Portal de Periódicos da CAPES

Technology and Plastic Surgery

2015; Lippincott Williams & Wilkins; Volume: 136; Issue: 1 Linguagem: Inglês

10.1097/prs.0000000000001379

1529-4242

Ashit Patel, Saba Motakef, Michael J. Ingargiola, Michael T. Chung, Gupta Sc,

Social Media in Health Education

Sir: Technological advances have been embraced by the medical profession and lauded for their potential to facilitate communication, consultation, and coordinated patient care. These technologies are especially useful in plastic surgery. Images have long been a critical means by which plastic surgeons are able to document, evaluate, and communicate patient information. Digital imaging and mobile Internet have greatly simplified the sharing of this information. At hospitals across the nation, computers, tablets, and smartphones are used daily to discuss patient care and exchange images and other data. Careless use of these technologies can lead to disastrous breaches in patient confidentiality. Devices may be lost or stolen, or messages containing protected health information can be intercepted. It is important to note that no device or application is Health Insurance Portability and Accountability Act compliant.1 Therefore, the Health Insurance Portability and Accountability Act–compliant use of specific technologies can only be achieved by appropriate precautions that specifically address their risks. Furthermore, any third parties that handle protected health information for a covered entity are referred to as "business associates" and are required to sign a business associate agreement to ensure compliance. Commonly used technologies and important pitfalls are discussed below2: Short Messaging System messaging: These systems are not Health Insurance Portability and Accountability Act–compliant because data are not encrypted and are stored on a third-party server. iMessage and FaceTime: These technologies are not Health Insurance Portability and Accountability Act compliant. Although data exchanged by means of these modalities are said to be encrypted, a business associate agreement is not currently offered by Apple for these applications. Google Apps: Although Google Apps Free Edition is not Health Insurance Portability and Accountability Act compliant, Google will enter a business associate agreement to support Health Insurance Portability and Accountability Act compliance for Google Apps for Business (a fee-based service). Cloud-based services: Security protocols differ for these services. DropBox keeps "metadata," a listing of all file names, and does not maintain appropriate audit controls and is thus noncompliant. Applications that can make DropBox Health Insurance Portability and Accountability Act compliant (e.g., Sookasa) are available for a fee. Another popular, cloud-based application, 123D Catch, generates three-dimensional images from photographs. However, it remains unclear whether these data are encrypted, and a business associate agreement is not currently offered. So how can compliance be maintained in this complicated environment? A number of strategies have been described to secure protected health information on mobile devices3: Use a password or other user authentication. Install and enable encryption. Install and activate remote wiping and/or remote disabling. Disable and do not install or use file sharing applications. Install and enable a firewall. Install and enable security software. Keep security software up to date. Research mobile applications before downloading. Maintain physical control of your devices. Use adequate security to send or receive protected health information over Wi-Fi networks. Delete all stored protected health information before discarding or reusing mobile devices. Most medical centers also offer physicians Health Insurance Portability and Accountability Act–compliant e-mail applications that can be used to share protected health information. Two applications that were specifically designed to support Health Insurance Portability and Accountability Act–compliant texting include TigerText and Cureatr. Of course, remember to check and follow your organization's policies and protocols for Health Insurance Portability and Accountability Act compliance. By applying these strategies, plastic surgeons can take advantage of today's latest technologies while safeguarding protected health information and avoiding costly penalties. DISCLOSURE None of the authors have a financial interest in any of the products or devices mentioned in this article. Ashit Patel, M.B.Ch.B. Department of Surgery Division of Plastic Surgery Albany Medical Center Albany, N.Y. Saba Motakef, M.D. Department of Plastic Surgery Loma Linda University Loma Linda, Calif. Michael J. Ingargiola, M.D. Department of Surgery Division of Plastic and Reconstructive Surgery Mount Sinai Hospital New York, N.Y. Michael T. Chung, M.D. Department of Surgery Division of Plastic, Maxillofacial, and Oral Surgery Duke University Durham, N.C. Subhas C. Gupta, M.D., Ph.D. Department of Plastic Surgery Loma Linda University Loma Linda, Calif.