Using Apple Watch for EHR AccessHow Nebraska Medicine Weighs Privacy, Security Concerns
As healthcare entities embrace consumer wearable health devices and other remote medical monitoring capabilities, with the aim of improving patient outcomes, it's critical that organizations also carefully weigh the data security and privacy risks, says Michael Ash, M.D., chief transformation officer at Nebraska Medicine.
Nebraska Medicine, along with the University of Nebraska Medical Center, received a $10 million research grant last year to study remote health monitoring and the impact on patients, such as those with chronic illnesses like diabetes, he says.
"We want to push the envelope, but we want to do it in a way that's very, very safe," says Ash, whose organization recently began enabling its patients and clinicians to use Apple Watches to view data from Nebraska Medicine's electronic health record system, which is provided to the Omaha, Neb-based integrated health delivery network by vendor Epic Systems Corp.
Epic's MyChart app for Apple Watch, which is being used by Nebraska Medicine, allows patients to securely view messages from their clinicians, as well as upcoming appointment details, notices about test results, and information on their medications.
However, Nebraska Medicine is taking a cautious approach before allowing all Apple Watch capabilities to be fully tapped. For instance, Nebraska Medicine has opted to shut off the Siri voice capability of the Apple Watch health app due to HIPAA privacy concerns, he says in an interview with Information Security Media Group.
That careful strategy for privacy and security of mobile health apps and remote patient monitoring is also being taken as Nebraska Medicine rolls out other telehealth related initiatives, he explains.
"We haven't turned on every feature and haven't enabled every device to communicate with our electronic medical records, so we are picking and choosing," he says.
"We are looking at each area, each application and even each vendor to make sure they're meeting HIPAA requirements and are demonstrating their ability to securely transmit that data back and forth," he says.
He advises that other organizations also carefully weigh these considerations carefully before jumping into innovative telehealth efforts.
"Be open-minded to the capability and what patients are really asking for" in the use of these mobile and remote capabilities, he says. "However, as you're being open-minded, you have a responsibility that the information is being secured."
In the interview, Ash discusses:
- How Nebraska Medicine's Epic MyChart app for patients and a related Epic Haiku app for clinicians allows secures data access;
- Privacy and security considerations for patients who use mobile devices for health-related activities;
- The biggest security and privacy challenges posed by consumer wearable health devices and mobile applications.
In his role as senior vice president and chief transformation officer at Nebraska Medicine, Ash oversees a number of areas, including enterprise applications, telehealth, enterprise technical services, clinical services and information security. Ash also recently headed up the integration effort that brought together several hospitals and outpatient clinics, forming Nebraska Medicine, which includes 1,000 physicians, 678 licensed hospital beds and 40 specialty and primary care clinics in Omaha and the surrounding area. Prior to joining Nebraska Medicine in 2014, Ash was vice president and chief medical officer at Cerner Corp., a provider of EHR and other health IT products and services. Prior to joining Cerner in 2003, Ash worked as an internal medicine physician.