Tablets and Officemate

**kelanor** · 10-04-2012, 03:03 PM

We just switched over to electronic records in our office, and the dr. is really struggling with using the laptop during exams

He feels like he is turning his back on the patients too often.

We were thinking that a tablet might be a possible solution to the problem. He's pretty tech savvy, he just doesn't like the lack of interaction he feels from the laptop.

Is anyone else using tablets in the exam room (or elsewhere) with OfficeMate/Exam writer? Do you like it, or is it difficult to work with?

Thanks,

Kelanor

**Sledzinator** · 10-04-2012, 03:10 PM

There is a new app for the Ipad that is for officemate called OTTO that you might check out. Looks pretty neat and they have plans to have it work with exam writer as well.
http://seeotto.com/

**jmainwar** · 10-04-2012, 05:21 PM

Second the above. I just saw the app yesterday and it looks great, especially if you have sold your soul to VSP... They want 99 a month for non-officemate users so it wont fly here. We had an unused instrument table that I installed a keyboard tray and a monitor arm on so that it can be swiveled to review photos with the patient. The phoroptor controls sit nicely on top of it.

**Java99** · 10-04-2012, 06:25 PM

In my last position the docs used laptops and tablets with Officemate and iRDP to connect. Currently I use IPads for POS with MVE and Splashtop, it works great. No back turning or obstruction.

**sharpstick777** · 10-05-2012, 01:05 PM

There are new issues with any mobile device due to HIPAA. New regulations require that you inform your entire practice if there is a data breach. What that means, if a tablet gets stolen, is that you have to send a letter to EVERY patient you have records for to tell them their data is compromised, whether the thief actually accessed their data or not, just that they COULD have.

Not only is this embarrassing, its expensive. That can be a lot of mail for an established practice.

So if you go mobile, hold on to those devices...

**harry888** · 10-05-2012, 05:32 PM

Originally Posted by kelanor

He feels like he is turning his back on the patients too often.

Thanks,

Kelanor

I also felt that way as a patient with my primary care. Seems like he spent all his time staring at the screen. Two years later, he is now familiar with the program and does much more eye to eye time.

Harry

**Johns** · 10-05-2012, 10:17 PM

Originally Posted by sharpstick777

There are new issues with any mobile device due to HIPAA. New regulations require that you inform your entire practice if there is a data breach.

We use an off-site server, so it would be very difficult to breach our data. The server can only be accessed via our unique router in each office. In other words, if I take a tablet or laptop home, I cannot gain access to the server on those units unless I receive permission from the administrator.

**racethe1320** · 10-06-2012, 09:22 AM

Originally Posted by jmainwar

Second the above. I just saw the app yesterday and it looks great, especially if you have sold your soul to VSP... They want 99 a month for non-officemate users so it wont fly here.

My understanding is they are offering a 2yr deferment on the cost of any upgrades or installs with the potential to earn a percentage back that will in turn discount the costs of said programs too. For our practice based on the volume it's upwards of $2,500mo I can earn back simply for using the app. That gives me 48 mos. x $2,500 to pay off the Officemate and ExamWriter software. Integrations elsewhere will no doubt be forthcoming. Definitely something we'll be looking into. What I like most about the product is that it doesn't tie you to any lab or any products either. I priced out the service and it's only $20mo if you're an officemate customer. Even at $99 using another package, it still saves tons of time as there's no double entry.

Originally Posted by sharpstick777

There are new issues with any mobile device due to HIPAA. New regulations require that you inform your entire practice if there is a data breach. What that means, if a tablet gets stolen, is that you have to send a letter to EVERY patient you have records for to tell them their data is compromised, whether the thief actually accessed their data or not, just that they COULD have.

The otto app is completely cloud based thus if you lose an iPad, unless you wrote the login and password on it, you won't be in danger of any breach.

