268970 Collecting protected health information at the clinic: Use of wireless technology to achieve secure collection and transmission

Monday, October 29, 2012

Mary Menz, PHN, BSN , Department of Obstetrics, Gynecology and Reproductive Sciences, University of California, San Francisco, Bixby Center for Global Reproductive Health, Sacramento, CA
Thomas Manley, PMP , School of Medicine, Dean's ISU, University of California, San Francisco, San Francisco, CA
Larry Suarez , School of Medicine, Dean's ISU, University of California, San Francisco, San Francisco, CA
Leslie A. Watts, MS , Bixby Center for Global Reproductive Health, University of California, San Francisco, Sacramento, CA
Heike Thiel de Bocanegra, PhD, MPH , Assistant Professor and Director, UCSF Family PACT Evaluation, University of California, San Francisco, Sacramento, CA
Background: Federal and state laws prescribe strict standards for providers, payers, and researchers that create and use protected health information (PHI). Meeting these standards presented challenges in data collection for a program-wide medical record review.

Objective/purpose: We developed an application for a tablet device to satisfy the requirements.

Methods: Sampling was performed at the California Department of Public Health offices from provider enrollment and client claims data. Trained abstractors used a custom application carried by an open-source engine to enter data on an Apple iPadô. Client lists and data were protected with 256 bit-AES encryption while on the tablet and for transmission; client lists were downloaded onsite for immediate use; PHI was viewable only within the password-locked application; separate data files using a yes/no format were created for each list that included only 2 PHI elements; data were transmitted by 4G network to a secured server daily; PHI was erased on the tablet within 3 business days. The tablet also supported secured email to abstractors throughout the project.

Results: We visited 216 sites in 18 California counties for records of 4,430 clients. We processed data for over 5100 abstracted visits collected by 10 abstractors over a 7 month period. Data loss was minimal and due to abstractor error in most cases.

Conclusions: Our survey/instrument design, encryption protocols, complex passwords, data transmission format, and other security solutions used the tablet's attributes to best advantage. The user-friendly, lightweight device is ideal for projects that require PHI data collection from multiple sites.

Learning Areas:
Communication and informatics

Learning Objectives:
1)List 3 techniques used to secure data on the tablet. 2)State 2 tablet functionalities that support PHI security during collection at remote sites. 3)Name 3 advantages for abstractors of a tablet with this application over other portable devices.

Presenting author's disclosure statement:

Qualified on the content I am responsible for because: I am an RN and PHN and have worked in the areas of program policy and administration for publicly funded health programs for 18 years. I have a special interest the collection of critical data from health records in varied settings to support accurate assessments of the quality of care delivered in women's health settings.
Any relevant financial relationships? No

I agree to comply with the American Public Health Association Conflict of Interest and Commercial Support Guidelines, and to disclose to the participants any off-label or experimental uses of a commercial product or service discussed in my presentation.