Section 3.5 Select
Hardware and Mobile Device
Selection and Security
Use this tool to assist in determining the most appropriate hardware and mobile devices for your
health information technology (HIT) applications.
Time needed: 8 hours
Suggested other tools: Section 1.4 EHR Technology Readiness Inventory, Section 1.5 HIE
Technology Readiness Inventory
Introduction
The physical hardware environment that is required to support your HIT investment is varied and
diverse. It includes servers, switches, PCs, tablets, smart phones, bar code readers and many more
hardware compents to numerous to mention. The technical environment is ever changing and rapidly
evolving. Security of each hardware component needs to be addressed as you implement the
hardware. Hardware of some sort will be required to access the information in your HIT applications.
Familarity with the terms and some of the hardware that is required will prove essential as you
proceed wih your HIT project.
How to Use
1. Identify the types of hardware your electronic health record (EHR) and/or health information
exchange (HIE) require you to acquire. Your selection of a straight license client/server
product or an (application service provider) ASP/(software as a service) SaaS model will
determine whether you need to acquire servers and associated network devices. If you are
acquiring servers you should obtain information from the vendor on minimum essential—as
well as optimal—hardware configurations. It is important not to skimp on hardware or
network connectivity, as it makes a big difference in the ability to use the system. Anything
short of using the HIT at the point of care will introduce potential for errors and missed alerts
that defeat the purpose of the HIT.
2. Compare input device (input device is any device that provides input to a computer)
capabilities to evaluate what is best for providing home health services. Differences are
significant and directly impact use. It is also important to think ahead. If you have a
migration path where you will be buying more basic components first, you do not want to
limit the hardware to what will work for basic functionality; otherwise you soon may be
faced with replacement costs.
3. Attempt to limit variation in input devices acquired or approved for use. Although one size
does not necessarily fit all for input devices, a minimum amount of variation is
recommended. Too many different devices, or even the same type of device from different
manufacturers, can be costly to maintain. Parts are not interchangeable, documentation of
system installation and maintenance differ, and upgrades come at varying times. This is
especially important for small agencies with minimum IT staff. Despite that there is a trend
toward permitting users to “bring your own device” (BYOD), the burden on a small
organization and the risk that the device does not have the proper security are too great.
4. Test input devices. There are significant differences in input devices and how well they can
be used in different types of environments. (See table below). While a thorough test cannot
Section 3 Select—Hardware and Mobile Device Selection and Security - 1
be performed without the actual application in place, a small number of different devices can
be provided to different users early in the process of HIT planning. Allow nurses to take them
into the field. They can use these to test routine email, Internet access, computer skills
building, and even review vendor demonstrations. This not only helps evaluate the devices,
but builds computer skills and helps end users evaluate how they will use the devices at the
point of care.
5. While administrative staff in a home health agency will probably use desktops or stationary
notebook/laptop devices, mobile workers need mobile devices. There are several
considerations to help determine whether notebooks, tablets, or smart phones are most
desirable.
Types of Devices: Stationary vs. Mobile
Stationary Devices
Mobile Devices
Desktops
• Notebooks/laptops
• Tablets
• smart phones
 Require space for monitor, keyboard,
and system unit (if a thin client* is not
used)
• Associated devices, such as
navigational devices, speech
recognition, power, security
Notebooks/Laptops
 Enable portability when necessary by
staff or to swap for use in the field
 Requires extra precautions for
encrypting the data retained on the
device
 More expensive than desktops
For notebooks/laptops, issues of:
• Weight
• Heat
• Battery life
For tablets, issues of:
• Weight
• Battery life (better than notebook/laptop)
• Processing power
For smart phones, issues of:
• Size of screen
• Battery life
• Processing power
For all:
• Require wireless network, or
downloading patient data for the day (if
sufficient storage)
• Require consideration for where to put
the devices when not in use at the
client’s home and when traveling. (See
Security Considerations below.)
Expense is variable
Not all EHRs are designed to work
optimally on a smart phone
*A thin client refers to a computer with minimal or any local processing capability. As data are
entered, they are sent to the server, processed, and returned to the user. Many EHRs used by home
health agencies will likely run on thin clients. Some with highly sophisticated processing
functionality may require a “thick client” (i.e., one with a system unit housing local processing
capability).