**anisometrope** · 10-07-2012, 08:40 AM

Perhaps this solution is too low-tech? (just an example)

http://www.amazon.com/TECHNI-MOBILI-.../dp/B002LI32FE

**J.P.** · 10-08-2012, 02:06 PM

Prehaps he might consider having a scribe to take all the notes and inputing all the data in as he calls it out. Then all he will need to do is quickly review the chart before finalizing and closing the chart. It's the easiest lowtech apporach and one we have sucessfully used for years

**AustinEyewear** · 10-10-2012, 02:41 PM

Originally Posted by racethe1320

The otto app is completely cloud based thus if you lose an iPad, unless you wrote the login and password on it, you won't be in danger of any breach.

The wireless connectivity could be a concern. Depending on security measure put in place, the signal could be sniffed.

**sharpstick777** · 10-10-2012, 03:18 PM

Originally Posted by racethe1320

The otto app is completely cloud based thus if you lose an iPad, unless you wrote the login and password on it, you won't be in danger of any breach.

A log-in and password alone won't protect you from the Data Breach Rule, the entire record transaction has to be encrypted, including cache files.
Most devices can be taken apart and any data, especially browser based, is often held in browser cache files which can be accessed easily.

Most of the HIPAA violation breaches have been laptops getting stolen, and most of those laptops had username and passwords.

If you must go mobile
1) you must secure your network data entirely and professionally.
2) if your device has client data on it, and gets stolen, you are in HIPAA violation and must report the breach. Even if its password protected.

You are only safe if:
3) if your device uses a client, that accesses a server where all data is actually stored, with and NO data is cached on your device and all the data MUST be encrypted in both storage and transmission to be considered exempt.

Most cloud based devices use a common browser to access data that does not encrypt the cache files, and if that data is not encrypted on the device, and it gets stolen, you must report the breach, whether that data was actually accessed or used.

More here: http://www.physicianspractice.com/bl...y-be-surprised

**Sledzinator** · 10-10-2012, 03:57 PM

What if you are connecting to a server wirelessly and an ipad is stollen?

**sharpstick777** · 10-10-2012, 05:07 PM

Originally Posted by Sledzinator

What if you are connecting to a server wirelessly and an ipad is stollen?

If the client program you are using on the iPad encrypts the cache data, and encrypts the transmission data, everything is stored on the server, and you use a strong password, and you can block the device from your network, you will probably be OK. Your network should require a Mac Address authentication, so you can stop the device from all access. If they can still get on your network (bring the device back after hours), you are at risk of a breach.

Best case scenario is a remote wiping program to wipe the entire device remotely.

According to HIPAA, you have to PROVE the there can be no access, not disprove it. Itsyour responsibility to ensure all that is done.

**racethe1320** · 10-12-2012, 08:11 AM

Originally Posted by sharpstick777

A log-in and password alone won't protect you from the Data Breach Rule, the entire record transaction has to be encrypted, including cache files.
Most devices can be taken apart and any data, especially browser based, is often held in browser cache files which can be accessed easily.

Most of the HIPAA violation breaches have been laptops getting stolen, and most of those laptops had username and passwords.

If you must go mobile
1) you must secure your network data entirely and professionally.
2) if your device has client data on it, and gets stolen, you are in HIPAA violation and must report the breach. Even if its password protected.

You are only safe if:
3) if your device uses a client, that accesses a server where all data is actually stored, with and NO data is cached on your device and all the data MUST be encrypted in both storage and transmission to be considered exempt.

Most cloud based devices use a common browser to access data that does not encrypt the cache files, and if that data is not encrypted on the device, and it gets stolen, you must report the breach, whether that data was actually accessed or used.

More here: http://www.physicianspractice.com/bl...y-be-surprised

otto is locked down pretty well and the appropriate measures in terms of development have been put in place. I'll leave the details for you and others to review with their development team. I'm 110% satisfied with their compliance.

**sharpstick777** · 10-12-2012, 12:03 PM

Originally Posted by racethe1320

otto is locked down pretty well and the appropriate measures in terms of development have been put in place. I'll leave the details for you and others to review with their development team. I'm 110% satisfied with their compliance.

