How to use your iPhone to keep a patient list

Posted by cris
July 22, 2008

The App store has opened in a huge fanfare, but we are yet to see any patient information managers. They will come, but probably at a premium. However, the software built in to an iPhone is sufficient to keep your patient list up to date, and backed up. Furthermore, there will be no additional cost….

Set up your system:

  1. Turn on password lock on your phone
  2. Create an all-day appointment in your calendar called “patient list.” It will sit above your day’s calender, and be relatively unobtrusive

    3. IMG_0038.JPG

Using the system:

  1. After your morning ward round, enter the URs (Unit Record numbers) of your patient in the notes section of your “patient list” appointment

    IMG_0033.JPG

  2. Take a photo of all the patient labels
  3. Each day, edit the list to reflect changes in your inpatients. Save it to replace all future occurrences of the event.

    IMG_0037.JPG

Using Operating lists:

  1. Create a recurring appointment for surgical or procedural lists
  2. Add notes in advance to upcoming lists, so you can remember what is booked

    3. IMG_0035.JPG

  3. On the day, add the UR number and the procedure code, and billing information, if needed
  4. When entering items, make sure you make changes to “this item only”

Optional tweaks

When you sync your phone with your calender, the patient information will be updated and saved. If you back up your home computer, it is doubly safe.
You can use your electronic patient list to update your logbook, your electronic patient records, your path list - whatever you like. And you can toss your printed ward lists out.

This system doesn’t act as a medical record, but it does keep more information than a printed patient list, with minimum keystrokes.

Clinical, Doctor Hacks, PDA/iPhone, Popular, productivity

Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.

Comments

this will be cool.
imagine integrated patient management systems on the iphone. pull up lab results, XRs, CTs.
see it on the iPhone by accessing direct to the hospital system.

Comment by jeff on July 24, 2008 @ 9:19 pm

Yes, there is an app on App-store that does all these things. It is called iChart, I think. It costs $170, so I was totally right about the cost.

I remember paying maybe $20 for Patient Keeper when I was an intern with a Palm, and I think there should be a cheaper price point.

I mean, these programs are probably mostly aimed at residents, right?

Comment by cris on July 25, 2008 @ 10:23 am

How does this handle the security and privacy requirements of HIPAA?

An iPhone has essentially no security and is easily lost. It scares me when doctors talk about keeping records on them.

Comment by Daryll Strauss on July 29, 2008 @ 3:59 am

Thanks for the comment, Daryll. I am from Australia, so was not really familiar with the HIPAA rules. I read about them on Wikipedia. From what I understand, most of the security and privacy rules relate to transmission over a network. This is not important here, although I suppose you could make the point that some people sync their phone via mobile me.

There are two more issues that I feel need comment. First, the iPhone has been widely criticised for its lack of appropriate security. I have a 4 digit PIN on mine, but that doesn’t seem really uncrackable. However, there is the theoretical possibility of remote deleting that has been introduced with 2.0, but I think that is only available to corporates.

The second point is more important. I proposed this system to replace my current system of taking printed paper lists everywhere. When privacy rules mean that we continue to deal in written, open access paper notes, rather than (simple) password protected electronic systems, then it is an odd ruling. In my experience, my phone is higher on my radar, and I am much less likely to leave it lying around than a printed list.

I am not the best person to comment on this, as HIPAA doesn’t apply to me, and I don’t understand its intricacies very well. But I think there is a real friction between what is legal and what is sensible.

Comment by cris on July 29, 2008 @ 9:51 am

As you said, HIPPA doesn’t apply to you, because you’re in Australia, but I think the privacy and security of medical records on an iPhone is still an issue, particularly in the US.

My problem is that an iPhone is too easily lost or stolen. If you go out to lunch, and leave it behind or have it stolen, what patient information is released? You can’t count on the iPhone password really keeping anyone out.

You’re storing their name, patient number, and what surgical operations you’re doing, but that’s enough to be a problem. I might not want the public to know that I’m having elbow reduction surgery. You mentioned iChart and pulling up XRays or CTs. That’s even more information that really shouldn’t be leaving the medial building.

Comment by Daryll Strauss on July 29, 2008 @ 11:15 am

Fair point. Because our legislation is different, I have to look at things as what I believe is reasonable. And what I would be willing to defend in court.

I would not dream of putting patient information on the phone if it didn’t have a password on it. Admittedly, that security is not optimal, as I am only allowed a 4 digit PIN.

For me the issue becomes how I transport information that I HAVE to have with me. I do use my phone for other things (like going out to dinner), but I mostly use it at work. If I keep my information this way, I discard the printed patient lists (in shredding bins), and keep most of my notes under password at least.

I agree that this system does keep sensitive information. If you take photos of a patient label, you have all that person’s identifying information. And I agree that procedures etc are private information as well. It is not for me to share any procedure any patient is having, regardless of the social context.

I think iChart and similar haven’t clearly addressed this issue yet. There is no clear statement of the file encryption. Also, their system backs up the database to an online site, which is even more complicated in terms of privacy.

Your comment about information leaving the hospital building is interesting. Private practice may work differently, but I work in a hospital. Almost by definition, they are really insecure places. Basically, lots of people have a right to be on a hospital ward - from catering staff, to visitors to medical and ancillary staff. From experience, I know that information doctors carry with them around the wards is more secure than the medical records and charts, purely because there is one person acting as gatekeeper to that information at all times.

I understand you work in IT, and you seem concerned with identity privacy. As a member of the concerned public, how do you think this stuff should be managed? Remember that doctors are mainly a mobile bunch, and have to carry some sort of details and notes with them.

