HIPAA Exam Room EMR PC/Console
About a year ago, a medical practice I assist had a HIPAA compliance issue in their examination rooms.
The problem was that patient laptops could expose other patient information to different patients at times. Physicians hate to have to enter passwords, and in this case, the medical assistants would set up the screen for the physician beforehand.
I came up with a proposed solution that I installed and piloted for a few months. Here is what it looked like:
It is a linux pc ( a Raspberry Pi ) attached to an RFID reader. The system acts as a thin client as it remotes to a windows terminal server where the EMR or other software is expected to be. In the event that an EMR can run on an OS independent browser, the system would not then need to use remote desktop.
HIPAA Use Case
The machine will lock it's screen after no use at a user determined interval...example 20 seconds.
The staff need only swipe the rfid reader with a fob or an ID card that is RFID capable to instantly unlock it.
It can be locked the same way, one quick touch with the fob, and it will beep and lock the screen.
The screen saver changes every 30 seconds (user configurable), so it becomes a source of entertainment. Practice information or advertising could be slipped in here if wanted.
The system boots in about 10 seconds. It checks in with a parent server for configuration instructions so that when changes are made to its configuration, a simple reboot gives it the new instructions.
Here is a view of the Raspberry Pi Linux board and RFID equipment attached to the the back of the monitor:
One of the advantages of this configuration is that it is fairly inexpensive, and unlike the laptop, if it is stolen, it should not have any sensitive data in it.
Most importantly though, it secures patient data in the event that a physician or medical staff member forgets to lock a screen, and does not require the staff or physicians to enter a password (although you can), so it solves the HIPAA issue.