Secure Text Messaging for Healthcare
How Mobile Usage Potentially Violates HIPAA Regulations
Secure text messaging for healthcare has become an important compliance problem for healthcare organizations due to HIPAA regulations clearly stating that patient information must be kept secure at all times. The use of personal mobile devices allows medical professionals to improve communication regarding patient information with fellow workers, but this puts the facility at risk of potentially violating HIPAA regulations.
Compliance with HIPAA is an issue that needs to be overcome, as the use of personal mobile devices has undoubtedly revolutionized communications in the healthcare industry. The speed and convenience of modern technology is often favored to antiquated channels of communication such as pagers, and healthcare organizations benefit from the cost-savings of BYOD policies. However, the HIPAA regulations effectively outlaw unsecure channels of communication such as SMS (and email).
Why SMS and Email are Not HIPAA Compliant
The primary reason why SMS and email are not HIPAA compliant is that they allow unauthorized access to PHI. Unencrypted SMS messages can be intercepted over unsecure Wi-Fi networks, copies of emails remain indefinitely on ISPs´ servers and both SMS messages and emails can be freely accessed on a lost, stolen or unattended mobile device.
The regulations for communicating PHI over electronic devices require access controls, audit controls and integrity controls – areas that are lacking with SMS and email. Mechanisms to ensure ID authentication and transmission security are also usually absent from channels of communication using SMS and email. There are also potential issues when an SMS or email is misdirected and sent to the wrong recipient.
Secure Text Messaging for Healthcare is an Appropriate Substitute
Secure text messaging for healthcare is an appropriate substitute for SMS and email as it retains the speed and convenience of mobile technology while complying with the HIPAA regulations for keeping patient information secure at all times. Secure messaging has the same functionality as SMS or email, but also has mechanisms in place to prevent the unauthorized disclosure of Protected Health Information (PHI).
Medical professionals can send and receive communications containing PHI via secure messaging apps that can be downloaded onto any desktop computer or mobile device. The apps have a familiar text-like interface and allow attachments to be added so that medical professionals can send or receive documents, test results, and x-ray images, as they would via unsecure channels of communication.
Protecting PHI with Secure Text Messaging
There are a number of ways in which PHI is protected with secure text messaging for healthcare. Authorized users have to authenticate their ID with a unique username and password. This allows them access to a secure messaging network through which all communications containing PHI are channeled. All activity by authorized users is monitored and logged, while mechanisms are in place to prevent the unauthorized modification or disposal of PHI.
When in transit, all communications – including attachments – are encrypted so that, in the event a text is intercepted, its contents are unreadable. Secure text messaging for healthcare has security measures to prevent PHI from being sent beyond the messaging network, copied and pasted, or saved to a USB flash drive. This means that the risk of an unauthorized disclosure of PHI is averted if a text message is misdirected or if a USB flash drive is lost or stolen.
Other security features on secure text messaging for healthcare include preset message lifespans – so that messages automatically delete after a period of time – and the facility to remotely delete and PIN lock a secure messaging app if the mobile device onto which the app has been installed is lost or stolen. An automatic logoff feature also exists to prevent “snooping” if a desktop computer or mobile device is left unattended.
How Message Accountability Benefits Healthcare Organizations
In addition to protecting the integrity of PHI and enabling medical professionals to maintain and convenience of mobile technology, the mechanisms within secure text messaging for healthcare to ensure message accountability accelerate communications within a healthcare environment.
All messages are timestamped when they are sent, and delivery notifications ensure the correct recipient. Read receipts advise the sender when a message has been read, eliminating the need for medical professionals to play phone tag and allowing them more time to spend with their patients.
The improved productivity created by secure text messaging is even more apparent when the group messaging facility is used to manage hospital admissions and patient discharges. It has been calculated that secure text messaging can reduce patient discharge times by more than thirty minutes – saving healthcare organizations hundreds of thousands of dollars in extra productivity each year.
Further Benefits of Secure Texting and EMR Integration
Many healthcare organizations have chosen to implement secure text messaging solutions and integrate them with EMRs to generate further benefits. With an integrated EMR, time-consuming data entry can be shared among all authorized medical professionals from their Smartphone app while consultants and physicians can streamline their workflows from their personal mobile devices by prioritizing EMR alerts.
Smart EMRs – or “advanced EMRs” as they were titled in the study “Saving Private Ryan” – can also have a positive effect on patient healthcare. In the study, researchers from the Tepper School of Business at the Carnegie Mellon University recorded a 27 percent decline in patient safety incidents when secure text messaging solutions were integrated with an EMR. Their results were driven by declines in two important subcategories:
- A 30 percent decline in patient safety events due to medication errors.
- A 25 percent decline in patient safety events due to complications.
Secure Text Messaging for Healthcare and Pharmacists
There are many scenarios in which secure text messaging for healthcare improves productivity for various groups of medical professionals, but few are more obvious than in the case of pharmacists. Pharmacists not only have to comply with HIPAA, but also DEA regulations under the Controlled Substances Act. Consequently there are many occasions on which prescriptions have to be confirmed and script errors rectified.
This is a time-consuming process for pharmacists, as it requires getting hold of the prescribing physician – who is often busy with another patient – and waiting for them to confirm or revise the prescription. The delay is also a source of frustration for the pharmacist´s customers, who are unwell and often waiting long periods of time to collect their medication.
With secure text messaging for healthcare, pharmacists can send an urgent request from a secure text messaging app. The physician reviews the request and gives an immediate answer.
How Secure Text Messaging Assists with Meaningful Use Requirements
Using integration with an EMR and secure text messaging for pharmacists as examples, it is not hard to illustrate how secure text messaging for healthcare can assist healthcare organizations meet the requirements of the Meaningful Use incentive program – particularly the requirements of Stage II for monitoring the journeys of medications or confirming an electronic prescription handoff.
In Meaningful Use Stage III, one of the requirements is that electronic notifications of significant healthcare events must be sent within four hours to known members of the patient’s care team. Sending the required notifications by SMS or email could potentially result in the unauthorized disclosure of PHI; but, using the secure texting group messaging, the requirement can be completed quickly and easily with no risk of a data breach.
Another requirement of Meaningful Use Stage II is the faster documentation of patient behavior. This is one of the time-consuming tasks mentioned above that can be completed by any authorized user from their Smartphone. It would also be possible for any authorized user to track responses to patient generated messages (a requirement of Meaningful Use Stage III) if privilege levels are used to delegate certain tasks to individual medical professionals.
How Secure Text Messaging Mitigates the Risk of Hacking
One area rarely mentioned alongside secure text messaging for healthcare is the risk of hacking. Whereas data breaches due to the loss or theft of a mobile device account for more than double the number of data breaches due to hacking, the number of records that can be extracted through hacking runs into tens of thousands.
The value of medical information on the black market is estimated to be ten times that of a stolen credit card. With a patient´s PHI, cybercriminals can commit identity theft, receive expensive healthcare for free and commit insurance fraud. Consequently IT professionals put a great deal of effort into keeping healthcare servers protected against unauthorized intrusion.
However, mobile device users have been identified as easier targets and the weakest point in a healthcare organization´s defenses. By infecting an employee´s Smartphone with malware, a hacker could potentially access an entire network once the employee connects with it. With secure text messaging for healthcare, the secure messaging apps only communicate text messages – not infected software that could be used by a hacker to access an organization´s database.