Health care professionals do their best to stay connected — doctors with nurses and office staff, attending physicians with residents, primary-care providers with specialists and every combination in between. But privacy regulations, especially the Health Insurance Portability and Accountability Act, or HIPAA, put constraints on how they can send medical data, leaving them to either rely on out-of-date, inefficient technology or flout the law.
Fortunately, new developments such as secure texting are making it easier to keep information flowing freely while staying compliant with privacy regulations. That’s good news for providers, who can communicate in a way that’s convenient and that makes sense in the digital age. And it’s good news for patients, who want their doctors to spend their time thinking about care, not waiting around for messages, and who don’t want to see health care costs rise as a result of HIPAA fines.
More Read
The Problem
Communication in health care is peculiar, to say the least. People who don’t work in hospitals might be surprised, for example, to learn how long the humble pager has held on. It’s a fixture in inpatient facilities even today as clinicians and administrators see the technology as a surefire way to stay within the law, despite its disadvantages.
But that might not be true for much longer as younger doctors adopt more modern approaches. In early 2013, Kantar Media found that 90 percent of physicians under age 35 used their smartphones in their work.
In a 2012 study of doctors at pediatric hospitals, 57 percent reported either sending or receiving work-related text messages. Fully 12 percent said they sent more than 10 messages per shift. The physicians were texting primarily with pediatric hospitalists, fellows or residents as well as with subspecialists and consulting physicians, according to an American Academy of Pediatrics press release. Most respondents in the University of Kansas research indicated that their hospitals did not have specific policies on texting. Providers are clearly flocking to mobile whether their employers’ rules have kept pace or not.
The move to newer technologies is, at its core, a good thing. Health care providers need quick, convenient and reliable ways to get messages to each other. The use of pagers and other out-of-date communication methods leads to lost clinician productivity and longer patient discharge times. Most physicians are all too experienced in the phenomenon of “phone tag.”
Doctors who strive to provide state-of-the-art care don’t deserve to be stuck with the communications equipment of yesteryear. And neither do their patients.
The Threat Is Real
Health care organizations that restrict the use of text messaging among clinician do so with good reason. By HIPAA standards, standard texting is, after all, not a secure means of transmitting protected health information. The problem, of course, is that you can’t be sure who’s receiving the message — or who’ll see it in the future, since texts tend to hang around on phones, viewable by anybody who happens to pick up the device. A single violation can result in a fine of as much as $50,000.
In April 2012, a five-doctor cardiac surgery practice in Arizona was ordered to pay $100,000 in fines and take corrective action for HIPAA violations. The case involved myriad violations, including posting patient appointments on an Internet-based calendar accessible to the public. But texting is clearly on U.S. Health and Human Services’ radar. The agency stated that the practice’s risk-management plan “must implement security measures sufficient to reduce risks and vulnerabilities to ePHI to a reasonable and appropriate level for ePHI in text messages that are transmitted to or from or stored on a portable device.”
Small or large, health care organization cannot afford to ignore the dangers of noncompliant messaging.
Secure Texting
Despite the risks inherent in standard messaging, there are ways to safely incorporate texting into the practice of health care. An effective secure texting solution must include ensure the privacy of protected health information. Among the features to look for:
- Encryption at all levels, including database, transmission and on the app, with federally validated standards.
- A remote mobile app wipe option in case of a lost phone.
- Automatic logout with inactivity.
- Secure private server with backup.
- Functioning on every spectrum of cellular data and Wi-Fi to provide broad coverage and avoid “dead zones” in hospitals.
- Tracking of whether messages have been delivered, with repeated ping of the user until delivery occurs.
- A maximum 30-day data life for messages.
Clinicians can best do their jobs when they have easy, reliable ways to communicate with each other. For most Americans today, one of the most natural ways to stay in touch is to pick up a smartphone and start texting. It’s an excellent approach for health care providers, too, but only with the right precautions. An effective secure texting solution can improve the quality of care while keeping clinicians on the right side of the law.
