Section3.6Select

Section 3Select—Hardware and Mobile Device Selection and Security - 1

Hardware and Mobile Device Selection and Security

Use this tool to assist in determining the most appropriate hardware and mobile devices for your health information technology (HIT) applications.

Time needed: 8 hours
Suggested other tools: Section 1.4 EHR Technology Readiness Inventory, Section 1.5 HIE Technology Readiness Inventory

Introduction

The physical hardware environment that is required to support your HIT investment is varied and diverse. It includes servers, switches, PCs, tablets, smart phones, bar code readers and many more hardware compents to numerous to mention. The technical environment is ever changing and rapidly evolving. Security of each hardware component needs to be addressed as you implement the hardware. Hardware of some sort will be required to access the information in your HIT applications. Familarity with the terms and some of the hardware that is required will prove essential as you proceed wih your HIT project.

How to Use

  1. Identify the types of hardware your electronic health record (EHR) and/or health information exchange (HIE) require you to acquire. Your selection of a straight license client/server product or an application service provider (ASP)/software as a service (SaaS) model will determine whether you need to acquire servers and associated network devices. If you are acquiring servers you should obtain information from the vendor on minimum essential—as well as optimal—hardware configurations. It is important not to skimp on hardware or network connectivity, as it makes a big difference in the ability to use the system.
  2. Compare input device(input device is any device that provides input to a computer) capabilities to evaluate what is best for providing behavioral health services. Differences are significant and directly impact use. It is also important to think ahead. If you have a migration path where you will be buying more basic components first, you do not want to limit the hardware to only what will work for basic functionality; otherwise you may soon be faced with replacement costs.

3.Attempt to limit variation in input devices acquired or approved for use. Although one size does not necessarily fit all for input devices, a minimum amount of variation is recommended. Too many different devices, or even the same type of device from different manufacturers, can be costly to maintain. Parts are not interchangeable, documentation of system installation and maintenance differ, and upgrades come at varying times. This is especially true for small facilities with minimum IT staff. Despite the trend toward permitting users to “bring your own devices” (BYOD), the burden on a small organization and the risk that the device does not have the proper security are too great.

4.Test input devices. There are significant differences in input devices and how well they can be used in different types of environments. (See table below.) While a thorough test cannot be performed without the actual application in place, a small number of different devices can be provided to different users early in the process of HIT planning. They can use these devices to test routine email, Internet access, computer skills building, and even review vendor demonstrations. This not only helps evaluate the devices, but builds computer skills for those lacking such skills and helps end users evaluate how they will use the devices at the point of care.

5.While administrative staff in behavioral health facility will likely use desktops or stationary notebook/laptop devices, therapists may have more options—especially if they provide services away from the office or in more than one location in the office. There are several considerations to help determine whether notebooks, tablets, or smart phones are most desirable.

Types of Devices: Stationary vs. Mobile

Stationary Devices / Mobile Devices
Desktops
  • Require space for monitor, keyboard, and system unit (if a thin client* is not used).
  • Associated devices, such as navigational devices, speech recognition, power, security.
Notebooks/Laptops
  • Enable portability when necessary by staff or to swap for use in the field.
  • Requires extra precautions for encrypting the data retained on the device.
  • More expensive than desktops.
/ •Notebooks/laptops
•Tablets
•smart phones
For notebooks/laptops, issues of:
•Weight
•Heat
•Battery life
For tablets, issues of:
•Weight
•Battery life (better than notebook/laptop)
•Processing power
For smart phones, issues of:
•Size of screen
•Battery life
•Processing power
For all:
•Require wireless network, or downloading patient data for the day (if sufficient storage).
•Require consideration for where to put the devices when not in use at the client’s home and when traveling. (See Security Considerations below.)
Expense is variable.
Not all EHRs are designed to work optimally on a smart phone.

*A thin client refers to a computer with minimal or any local processing capability. As data are entered, they are sent to the server, processed, and returned to the user. Many EHRs used by home health agencies will likely run on thin clients. Some with highly sophisticated processing functionality may require a “thick client” (i.e., one with a system unit housing local processing capability).

Speech/Handwriting Recognition

Some clinicians prefer to handwrite or dictate. Speech recognition, except when used to issue voice commands to a structured data template (discrete reportable transcription [DRT]), does not generate discrete (structured) data values. As a result, the computer cannot process the information into graphs or trend lines, or perform clinical decision support with the information dictated. Many behavioral health specialists already dictate, and some may already use speech recognition systems. You should be aware of issues associated with speech systems and plan carefully should they become a consideration in your HIT selection:

  • Speech is digitized and matched against coded dictionaries to recognize words.

-Newer speech recognition systems accommodate continuous speech.

-Newer systems are speaker-independent, requiring almost no training (although in some cases systems improve accuracy with use).

