- CHICAGO – Implementing secure messaging options can have far-reaching and long-lasting benefits for healthcare facilities. Whether an organization wants to account for employees already sending text messages, or is looking to implement a new system entirely, there are a few things that they should keep in mind, according to Greg Slattery, CIO of Community Hospitals and Wellness Centers.
Slattery discussed with HealthITSecurity.com why CHWC opted to replace its pagers with secure messaging through Imprivata Cortext, and how the new system has changed daily operations, as well as how the facility communicates as a whole.
HealthITSecurity.com: What made you decide that it was time to replace the pagers?
Greg Slattery: It was twofold. We had an aging infrastructure – old beepers that were just radio control. They would squawk and you would just have to hope you could hear the message. We had old Motorola pagers, which were very expensive to repair and there were not as many folks or even entities that were interested in maintaining and repairing them. We had the newer caregivers and newer employees basically saying, ‘Why aren’t we using smartphones? We use smartphones for all of our other communication, we use texting, and we can do banking online. Why do I have to carry two devices?’
We felt that it was time to move on. We felt we had multiple people carrying multiple devices and we had a number of different avenues of contacting people. It was just frustrating to communicate in our hospital. What we’d found out was the frustration levels were at a point where if you wanted to get hold of somebody, you called up the operator and had them paged. It was obvious the paging that we were doing, except for the in house paging, was failing us, because of the constant paging overhead at the hospital. So we needed to do better.
HITS.com: What type of security concerns did you have going in, and how did you work through that?
GS: We started talking to Imprivata about two or three years ago. That was when Meaningful use was coming out and HIPAA was heavy duty – everyone was learning about HIPAA. There was not any real way to go ‘This is secure.’
We had to have conversations with the Imprivata folks, and say ‘Hey, teach me how this is secure.’ It was new, and I think that now you can get a security document much easier, saying that this is the level of security.
But, yes there were some security concerns. However, once we talked to Imprivata and once we had a device in house and saw the encryption and how you can age the message, we have more control over it. And the auditing capabilities allow us are helpful.
It’s one thing to give a user the device and capability to use it under the acceptable use rules that hospitals put in place. Just because you have something doesn’t mean you should be using it in all the ways that you think you should as an individual. The encryption with the compliance [with Imprivata] allowed us to say ‘Yes we can use this.’
They also had a large footprint in the single sign on world of healthcare, so they’re aware of that. Looking at a number of the early folks to the game, when I would talk about business associate agreements and talk about HIPAA, they kind of got glassy eyed, and they said ‘Tell me about that, we need to learn about that.’ Imprivata was already in the healthcare market – we didn’t have to teach them about HIPAA, we didn’t have to teach them about BAAs.
HITS.com: How has this impacted your auditing process?
GS: Well, we have additional auditing but the good news also is that we have additional auditing. In the old days, if Dr. Jones or a member of the care team said ‘Well, you didn’t page me,’ but the admission clerk says they paged them, it could be difficult. Maybe they did, maybe they didn’t. With the audit capabilities, now you can go in and say ‘Yes. The admissions clerk audited Greg, and this was the actual message, and they read it.’
Overall, how did it impact auditing? We actually can audit now. And the compliance department really likes the auditing capabilities. They use it on a weekly basis just when questions come up. Cortex can get hold of you, but also show the message that is sent. We have auditing where we didn’t have auditing before.
HITS.com: What are some of the long-term benefits that you think will happen?
GS: I really think it does help hospitals with their responsiveness across the whole continuum of care. There’s instant two-way communication that helps with the patient engagement. They’re doing that without having to call someone for a page. They’re doing that with direct communication either with a desktop user or a mobile user. It’s helped in that.
Just having a smart device opens up other applications. There are different areas using different applications to do things.
We also hope to exploit getting patients to log on to our portal. Right now our method is that we capture an email address, the patient gets an email, and they log onto the web portal.
We want to exploit Cortext. They demonstrated how the message can start in Cortext, send a link through the SMS system that will take patients right to the portal. We want to exploit that, so we see that happening. We’re struggling to get to our 5 percent of patient engagement on the portal and we think this is going to help us.
HITS.com: What advice would you give to organizations that are looking into secure messaging options?
GS: Set the expectations correctly. As you move to this type of communication, it’s as good as your wireless infrastructure. If you do not have good wireless or you don’t have good cellular coverage, you need to fix those things first. You’re going to fail and you’re probably having other problems anyway if you don’t have those. But you have to have that in place.
Although the ‘Big Bang Theory’ is a great thing to try and pull off, in my opinion, the way to do it is to start on your lower criticalities. Get the day-to-day folks that maybe are not doing direct patient care. It allows your IT team to work out some details, learn about devices, and learn how they have to push out things and deal with those devices. A lot of the hospital environments, this is their first foray into that. With that approach, it allows them to figure it out on what I would call the low critical messages.
From there, you’ll learn what to do and what not to do. Get your high end users all the way up after that. You want to make sure you have no surprises, so do it in a method where you start with the non-critical messages and work your way up to the critical ones. In our case it wasn’t about volume, it was about criticality. You want to make sure everyone understands the system before you go to the critical messages.
You really have to engage the entire hospital in this conversation. It’s got to be an enterprise conversation. If you don’t have that conversation, then all you’ve done is introduce one more communication negative. You want to see if you can consolidate some things, and actually have fewer communications.