Healthcare Information Security

Mobile News

Is Healthcare Secure Messaging Necessary for Providers?

More providers are beginning to consider healthcare secure messaging options as a means of improving communications and lowering operating costs.

By Elizabeth Snell

Utilizing healthcare secure messaging and secure texting is quickly becoming a popular option for healthcare providers of all sizes.

Healthcare secure messaging options continue to grow for covered entities

Organizations see it as a way to communicate quickly, efficiently, and even potentially cut down on certain operating costs.

Whether a covered entity opts for BYOD or corporate-owned devices, it is essential for employees to be regularly trained on the latest security policies and regulations. Furthermore, all devices should have the necessary technological safeguards in place that is applicable for the specific organization.

But what type of healthcare secure messaging options are providers actually using? Can any type of message be sent through a system?

Recent cases of healthcare providers using secure messaging

READ MORE: Secure Texting Ban Reinstated, Commission Calls for Guidance

By having a better understanding of what healthcare organizations are using when it comes to  healthcare secure messaging, other entities can see what type of option may best match their own daily operations.

Lubbock, Texas-based Covenant Medical Group and Covenant Health Partners first implemented secure messaging with PerfectServe approximately five years ago, according to IT Systems Director Seth Crouch, MBA, CPC, CMPE, CHFP.

“The way we decided to roll this out in order to gain adoption, was to get our very busy, high-profile physicians to use this and to start the communication process that way,” Crouch said. “And they did. That sort of set the stage up for everyone else below them, where if they wanted to talk to these high-profile physicians, they had to use PerfectServe.”

Standard SMS texting could not guarantee PHI security, Crouch maintained. Moreover, nurses can communicate on the platform through computers, so they don’t have to necessarily use their own data plans to maintain secure communications.

For the University of Louisville School of Dentistry (UofLSD) , implementing healthcare secure messaging helped to close a “technology gap” that existed in the school.

READ MORE: Healthcare Secure Messaging Benefits Texas Hospital, ACO

UofLSD Director of Informatics Christopher Morgan explained that the school needed a way to send longer messages in a secure way. The recently implemented secure messaging option also allows users to prioritize messages so that they pop up when the user wants to get urgent status.

The new method also allows for quickly contacting individuals, whether or not they are currently on campus.

“Our EHR system has very secure information and we only permit access on authorized computers and messenger was part of that. That doesn’t make sense if you want to get hold of somebody quickly or if a student needs to work after hours or during the weekends. They’d have to come on site and look at the message.”

Keeping BYOD security and mobile device security a priority is also essential as organizations implement secure messaging.

OhioHealth Mobile Device Deployment Manager James Sturiano said that creating a comprehensive mobile device management (MDM) approach can be greatly beneficial. For example, OhioHealth has 5,000 devices currently deployed, 4,000 of which are for BYOD.

READ MORE: CIOs Report Budgets are Top Patient Data Security Risk

“With BYOD, we haven’t really gone too far outside the box there,” Sturiano said. “We’re only deploying email, contacts and calendars. The biggest concerns for us was making sure that email information was protected, and if somebody left the company, or if the device was lost or stolen, we still had control over the information.”

OhioHealth also has a remote wipe option, allowing it to delete the information on a device if necessary. The phones are not tracked, but they are password protected and the data can be remotely deleted.  

Joint Commission lifts ban on clinician orders through secure messaging

Another huge step in the healthcare secure messaging world was when the Joint Commission announced that it had ended its ban on clinicians sending orders through secure text messaging options.

This had been prohibited because of the concern over potentially unsecured text messages between providers.

“In addition, texting applications were unable to verify the identity of the person sending the text or to retain the original message as validation of the information entered into the medical record. At the time, the technology available could not provide the safety and security necessary to adequately support the use of text messaging for orders,” the Commission explained.

However, the Commission also released guidelines that organizations must adhere to if they want to use secure messaging:

  • A secure sign-on process

  • Encrypted messaging

  • Delivery and read receipts

  • Date and time stamp

  • Customized message retention time frames

  • A specified contact list for individuals authorized to receive and record orders

Not only can basic communications happen through healthcare secure messaging, now a physician can send patient orders through a secure text.

Healthcare providers must still ensure that they are following all federal regulations when it comes to mobile devices, and a regular review of HIPAA technological safeguards can be highly beneficial in this regard.

Not all types of healthcare secure messaging will necessarily benefit every provider or healthcare organization. By reviewing the current communication options, and adhering to all federal and state privacy and security requirements, covered entities can further ensure that they are able to find the right type of secure messaging platform.

Dig Deeper: 

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks