Hospital information technology departments for some time now have focused on developing effective policies regarding the use of smart phones and cell phones in facilities by physicians and other caregivers. Trouble is, there is no universally accepted best practice in this area.

To help its members better understand the sometimes complex issues and risks associated with smart phone usage in health care settings, ECRI Institute recently issued a guidance report titled "Judgment Call."

Risks associated with caregivers using smart phones in patient care areas include potential security breaches in which protected health information (PHI) is inappropriately disclosed through the phone.

Other potential breaches include theft or loss of the smart phone with PHI on it and staff or volunteers taking and distributing unauthorized photos. Likewise, staff may reveal PHI on social network pages.

Smart phones also can present a distraction for physicians and nurses and adversely impact patient care.

Finally, even though documented cases are rare of smart phones or cell phones causing disruption of medical devices, this remains a concern. For these and other reasons, hospitals need to develop comprehensive policies on cell phone and smart phone usage.

"There is a good chance that any given hospital will have a policy related to cell phones, but there's a very good chance that policy is very limited and is outdated and isn't considering some of the complexities associated with newer technologies like smart phones," says James Keller Jr., vice president, health technology evaluation and safety, ECRI.

An effective policy developed in conjunction with clinicians and other staff, the report points out, will:

  • Instruct all staff, including independent physicians, to maintain an arm's-length distance from medical devices when using a cell or smart phone.
  • Require passcode protection on the phone to unlock the device. Although not foolproof, simple measures like this can prevent a lost or stolen phone from becoming a security breach.
  • Create password-protected access to applications or files that could include or provide access to patient information or other data.

Briefing on the ECRI report visit. The Healthcare Information and Management Systems Society also offers a sample mobile device user agreement.