Libby Dowdall, Communications Coordinator, Project HealthDesign National Program Office
The Journal of Healthcare Information Management (JHIM) recently published “Lessons from Project HealthDesign: Strategies for Safeguarding Patient-Generated Health Information Created or Shared through Mobile Devices” (pdf), a new paper from Project HealthDesign’s Regulatory and Assurance Advisory Group. Experts from Manatt, Phelps & Phillips, LLP, and the Center for Democracy & Technology co-authored the paper, which appears in the summer issue of JHIM.
The paper draws insights from Project HealthDesign’s five Round 2 grantee teams (2010-12). In the absence of established best practices for safeguarding patient-generated data created and/or shared through mobile devices, each team implemented a unique approach to device and data security. Whereas clinical data is subject to the HIPAA Security Rule, patient-generated data is not. Even so, during their studies, several Project HealthDesign Round 2 grantee teams implemented systems or approaches in which patients shared data about their observations of daily living (ODLs) — one form of patient-generated data — with their health care providers. The resulting strategies for protecting patient-generated data should prove valuable if and when it becomes more common for patients to share with clinicians select data (or summaries of the data) they’ve generated outside of the clinical setting.
The grantee teams’ approaches inform the strategies shared in this paper. Topics include data encryption; limiting the nature and extent of the data that’s transmitted; equipping patients to assess the risks of storing and transmitting the health data they generate; and educating patients about options for protecting the data. Finally, the paper encourages health care providers to thoughtfully weight the risks of storing and transmitting patient-generated data on mobile devices with patient-generated data’s benefits for clinical care and individuals’ self-management.