2016 Liability for Mobile Health & Wearable Technologies 83
(CDS) and imaging products (PACS). Many of these “front-end” apps will have been developed “in-house” or by developers of the underlying products. However, EMR vendors are opening app stores156 and major “software as service” suppliers such as IBM are developing health care-specific apps.157 As a result, providers may soon owe duties to patients regarding the careful selection, deployment, staffing, and updating of these new technologies.158 Individual employees or credentialed physicians also introduce apps and their hardware platforms into healthcare institutions. One example of this bring-your-own-device (BYOD) phenomenon is the use of Google Glass (“Glass”) in surgery and other tasks within an institution. In the case of Glass, serious ethical and legal risks are raised because of the potential of the device to capture video and images, and the doubts about its ability to satisfy HIPAA security requirements.159 Hospitals that have not updated their BYOD policies or otherwise controlled the use of unauthorized apps or wearables could face liability in the event of an adverse event. A related concern arises with regard to apps with social media characteristics that, for example, encourage health care professionals to post images of patients.160 We suggest that due consideration for good risk management practices should necessitate that hospitals update their social media policies to prohibit app uses that may involve legal or ethical risks.161
B. Patient-Facing Apps
In general, consumers drive the processes of choosing and using mobile apps. However, an institutional provider, like the physician discussed above might insert itself into such processes by recommending or prescribing apps. Consider, for example, the pitch made by one provider for its health app
156. Judy Newman, Epic Systems to Open its Own App Exchange, WIS. ST. J. (Feb 18, 2015), http://host.madison.com/wsj/business/epic-to-open-its-own-app-exchange/article_fc7 e8b94-b1ec-59f4-9065-1e6143fe351c.html. 157. IBM MobileFirst for iOS, IBM, http://www.ibm.com/mobilefirst/us/en/mobilefirst- for-ios/ (last visited Feb. 22, 2016). 158. See generally Am. Health Info. Mgmt. Ass’n. The Implementation and Management of Patient Portals, 86 J. OF AHIMA 50–55 (April 2015), http://library.ahima.org/xpedio/ groups/public/documents/ahima/bok1_050877.hcsp?dDocName=bok1_050877; see also Sandeep S. Mangalmurti, Lindsey Murtagh, and Michelle M. Mello, Medical Malpractice Liability in the Age of Electronic Health Records, 363 NEW ENG. J. OF MED. 2060, 2060 (2010). 159. Terry et al., supra note 51. 160. See e.g., Meera Senthiligram, ‘Instagram for Doctors’ Lets Medics Share Photos to Solve Mystery Cases, CNN (Feb. 10, 2015, 5: 23 AM), http://www.cnn.com/2015/02/ 10/tech/figure1-photos-medical-app/. 161. See generally Nicolas Terry, Fear of Facebook: Private Ordering of Social Media Risks Incurred by Healthcare Providers, 90 NEB. L. REV. 703-51 (2012); Social Media Guidelines for Employees, USC UNIV. HOSP., http://www.uscuniversityhospital.org/ connect/wp-content/uploads/Social-Media- Guidelines-for-Employees.pdf.