Speech/Handwriting Recognition
Some clinicians prefer to handwrite or dictate. Speech recognition, except when used to issue voice
commands to a structured data template (discrete reportable transcription, or DRT), does not generate
discrete (or structured) data values. As a result, the computer cannot process the information into
graphs or trend lines, or perform clinical decision support with the information dictated. Although
Section 3 Select—Hardware and Mobile Device Selection and Security - 2
speech recognition systems are not commonly found in home health, you should be aware of these
issues associated with them and plan carefully if they become a consideration in your HIT selection:






Speech is digitized and matched against coded dictionaries to recognize words.
- Newer speech recognition systems accommodate continuous speech and almost
no training
- New systems are speaker-independent, requiring no training (although in some
cases systems improve accuracy with use)
Speech recognition is improving in accuracy; however, commonly used terms rather
than medical terms are where errors often occur. For example, next week may be spoken
as “nexweek” which the system cannot understand.
Correction must be performed, either:
- Retrospectively by an editor
- Concurrently by the user
Speech recognition at the point of care may be a significant change for clinicians who
are not accustomed to telling their clients what they are entering into their health
records. However, if used to keep the client engaged while performing data entry, this
feature can be very helpful.
Speech recognition is most successful in areas of health care that have a high degree of
standardization/repetition and a small amount of content to be dictated.
Handwriting recognition (on a tablet) is a very similar process to speech recognition,
although may require more system training. Newer tablets have the ability to select data
from menus using a stylus or finger.
Bar Code/Radio Frequency Identification (RFID)
The U.S. Food and Drug Administration required manufacturers to apply bar code labels for all
human drug and biological products by April 26, 2006. Bar codes on packages of drugs have been
used primarily for pharmaceutical inventory. More recently, they are being used in medication
administration when patient wrist bands, nurse badges, and unit dose medications with bar codes are
available. Bar codes are also being used to manage lab specimens.
Radio frequency identification (RFID) is similar to bar code technology but does not require direct
line-of-sight to read the codes. In health care, RFID tags are being used to track movement of
clients—especially those with memory loss—and employees, expensive equipment, and narcotics.
Document Scanning Systems
As the desire to become paperless becomes more ubiquitous, consideration may be given to acquiring
an electronic document management system, which requires a scanner to scan documents. Small,
portable scanners are available for occasional scanning.
Kiosk
A kiosk is a computer, often built into a piece of furniture, with special software to support limited
data entry via a card reader and/or touch selection. There may also be limited printing capability. (An
example of a kiosk is at an airport ticket counter where you may touch the screen to enter your
itinerary and a boarding pass can be generated.) Kiosks are becoming popular in hospital and
physician office waiting rooms to identify arrival of a patient or family member, and to allow patients
to enter their demographic data and history of present illness. Kiosks are also being used in health
care for patient authorization or consent, where the client reviews a document, such as an
authorization or consent form online and affixes a digitized signature (much like in the retail setting).
In the home health environment, a tablet computer can serve as kiosk if there is frequent need for
obtaining client authorization.
Section 3 Select—Hardware and Mobile Device Selection and Security - 3
Security Considerations
 On devices and media:
Loss or theft of mobile devices is one of the biggest concerns in health care. A significant
percentage of breaches reported to the federal government involve mobile devices with
protected health information that has not been encrypted. Applying a password is not
adequate. To reduce the likelihood that your home health agency could have a breach of
privacy as a result of a lost or stolen mobile device, follow the Guidance to Render
Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to
Unauthorized Individuals available at:
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brguidance.
html. This Web site also directs the reader to the National Institute of Standards and
Technology (NIST) Special Publication 800-111, Guide to Storage Encryption
Technologies for End User Devices. It is essential that any device that is moved or can
be moved be encrypted.
The EHR vendor should be able to apply this technology for you so that the process is
seamless to the end user.
Be aware also that laptops and notebooks used in the office are still portable. These also
should be encrypted. In fact, a best practice is to encrypt protected health information
anywhere it is stored, whether on a desktop, mobile device, server, or backup media
(e.g., tapes or disks).
 During transmission:
Encryption must also be applied to protected health information as it is transmitted.
Helpful resources include: NIST Special Publications 800-52, Guidelines for the
Selection and Use of Transport Layer Security (TLS) Implementations; NIST Special
Publications 800-77 (for transmissions over the Web), Guide to IPsec VPNs (for
transmissions over the Internet); and NIST Special Publications 800-113, Guide to SSL
VPNs (for transmissions through a virtual private network [VPN]).
Any organization providing HIE should have specific requirements for securing
transmissions. For more information, see Section 4.9 Using Direct for HIE and Section
4.10 Using CONNECT for HIE.
Copyright © 2013
Section 3 Select—Hardware and Mobile Device Selection and Security - 4
Updated 03-14-14