Tuesday, May 26, 2009

Patient Data on Your Smartphone

Many physicians carry smartphones. Whether it's an Apple iPhone, a BlackBerry, a Palm, or a Windows Mobile phone, it's a smartphone. Now, we also have physicians using Google Android, Symbian, and other smartphone operating systems.

If you use e-mail to communicate about confidential patient information, I hope you're locking your phone. If you ever lose your phone and someone happens to retrieve that sensitive data, then you may want to run away and hide. Many healthcare professionals have patient data on their smartphones or PDAs. Some may even forget that it's there. Medical students are often jotting notes and recording procedures on their PDAs and smartphones. How often do you remember to go back and delete all that information after you're finished with your clinical rotation?


  1. Wouldn't it be great if someone created "Lowjack for Smartphones". A service that could remotely access your lost phone delete all internal data and perhaps store critical information (like tasks, messages and contacts) online (in the cloud) until you get a new phone and restore your data? Not sure if anything like this exists. Perhaps I should patent the idea? Hmmmm?

  2. This could be useful for phones that use a SIM card. For others that use CDMA, the tracking data is built into the phone (unless someone reprograms the ESN #).

  3. Remote wipe has been a longstanding feature of RIM Blackberry due to corporate concern for lost phones. The iPhone 2.0 software released last year includes remote wipe for your Exchange corporate email.

    Another problem is people selling or returning phones with medical data; even if you use a "erase phone" option, this in many cases will leave recoverable data in the phone's flash memory. http://bit.ly/LKTuVPersonally, I do not put any PHI on my iPhone, and my clinical mail is in a separate account from the one my iPhone gets.

  4. Remote wipe long standing feature of Windows Mobile too. On large networks the IT administration configures it right into group policy and the active directory. They can do it before the carrier can, and of course the carrier also can wipe too.

    Actually the device should not carry patient data, but instead connect to a secured encrypted server when it comes to patient data and the device is basically the utility used.

    Many EMRs offer PDA versions and that's pretty much what it does. If you do need to back up your phone though, Microsoft made the cloud available too.

  5. The next generation of "remote wipe" will be "auto wipe." Your smartphone will automatically erase everything if it is not unlocked and used after xxx days.