Given all the attention that’s paid to privacy breaches at a Canadian healthcare organizations, one would assume that there is a mad scramble to close all the holes. Nope. The amount of complacency on the part of clinicians and providers is simply staggering—particularly in the context of the mobile device compliance.

In a report focusing on plastic surgery published earlier this year by the University of Calgary, Faculty of Medicine, it was concluded that “smartphones are commonly used to obtain clinical photographs” but that there “are issues around consent process, storage of photos and privacy that need to be addressed.” This is rather banal language for an “issue” that should be a top priority, not an afterthought.

Many organizations are simply waiting for a solution to be delivered. In effect, they assume that at some point there’ll be a compelling market response, and, when that happens, they’ll dutifully apply the fix.

To a large extent, this is happening. Some of the solutions are remarkably simple. An application called ShareSmart, recently rolled out by Think Tank Innovations as a free download for iOS and Android devices, is helping to ensure compliance when clinicians take photos on their smartphones. Users provide their consent by finger or stylus signature. The consent is automatically synced with the photos, and users can track how a photo has been shared, as well as its archive status. In today’s environment, an application like this could be critical, given that most devices don’t typically comply with the security levels required when handling patient information.

“We don’t have a hard figure on the volume of clinical information captured without consent on unsecure smartphone devices,” says Rena Tabata, CEO of Think Tank Innovations. “But it is documented that 89% of practicing physicians, and 100% of medical residents, rely on smartphones to capture clinical images without the collection of digital consent.”

If those numbers don’t raise your blood pressure, I’m not sure what will. Most shocking to me about that observation is that medical residents, at a critical time in their education, are clearly not being informed of the importance of privacy and compliance.

Data from the University of Toronto, published last January, suggested that residents were treating health information in a disturbingly cavalier attitude. The study found that 11% of general surgery residents didn’t have a password on their cell phone, and 89% didn’t have encrypted phones. Texting of patient information was common, yet 66% did not know if their hospital had a policy on texting. A full 89% were unaware of any legislation covering texting in patient care.

How to solve this problem? The obvious answer is education, but there is another route, too, and here is where applications like ShareSmart can play a role, given that the software conforms with a wide range of industry regulations and standards. These include: the Health Information Act (HIA); the Freedom of Information and Protection of Privacy Act; the Personal Information Protection and Electronic Documents Act (PIPEDA); the Personal Information Protection Act (PIPA); the Office of the Information and Privacy Commissioner of Alberta (OIPC); the College of Physicians & Surgeons of Alberta (CPSA); and Alberta Health.

That’s quite a list which, inadvertently, makes a reasonable point, which is that we shouldn’t expect doctors to be lawyers. We want them to be able to get on with the job—and if an application can have their backs covered, so much the better. Clinicians shouldn’t be experts on jurisdictional privacy legislation. At the same time, any technology that helps them do their jobs should be affordable and powerful. ShareSmart, for its part, has a decent price point and ample storage.

“ShareSmart has an ‘Infinite’ package that provides for 1 terabyte of photo storage capacity for $10.95 a month,” says Tabata. “The full suite of app features are provided for free. We are of the belief that the utility of a communication app increases as the community of users increases.”

That community of users is a key factor, because although any application provider in healthcare would like to see their base grow, they also want to ensure that only authorized people are participating. To do that, ShareSmart relies on a combination of individual and institutional authentication.

“Institutions can authenticate and on-board their own verified and licensed healthcare professionals via the institutional or admin web interface,” says Tabata. “Alternatively, independent users are manually authenticated. Once the process is complete, authenticated users have a check-mark beside their user profile photo, or in the user info details.”

The application is hosted by NorthCloud, which is SOCII certified, and which ensures that the data is kept in Canada and can scale as needed. Given that there are an estimated one million health professionals in Canada, the market opportunity is there. At present, ShareSmart – which has only been on the market for a few months – has more than 3,200 users.

However, residents and physicians will continue to use their own devices, which to some extent puts them outside of the big vendors’ ecosystems. BYOD (Bring Your Own Device) is a dominant trend supporting strong cumulative, year-over-year global growth of 8.13% (2016-2020). Given that the world’s healthcare mobility solutions market is estimated to approach $85 billion by 2020, with healthcare cyber security to reach $10.85 billion by 2022, it’s high time we looked to affordable and simple solutions.

One problem with the relationship between technology and policy is that large vendors can sometimes try and influence decision-making to favour their offerings. This is partly because the mobile device management market is consolidated with big players, with high opportunity costs that can act as barriers to small vendors.