we're most often dealing with here is in the primary care-subspecialty care relationships. If a patient is being seen using this technology in the dermatology clinic, for example, we put the patient into the exam room and we know that the signal itself is being securely transmitted through Verizon's 4G network. It reaches the medical center itself, at which point it enters the medical center's network just as any other health information would. Then, from the dermatology clinic, when they're looking at the images of the child or communicating with the clinician, the primary care pediatrician, the information is being exchanged there just as it would across any other set of clinics within the hospital.
What's nice about this, the way things are set up here, is, with the exception of the fact that the camera is in a different room in a different region of the state, the fact of the matter is it could just as easily be right next door. It's very normalizing, and that's one of the things so extraordinary about this. It's not special. It's the old standard requirements. If you're a clinician and you need to see an electronic health record, there it is, securely through the network, immediately available to you. [It's] the same thing with the image of the child's skin or with a heartbeat. It's very exciting because it's traditional, high-quality secure data transfer. ... There's nothing special beyond that that needs to take place.
MCGEE: You mentioned that a lot of the security and privacy issues of telemedicine are very similar to traditional healthcare delivery. Being that these patients are sort of mobile patients, will there be an electronic health record set up for them so that if they get care from another doctor after seeing a mobile clinician, the data will then become available on a permanent basis for that patient?
WEISMAN: The Children's Health Fund's philosophy is that every child should be a part of a health system in which they're being seen. The fact that they're part of a mobile medical program because they can't physically get to the hospital and the typical pediatrician's office for one reason or another in no way separates them from any other pediatric patient at an operational level. In fact, one of the things we've been working on for years - and this initiative enables - is that every child has a record in the institutional electronic health record system. So if I were to visit the mobile unit, my physician on that mobile unit would be able to bring up my electronic health record that's stored at the medical center, see my immunizations in the statewide immunization registry in the case of Florida, determine my health status, and see any lab test results that they could from the desktop in their office where we're seeing each other at a typical practice.
When a child is brand new to the mobile clinic, they're registered into the system as any other child would be, and that record is available should that child have to go to the emergency room or should that child actually have to visit the hospital for a set of procedures. The mobile clinic now is simply a doctor's office on wheels. It's no longer different than a doctor's office.
MCGEE: So the patient's primary record gets set up, or data's entered into it by the mobile clinic physician or caregiver, that would go into the patient's record held at one of the university medical schools or other partners that you are working with?
WEISMAN: Absolutely. If a child is seen by a pediatrician who's part of the University of Miami, as is the case in this initiative, then that child has a medical record like every other child seen by a pediatrician at University of Miami. After that child has seen the dermatologist at the subspecialty clinic at the University of Miami, the information is in that aggregate record and available to anybody who needs to appropriately access it. In many ways, we used to talk about the mobile clinic bringing the doctor to the kids; what we've done with this initiative now with our Verizon Foundation partnership is we've brought the medical center to the mobile unit to the kids. It's seamless.
MCGEE: Finally, what sorts of advances do you think are on the horizon in terms of mobile healthcare, and what new privacy and security challenges do you think that might pose?
WEISMAN: I think the biggest challenges and initiatives are the ones we haven't imagined yet. But in terms of what we're seeing now, the first great advance is reflected in this particular initiative. There's nothing particularly new about telemedicine in and of itself. What's extraordinary is that we're able to do it reliably from a mobile unit, economically, and still have the high-speed quality connection that's required for this kind of advanced technology. That's the new innovation here. Down the road, the sky is the limit. I do believe that we will see a much greater involvement, less traditional modes of healthcare. We'll see more consumer pressures for what I kind of think of as iPhone technology, where I can play a game on my iPhone, I can turn my alarm on and off at my house with my iPhone; I want my healthcare [information on] my iPhone.
Obviously, we're beginning to see applications both on the iPhone and Android platforms for this, but I think that's where we're going to see the greatest advances and the greatest pressures on traditional medicine to deliver care. As a result, we're going to see tremendous pressures on the existing legal and regulatory system to deal with how healthcare's delivered this easily.
Here's another issue: If I have a wonderful cardiologist, perhaps at a medical center that I'm a partner with in California, and my patient is in Washington, D.C., and my patient's family works all day and they're not available until 5 p.m., wouldn't it be wonderful if my patient could see that great cardiologist in California? The timing is right; the time zones work well. But we can't do that legally now, for good, but historic, reasons. I think we're going to see a lot of pressure to begin to look at how we regulate licensing and access to care as online technologies, beyond even this sort of telemedicine we're talking about, really become a dominant consumer-driven system. Why can't I see the doctor in that state? That doctor is available when I am. I think we'll see a lot of regulatory pressure there. We'll see the advances of technology, which is true in virtually every other professional realm, pressed by increasing consumer demand. I think that with changes in pricing structures, with connectivity, with increased reliability and increased speed, as is the case in this initiative, that's really where the action is going to be.