Quick announcement: Facebook is currently running a trial of integrating voice and video chat into its main application, meaning that users could soon start conferencing over Facebook directly without using the Messenger app. If you'd like to read more of our coverage on how technology has recently affected workplace communication, click here.
A BBC report this week details a trial run of a new healthcare-related technology system for medical patients' homes. Piloted in Dorset county in the southwest of England, the system uses a network of six to nine sensors installed in a home to monitor vital signs and personal habits. Nick Weston, chief commercial officer at Lili, the company that developed the technology, states that the system would allow monitoring of, "small changes in behavior." They claim that monitoring small changes, such as the frequency at which certain home appliances are used, can offer insight into a patient's recovery following an injury or especially invasive surgery. Lili also claims their tech would allow people with long-term disabilities and even COVID long-haulers a degree of independence that isn't possible with live-in caretakers.
As it stands, the system doesn't feature any cameras. But using technology to monitor people in their homes will inevitably raise questions about consumer and patient privacy. Recent controversies around large platforms like Facebook's and Amazon's collection of consumer metadata highlight this. In any case, when it comes to personal health information, tech platforms are constrained by a complex set of statutes designed to protect patients' privacy. As such, firms who intend to use technology to manage their clients' data must educate themselves on the relevant regulations.
Technology and Patient Rights
In the United States, people's health care information is confidential and protected by the Health Insurance Portability and Accountability Act, or HIPAA. One of the main functions of the HIPAA legislation, among other things, was to update legal protections relating to personal healthcare information to keep up with the rate of technological development and ensure a standardized and safe way of relaying confidential information between different parties in the healthcare industry.
Having a working knowledge of HIPAA protections is required for any firm working in healthcare, as well as any non-profits and social service agencies who use patient data for case management and service referral. Not every technological platform is developed with HIPAA protections in mind. It's never wise for a firm to assume that their current IT plans will protect their clients' information. Plus, even when a platform is HIPAA compliant, protecting patient data often isn't as simple as restricting data collection and organization to specific computer programs.
Many data collection platforms in healthcare, such as commonly used software packages like Epic, will often clearly state whether their system is HIPAA compliant or not. When shopping around, firms should always do their due diligence in ensuring their platform is legally air-tight.
Even when a firm manages to secure the right HIPAA friendly software, users will often need to shift their behavior to ensure security. For example, Google Workspace, Google's popular work place cloud platform, has built-in HIPAA infrastructure for those firms that need it. These features can be turned on and off at will. But users need to take extra steps to ensure their own safety and the safety of their clients. For instance, the administrator managing the firm's Google account will need to sort the staff into different organizational units. These units can then be organized by HIPAA compliance, blocking certain features and software from users who work with personal health information and allowing them for users who don't. Administrators will need to make decisions on which employees ought to be sorted into which group and take steps to avoid mistaken categorization. They'll also need to ensure that good practices are put in place relating to data sent to third parties. An employee who flags a Google Document as public because they don't know the steps needed to ensure the Document stays private could very well compromise client privacy. In other words, all the built-in HIPAA compliance in the world won't protect patients from careless user error. Moreover, it's recommended that additional measures, such end to end email encryption, be implemented for those times when sending private information out of the system's protections can't be avoided.
Overall, the protection of client information is an aspect of information technology that affects any firm who claims to work in their clients' interests. Luckily, a managed IT provider, such as Titan Tech, can not only make recommendations for HIPAA compliant products but also aid in the establishment of best practices and procedures to protect client data. To learn more about how Titan Tech can help anyone implement secure data management, check out their website.
And join us next week for more tech news.