  • Speech recognition is improving in accuracy; however, commonly used terms rather than medical terms are where errors often occur. For example, next week may be spoken as “nexweek” which the system cannot understand.
  • Correction must be performed, either:

-Retrospectively by an editor

-Concurrently by the user

  • Speech recognition at the point of care may be a significant change for clinicians who are not accustomed to telling their clients what they are entering into their health records. However, if used to keep the client engaged while performing data entry, this feature can be very helpful.
  • Speech recognition is most successful in areas of health care that have a high degree of standardization/repetition and a small amount of content to be dictated.
  • Discrete reportable transcription utilizes speech recognition with natural language processing. The user dictates, following a template on the screen. The narrative dictation is captured as a note; simultaneously, the structured data fields on the template are populated. The template must be followed without jumping around or the system will not know where to put the data. These systems are very new, more expensive and must be used with EHRs that are compatible. They may not be suitable for behavioral health if there is a high degree of variation in workflow.
  • Handwriting recognition (on a tablet) is a very similar process to speech recognition, although it may require more system training. Newer tablets have the ability to select data from menus using a stylus or finger.

Bar Code/Radio Frequency Identification (RFID)

The U.S. Food and Drug Administration has requires manufacturers to apply bar code labels for all human drug and biological products. Bar codes on packages of drugs have been used primarily for pharmaceutical inventory. More recently, they are being used in medication administration when patient wrist bands, nurse badges, and unit dose medications all with bar codes are available. Bar codes are also being used to manage lab specimens.

Radio frequency identification (RFID) is similar to bar code technology but does not require direct line-of-sight to read the codes. In health care, RFID tags are being used to track movement of clients (especially those with memory loss) and employees, expensive equipment, and narcotics.

Document Scanning Systems

As the desire to become paperless becomes ubiquitous, consideration may be given to acquiring a document imaging system, which requires a scanner. Small, portable scanners are available. More heavy duty scanners can be leased, especially for temporary archiving of old paper records. More sophisticated electronic document management systems add indexing functionality, as well as the ability to transfer electronic documents, pictures, voice files, etc. directly into a document repository.

Kiosk

A kiosk is a computer with special software to support limited data entry via mouse, card reader, and/or touch selection. Some kiosks are built into furniture and may also include limited printing capability. (An example of such a kiosk is at an airport ticket counter where you may touch the screen to enter your itinerary and a boarding pass can be generated.) Kiosks are becoming popular in hospital and physician office waiting rooms to identify arrival of a patient or family member, and to allow patients to enter their demographic data and history of present illness. Kiosks are also used in intensive care waiting areas to inform family of the status of their loved ones and for patient authorization or consent, where the client reviews a document and affixes a digitized signature.

In the behavioral health environment, a tablet, with appropriate software, can serve as kiosk if there is frequent need for obtaining client authorization. There is also evidence to suggest that, especially for young people, interacting with the computer is easier than speaking to therapists directly. Accessing a kiosk-type presentation of an assessment online can aid engagement with confrontational teens. For persons in remote communities, a kiosk can include an online chat session or even a Skype call. Apps for mobile devices can be viewed as a special type of kiosk as well, and can incorporate physiological sensing. Kiosk functionality or apps are the basis for games—a modality that psychotherapists have started to find useful. (See: The Online Couch: Mental Health Care on the Web, California Healthcare Foundation, June 2012) It must also be noted, however, that mental health issues can be linked to too much computer and smart phone usage. It is important to find the right balance between reaching an individual in need and contributing to behavioral health problems.

Security Considerations

On devices and media:

Loss or theft of mobile devices is one of the biggest concerns in health care. A significant percentage of breaches reported to the federal government are those where mobile devices have contained protected health information that has not been encrypted. Applying a password is not adequate. To reduce the likelihood that your behavioral health facility could have a breach of privacy as a result of a lost or stolen mobile device, follow the Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals available at: This Web site also directs the reader to the National Institute of Standards and Technology (NIST) Special Publication 800-111, Guide to Storage Encryption Technologies for End User Devices.

It is essential that any device that is moved, or can be moved, be encrypted. The EHR vendor should be able to apply this technology for you so that the process is seamless to the end user. Be aware that laptops and notebooks are also portable. In fact, there have been a number of reports of loss or theft of servers and backup tapes and disks. Literally anything that can be moved needs to have data encrypted.

During transmission:

Encryption must also be applied to protected health information as it is transmitted. The Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals referred to above also points the reader to NIST Special Publications 800-52, Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations 800-77 (for transmissions over the Web), Guide to IPsec VPNs; or 800-113, Guide to SSL VPNs (for transmissions through a virtual private network [VPN]), and “others which are Federal Information Processing Standards (FIPS) 140-2 validated.”

Any organization providing HIE should have specific requirements for securing transmissions. For more information, see Section 4.10 Using Direct for HIE and Section 4.11 Using CONNECT for HIE.

Copyright © 2014 Stratis Health.Updated 03-14-14

Section 3 Select—Hardware and Mobile Device Selection and Security - 1