By Matt Fisher, Esq
Twitter: @matt_r_fisher
Host of Healthcare de Jure – #HCdeJure
Healthcare is often subject to many jokes about the utilization of outdated technology. The old-fashioned pager, or a beeper, is the hallmark example that is most often cited. Now, not only are pagers found to only be used by healthcare (and maybe drug dealers), but pagers may also pose a significant security risk.
How does a pager work? Pagers typically work by transmitting messages by a radio signal. Essentially, the pager is a personal radio receiver that ensures the intended recipient will actually see and receive the message. Additionally, each pager can receive any message sent to any pager. However, only messages that contain a special code will be picked up by a specific pager. As the brief description demonstrates, a pager works by radio signal only. Radio signals are not a means of communication that can be easily secured, if it all.
Given that transmissions to pagers are not encrypted, intercepting pages can be relatively easy. An analysis by Trend Micro found that something as simple as a $20 dongle and some understanding of software-defined radio can enable interception of the radio signals. If the signal is intercepted, then the message can be viewed and a breach likely to occur.
What does all of this mean for healthcare? It means that there may finally be a hook, beyond outdated technology, to abandon the pager. If transmissions cannot be encrypted and it is easy to break in, then there is a significant risk posed under HIPAA. While encryption is an addressable element, it does not mean that i can be wholly ignored. Instead, it means that entities need to consider options. If there is a known risk that cannot be eliminated, then is that tool something that should be utilized in healthcare given HIPAA requirements? The answer
If there is a known risk that cannot be eliminated, then is that tool something that should be utilized in healthcare given HIPAA requirements? The answer to that question arguably becomes even easier when the number of alternatives that exist are considered. In the age of smartphones where information can be encrypted quite easily, where does a pager fit in? Maybe nowhere.
The issue all comes back to healthcare needing to become comfortable with newer forms of technology. Such technology appears and is used quite regularly in other industries. Such technology can increase efficiency and enable everyday solutions to come into healthcare. Developments in this vein can appease many concerns and desires and result in an overall better environment. If demands continue to be made and risks continue to be found, change will occur.
About the author: Matthew Fisher is the chair of the Health Law Group at Mirick, O’Connell, DeMallie & Lougee, LLP, in Worcester, MA. Matt advises his clients in all aspects of healthcare regulatory compliance, including HIPAA, the Stark Law and the Anti-Kickback Statute. This article was originally published on Mirick O’Connell’s Health Law Blog and is republished here with permission.