Healthcare Information Security

Cybersecurity News

The Evolution of Healthcare Secure Messaging

By Elizabeth Snell

Healthcare secure messaging has come a long way over the last several years, but it’s still essential for organizations to pick an option right for them.

- The implementation of secure messaging in the healthcare industry can have positive effects that expand beyond the basic communication between providers or even the interaction between a provider and patient. There are now messaging options that can securely connect to a hospital’s EHR system, which gives doctors the opportunity to draw up patient information at their fingertips.

Moreover, Stage 2 Meaningful Use requires providers to use secure electronic messaging to communicate with more than 5 percent of patients on relevant health information during their EHR reporting period. But just how far has healthcare messaging progressed in recent years? And what do the changes mean for the industry as a whole?

Ditching the pagers

Pagers and beepers might seem like extremely antiquated devices, but they are not entirely extinct in the healthcare industry. However, dialing a number and then waiting for the person to hopefully call you back within the next few minutes is not necessarily the fastest way to communicate. Especially when there are numerous HIPAA-compliant short message services (SMS) options available for healthcare organizations.

The mobile strategy often comes down to what works best for each organization. Communicating internally via pagers could still have some benefits, but there are now secure messaging capabilities that can assist with routine health issues, address patient questions or concerns, help monitor patient conditions, while also ensuring that patients can properly manage their own conditions.

READ MORE: Healthcare Secure Messaging Benefits Texas Hospital, ACO

Going beyond standard email

Using email is definitely not a new tool to the healthcare industry, but using that technology in a HIPAA-compliant way has become more important than ever before. Healthcare data breaches are seemingly reported on a weekly basis, and stolen or lost devices are a leading cause of security issues.

According to the Centers for Medicare & Medicaid Services (CMS), a secure electronic message could be email, as long as the provider ensures that the communication is strictly between a provider and patient. From there, it’s important for healthcare providers to take extra steps to ensure that their email communication remains as secure as possible.

Using data encryption on all laptops and desktop computers is a good way to keep patients’ protected health information (PHI) and other sensitive data out of the wrong hands. The total cost of encryption might seem steep at first, but it is likely nothing in comparison to what an organization could potentially face in terms of fines should there be a data security breach.

Text messaging in healthcare

READ MORE: Is Healthcare Secure Messaging Necessary for Providers?

Especially as more healthcare providers develop and implement their own bring-your-own-device (BYOD) policies, text messaging to communicate patient data has become more common. However, it’s important to remember that a smartphone with a PIN can be hacked. Data encryption and device security needs to be discussed the instant a provider considers finding a secure text messaging solution.

For example, the Bronx Regional Health Information Organization (RHIO) implemented direct secure messaging services earlier this year and knew that it was necessary to adhere to all federal regulations, as well as its own communication policies and procedures. This type of messaging helps organizations proactively send important information to providers, patients, or even insurance companies.

In the case of the Hospital of the University of Pennsylvania (HUP), secure text messaging options also give the facility the ability to connect to its EHR system. With that ability, patient information can be securely sent to the entire team of providers, which can help improve patient care and potentially lead to lower readmission rates.

Secure messaging today

Technology continues to evolve quickly, and the healthcare industry is working to keep pace. Staff members likely send text messages and emails through their own personal smartphones on a daily basis, so it seems like a natural next step to find a way to use that communication in a secure, professional way as well.

READ MORE: Why Halifax Health Opted for a New Secure Texting Option

However, HIPAA compliant messaging solutions must satisfy a number of requirements, and healthcare providers should ensure that they can confidently answer questions that often arise with secure messaging. For example, do providers know the type of encryption they’re going to use? What kind of auditing capabilities are provided? Where are messages and documents going to be stored?

When creating an agreement that involves the secure transfer of PHI, it is essential that healthcare organizations remain transparent on what type of technology is being used, and what its ramifications will be. Moreover, proper employee training is a necessity to guarantee that secure messaging procedures are properly followed.  It’s not enough to decide it’s time to “jump on the bandwagon” or secure messaging. Healthcare organizations need to realize that this communication is part of an evolutionary process, and it’s necessary to implement a system that can easily integrate with the facilities’ current capabilities.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks