The Tech Doctor: New Technologies in the Workplace - Blessing or Curse?

Imagine this common scenario: One of your group’s physicians walks into a busy coffee shop in a public area of the local hospital before making rounds. At the checkout, the physician digs into every pocket of his lab coat in search of his wallet, laying prescription pads, pocket references, and his cell phone on the counter. Once he finally locates his wallet and walks away, he realizes he’s left his cell phone behind. He quickly returns, only to learn that his phone is long gone.

At that moment back in your office, your front-desk staffer is using her PC to quickly cut and paste text messages to that very same missing cell phone. Those messages contain a list of patients the physician is to round on, his list of in-office patients scheduled for his afternoon clinic (including the patients’ dates of birth and Social Security numbers, as the staffer just cut and pasted the list from her scheduling screen), and a message that the physician’s broker called and is waiting to hear from him. On the same PC, the staffer is also using instant messaging, or IM, to chat with her best friend across town.

A few years ago, the lost cell phone scenario would have been nothing more than a minor annoyance, resulting in a few frustrating hours at the local cell phone shop to buy a replacement phone, the owner out nothing more than a few frequently dialed phone numbers, his pride, and some cash.

Today, a lost cell phone and your staff’s personal use of instant messaging could have much greater ramifications for everyone involved - including your patients.

What once was a lowly phone is now a pocket computer

The newest generation of cell phones can often synchronize data to and from your PC, connect to corporate e-mail mailboxes, carry robust documents and spreadsheets, store more data than four blank CDs, and, of course, support text messaging. These features can be a godsend to a busy, tech-savvy physician, enabling her to check e-mail, carry hospital rounding lists, store electronic medical reference materials, and receive and send text messages all in one small device. But these new capabilities also mean that you need to do a reality check on the security of your and your patients’ private information.

What used to be a simple device for making and receiving phone calls on the go is transforming into a pocket computer that also happens to make phone calls. Physicians at practices large and small are beginning to utilize the advanced features of these tools. They are on an evolving path, using their cell phones in new ways that can make both their own and their office staff’s lives easier.

While the instant flow of information made possible by sophisticated cell phones can lead to high-risk scenarios like the one described above, you can minimize such risks by keeping and enforcing a few fundamental rules:

• Always enable your cell phone’s “auto-locking” feature. Nearly all cell phones have a function that when activated requires users to enter a PIN to “unlock” the phone for use. Enable this feature and your cell phone is nothing but a paperweight to anyone other than yourself.

• Report a missing cell phone immediately. If your cell phone is lost or stolen, call your cell phone carrier and have it disabled. If the phone turns up, you simply have to call back to have it reactivated. While this may not protect the data already stored on the phone, it will prevent unauthorized users from making calls and text messaging.

• Do not text message unique patient information such as dates of birth or Social Security numbers. A physician’s rounding list can simply consist of last names and room numbers. Omit any patient-specific data that is not absolutely critical.

• The day you buy a cell phone, locate the carrier’s Web site, and create a new password for your account. If you already own a phone, log in today and do the same.

• Password-protect all spreadsheets and Word documents containing confidential data using the password-enable feature in your office’s software application.

• When in doubt, don’t hit the send button. If you think it may not be safe to send some bit of information to a phone, then don’t do it.

The perils of instant messaging

In our imaginary scenario, the front-desk staffer was chatting with a friend using an instant messaging (IM) software client on her PC while also doing her work. Surely no harm could come from such an innocent use of IM, right?

Wrong. Many large businesses (medical and otherwise) block the use of IM on their networks or run a “corporate” IM system that filters dangerous or nonwork-related messages - for good reason. Instant messaging has its place, but you have to weigh its benefits against its risks. Among the troubles IM in the workplace can cause:

• The discreet time waster. Instant messaging is the silent killer of productivity. IM clients on PCs can quietly eat away your staff’s time. “Not in my office,” you say? It may be happening under your nose without your knowledge. For example, in an insurance processing area, it’s impossible to distinguish the keyboard clatter of billers busily posting payments for your practice versus billers typing out their favorite quotes from last night’s episode of “Grey’s Anatomy” to their friends on IM. Those little interruptions often grow from a few messages a day to cases in which staff may be spending up to half of their time chatting on IM.

• PC security risks. Instant messaging software clients come under many names, but all present the same risk - they introduce a direct portal from the outside world straight into your computer system. While many IM software applications do a reasonable job of mitigating that risk, hackers find ways to exploit security holes in IM systems all the time. Your office PC, containing sensitive data, could be made more vulnerable to viruses, other malicious software, or even outright data theft or destruction - all through an access tunnel created by a simple piece of IM software installed on one of your office’s computers.

• Easy in/Easy out. How many of you have pasted something into a document, only to realize that what you pasted was not what you meant to paste, but something from earlier in the day, still stored on your computer’s clipboard? Now imagine that your office’s transcriptionist is chatting on IM. Just as easily as something can come into your network, so can something go out. One inadvertent paste of confidential text into an IM screen by a distracted transcriber can be a recipe for disaster. Once something is sent out via IM, it cannot be recalled.

• “Under the radar” installation. While you may not have installed IM clients on your office PCs yourself, don’t underestimate your staff. IM clients are easy to download and install by virtually anyone with any PC experience, and they often can be configured with “hot keys” that can hide an IM window quickly should a manager come near the monitor, making it difficult to detect unauthorized use.

As you can see, as more and more useful technologies become available, the more vigilant you must be. Sophisticated cell phones, text messaging, and instant messaging are clearly here to stay. The question you must ask yourself is: Have I planned for the appropriate use of these technologies in my practice?

Jonathan McCallister is a client-site IT manager for a major healthcare consulting firm, and he is currently assigned to a 140-physician practice. He has worked in healthcare IT management for more than eight years and in general IT management for more than a decade. He can be reached via editor@physicianspractice.com.

This article originally appeared in the January 2008 issue of Physicians Practice.