Kiosk Privacy and HIPAA
By Evan Schuman
Kiosks are a highly effective way to interact with customers, but in healthcare settings, they must be handled carefully to avoid compliance, privacy and cybersecurity problems.
Sometimes, the mere existence of a kiosk at a certain location can itself reveal potentially protected and sensitive information. Consider a kiosk that allows patient check-in, but one that happens to be located near the entrance of an office that handles abortion procedures. Could someone merely using the kiosk at that location appear on a prosecutor’s list in some states? And if that patient actually was going in for an abortion procedure, would that patient then have a cause of action against the kiosk owner? The provider using the kiosk?
A variety of entities are exploring various updates to HIPAA. Some of those proposed changes are looking to prohibit seeking information that may imply/suggest sensitive information. Consider this story from TechCrunch: “The relevant bit of the case referral to the CJEU related to whether the publication of the name of a spouse or partner amounted to the processing of sensitive data because it could reveal sexual orientation.
The court decided that it does. And, by implication, that the same rule applies to inferences connected to other types of special category data” the story said, adding “this might have broad implications moving forward, in all contexts where Article 9 is applicable, including online advertising, dating apps, location data indicating places of worship or clinics visited, food choices for airplane rides and others.”
The life partner reference could be sought innocuously, such as when asking for the name of someone to be contacted, either in case a procedure has a problem or even someone to contact to pick up the patient after a procedure.
In a more traditional privacy issue, the positioning and exact location of a kiosk can be critical. Whether or not a privacy screen is used–it should be–is one issue. Are other patients permitted to line up behind someone entering data into a kiosk? Can the person right behind that person see the screen directly? Can someone seated in a certain chair in the waiting room see data being entered on the screen?
James Walker, the director of healthcare at OLEA Kiosks, argued that the kiosk positioning is a tricky balancing act. For privacy purposes, it should be isolated and away from others, but for usage purposes, it needs to be close and convenient.
“If you don’t change the physical path of the patients between the door and the traditional front desk, it’s far less likely they will use them. I think it’s critical that you group them together,” Walker said. “It’s about where the queue is, where the seating is and setting things up so you are giving the patient using the kiosk the best possible privacy while making sure people know they are there and what they are for. Ideally you would have a registrar out there facilitating the process, inviting folks to use them, answering questions, but also keeping people from positioning themselves where they can see content.”
Still, with the hiring limits in healthcare settings today, it is often difficult to free up staff to assist with kiosks.
Walker said that some privacy efforts go too far and morph into the ludicrous.
“I had a client getting upset with me because the client put the kiosks in a spot where, if a person was on the second floor balcony, they could use their phone to zoom in on kiosk screens on the first floor. There’s only so much you can do with the kiosk hardware itself,” Walker said. “Even in brand new spaces, the people doing the design often don’t understand the technology and the privacy implications. Or, worse yet, nobody told them they intended to use kiosks. It’s also interesting that a person can stand at the registration desk answering personal questions that people can readily overhear, but health systems and patients are paranoid about a patient standing in front of a screen typing information.”
Another consideration is the tablet–a close cousin to the kiosk–and its own set of privacy and compliance risks. The tablet was supposed to slowly replace the clipboard, but the added convenience of the tablet means that it can hold–and access–far more data. That is a privacy issue.
The idea of switching to the tablet was to make it easier for the patient. It is easier and faster to type than to hand write. The tablet can also offer easy choices via a menu pulldown. Again, the advantage of convenience brings with it privacy problems.
The kiosk has information stored on it and, typically, it has network access to servers with far more data. This is made worse by the fact that tablets are relatively easy to steal–especially given how busy staffs are and how little anyone is watching people in a waiting room.
A thief might steal the tablet just for the hardware (see theft of iPad at Kaiser), with the intent to wipe it clean once off the property of the medical facility. But just like a stolen laptop, such a theft requires reporting the theft of all data that the tablet either had or had access to. That is likely going to be a huge disclosure.
Some tablet thieves are explicitly interested in stealing sensitive data, but it likely doesn’t matter. Legally, facilities must assume that the bad guy is an identity thief,regardless of actual intent.
Therefore, the better way to replace the clipboard is a very-difficult-to-steal kiosk.
There is yet another worry: How manufacturers and other businesses that own the kiosks behave, far removed from the medical facility that either leases it or buys it. Among the biggest and most aggressive data companies are Google and Amazon. And Amazon is getting deeper and deeper into this space, with kiosks likely impacted.
As PBS is reporting, “In a nearly $4 billion deal, Amazon plans to buy One Medical, a primary care group with nearly 200 locations across the country. Privacy advocates are voicing concerns about Amazon controlling people's online purchase data as well as their health care records.”
When preparing kiosks for deployment, it’s also critical to consider accessibility. The U.S. Justice Department recently issued a statement that directly addresses kiosk strategies.
“A person who is blind or has limited vision may find that the web-based platform their doctor uses for telehealth appointments does not support screen reader software. A person who is deaf and communicates with a sign language interpreter may find that the video conferencing program their provider uses does not allow an interpreter to join the appointment from a separate location,” the Justice statement said. “A limited English proficient person may need instructions in a language other than English about how to set up a telehealth appointment.”
All of these matters are important, but most regulators will be lenient as long as they see reasonable best-efforts deployed. For example, no healthcare kiosk needs to support 50 or more global languages. But it would be compliance pragmatic to support the ten languages most often spoken in the area where the kiosk is to be deployed.
- HIPAA Kiosks – Modernization by Senate Commision 2022(Opens in a new browser tab)
- Best Practices for Healthcare Kiosks(Opens in a new browser tab)
- Four Things To Know About HIPAA and COVID(Opens in a new browser tab)
- Critical Privacy Considerations For Kiosks – Feature Article(Opens in a new browser tab)
- ADA Kiosks – Translating sign language reduce risk of lawsuits(Opens in a new browser tab)
- HIPAA Standards(Opens in a new browser tab)
- HIPAA Modernization Commission formed by Senate 2022(Opens in a new browser tab)