You may be satisfied, but will HIPAA be? (there really is HIPAA police by the way)

Race, nothing on the seeotto or the VSP website mentions ANYTHING about security or HIPAA compliance, & because it doesn't, its technically not compliant. Until VSP or PFO Global verifies the security measures, in writing, the theft of the device would constitute a breach under HIPAA, and require reporting etc. It should be no trouble for VSP to have its apps security verified by the third party, it would take about a week, and post those details. Until those details are posted and public its won't qualify as compliant.

Just an FYI, HIPAA enforcement has recently quadrupled, fines have doubled, and stolen portable devices (laptops, tablets) remain the number one single source of HIPAA violations. According to HIPAA, YOU have to PROVE there was no actual breach, its not the other way around.

**racethe1320** · 10-12-2012, 07:41 PM

Originally Posted by sharpstick777

You may be satisfied, but will HIPAA be? (there really is HIPAA police by the way)

Race, nothing on the seeotto or the VSP website mentions ANYTHING about security or HIPAA compliance, & because it doesn't, its technically not compliant. Until VSP or PFO Global verifies the security measures, in writing, the theft of the device would constitute a breach under HIPAA, and require reporting etc. It should be no trouble for VSP to have its apps security verified by the third party, it would take about a week, and post those details. Until those details are posted and public its won't qualify as compliant.

Just an FYI, HIPAA enforcement has recently quadrupled, fines have doubled, and stolen portable devices (laptops, tablets) remain the number one single source of HIPAA violations. According to HIPAA, YOU have to PROVE there was no actual breach, its not the other way around.

I'm very familiar with compliance requirements. One of my sons has worked for Allscripts for years.

**xrayspex** · 10-15-2012, 06:26 PM

Hypothetically,
How would HIPAA "know' about a missing or stolen device?

**sharpstick777** · 10-19-2012, 11:09 AM

Originally Posted by xrayspex

Hypothetically,
How would HIPAA "know' about a missing or stolen device?

The fine for failing to report a computer breach (again, data doesn't have to be actually accessed, you have to PROVE it was NOT) is $1 million.

**sharpstick777** · 10-19-2012, 11:18 AM

Originally Posted by racethe1320

I'm very familiar with compliance requirements. One of my sons has worked for Allscripts for years.

Then Race, why would you advocate an App that has not been certified to meet HIPAA requirements? If its not certified, its not compliant, whether you feel good about the App or not. The question is whether HIPAA feels good about it or not.

Its an easy thing for VSP to have the App independently certified for compliance, there failure to do so creates a potential danger to everyone, regardless of its qualities and benefits or perceived security. Security has to be tested and proven, not just guessed or assumed. You should know that stolen portable devices constitutes the greatest cause of HIPAA violations. Until its been certified, it constitutes a breach according to HIPAA if that device is stolen.

**xrayspex** · 10-19-2012, 11:22 AM

Originally Posted by sharpstick777

The fine for failing to report a computer breach (again, data doesn't have to be actually accessed, you have to PROVE it was NOT) is $1 million.

Wow

Thanks for clearing that up!

**racethe1320** · 10-19-2012, 02:40 PM

Originally Posted by sharpstick777

Then Race, why would you advocate an App that has not been certified to meet HIPAA requirements? If its not certified, its not compliant, whether you feel good about the App or not. The question is whether HIPAA feels good about it or not.

So you have inside knowledge of the app do you? Do you know who VSP uses for compliance audits? You do realize HIPPA isn't person or organization and that it's simply a compliance law enforced by the Department of Health and Human Services right?

Its an easy thing for VSP to have the App independently certified for compliance, there failure to do so creates a potential danger to everyone, regardless of its qualities and benefits or perceived security. Security has to be tested and proven, not just guessed or assumed.

See my notes above.

You should know that stolen portable devices constitutes the greatest cause of HIPAA violations. Until its been certified, it constitutes a breach according to HIPAA if that device is stolen.

Feel free to contact VSP or the HHS to investigate the details. Please report back to all of us. I won't spoil the findings here, I'll wait for you to discuss further.