Comment by cris on July 29, 2008 @ 12:14 pm

There’s always a trade off between security and access… The question isn’t so much should you carry information with you, but what is a reasonably secure way to do it?

The trick is to find a happy medium and think thru possibilities. For example, it sounds like you have a good idea of how you’re going to avoid losing your phone. For example, I *know* where my phone is at all times — if I put it on a table, I don’t let it get covered up. At home and at my desk, there are only a few places I leave it, and it’s never far from me. You can’t do this perfectly, but “perfect” is not attainable.

You can also think about risk of theft and how to prevent that. That involves being aware of people around you, especially when it’s sitting on a table or something. If you’re in a crowded place or in a dangerous neighborhood, you could keep it in an inside pocket and avoid using those white ear buds, so people don’t know you have an iPhone. Again, you can’t do this perfectly!

We did once have a scare in Washington DC because some government employee lost his laptop, and it had records for a lot of veterans on it. In that case, the police were able to find the laptop and found the thief had not cared or noticed the information on the computer. So, there was a lot of concern about this, but the information was never used for identity theft. Of course, you can’t depend on thieves not hacking your phone, but you can factor into a risk analysis that most thieves are not interested in the information in the iPhone.

On the software side, just the fact that you have a passcode on the phone helps since that means it will take longer for someone to hack it, especially since the iPhone requires the pin if the phone is simply turned off and moved. To increase the chance the pin is required, keep the “auto-lock” time set to one minute and require the passcode after a relatively short time. This only buys time, but buying time is worth it when it comes to security.

If you do misplace your phone, borrowing someone else’s and quickly dialing your number might help you locate it. It might not, but it would be worth doing.

So do you see where I’m going with this? Think things thru and plan. Talk to Apple and the software company that wrote iChart, if you decide to use that and see what else can be done. The newer iPhones have GPS built in — if you have one of those, that could be used to locate the iPhone fairly quickly. Talk to the police to find out what they could or would do if it was stolen.

I think you can make a plan that would keep the data reasonably safe.

While you’re thinking this thru, you might want to consider the advantages to your patients, as well. You will probably have more information on hand and you might spend less time doing paperwork — that all sounds good to me if that means you can spend more time with patients. And you’re probably more likely to lose papers or two here and there as you go.

If you were my doctor, I think the risk would be worth it.

Comment by liz4cps on July 30, 2008 @ 2:56 pm

Some great points, liz. I guess there is this perception out there that if you lose your laptop with all your information, that is a travesty. I bet if someone left a paper folder somewhere with all their patient notes, then there wouldn’t be such a big uproar.

I agree with you that it is about thinking about what you are doing and why. I believe in critical thinking, and therefore don’t think things are secure just because they are in a particular location.

I also like the point you made about why we need to carry information with us. For me, I need to get my patient lists onto my home computer so that I can keep an audit, both of surgical procedures I perform and their outcomes/complications. Maybe patients would feel unhappy about having their information transported anywhere, but I bet they would prefer to be treated by someone who regularly audits their own performance.

Comment by cris on July 30, 2008 @ 3:24 pm

Yes, I’m definitely guilty of being an IT professional. :)

I spent some of my years working for the agency that defined, implemented, and tested the security of US DoD computers and facilities. That has led me to pay attention to issues of security and privacy.

Your comments on the insecurity of a hospital are also noted. I was sitting in an examining room at my doctors office. Security there is probably better than a hospital, because of the limited number of people who require access. In the room is a terminal so the nurse and doctor can record data and the doctor can pull up old records. Of course, that’s password protected so patients can’t access it. But as I sat there I noticed two immediate problems. First, the staff wasn’t particularly good at hiding their passwords. They were too short and I could shoulder surf fairly easily. Second, the terminal they used was located in the room. I easily could have attached a key logger, and grabbed the passwords.

There are always trade offs between security and usability. Also, there is no such thing as secure, it’s always a matter of deciding how long you want it to take for a given attacker to break the security. The more computing power you have the faster you can break an encryption system. You have to decide how much risk you can tolerate depending on the content your protecting and who might be trying to acquire that data.

My concern is that the PIN code on an iPhone is a really weak security measure. Apple never intended it to stop someone who had access to the phone. The iPhone really should be considered a computer, not a phone. With 16GB of storage it can store a significant amount of data, and with all the services it runs it can be attacked in a variety of ways.

What I’d suggest is strong encryption with good authentication, and a policy that you lock and unlock the application between each use.

The reality is that the iPhone isn’t going to be very amenable to typing a good password. If a procedure is too inconvenient it’ll be avoided. For example, users would likely pick really short passwords.

There are three ways you can authenticate someone, by having them present something they know (as password), something they are (biometrics), or something they have (a physical key).

With an iPhone, your best answer might be a something like a blue tooth finger print reader. Something small enough you could carry it in your pocket. Just stick your hand in your pocket and press your thumb in to the reader. It would have a unique id and it check your finger print, then do a challenge response with the phone or any other computer for that matter.

As far as I know such a thing doesn’t exist. So as a practical matter, you’re more limited. The last couple posts by Liz and yourself are in the right direction. It’s easy to let convenience trump privacy, but if you take the time to think about the trade offs you’re making and whether they are beneficial to the patient, that’s the best you can do.

Comment by Daryll Strauss on July 31, 2008 @ 1:44 am

[...] Keep patient demographics, in a pinch. Although you probably have another system for keeping track of patient information, sometimes it breaks down. A test note, or a photograph of a patient label will support your main system. [...]

Pingback by 20 ways Surgeons should use Evernote on October 22, 2008 @ 2:15 pm
Leave a comment

(required)

(required)