Petal Blog

What is HIPAA-Compliant Secure Messaging for Physicians?

Sending SMS messages has become a de-facto way of communicating for the general public. It’s convenient, non-intrusive and fast. The receiver is in control of when to read and reply to a message, ignoring it if it's not urgent, and replying when important. Short and meaningful messages are an ideal way of communicating quickly and efficiently.

Texting Patient Health Information is  Permeating Healthcare

The rise of smartphones in the general public has also reflected their use in healthcare. There are many studies that conclude the rise of mobile phones and tablets among physicians (BMJ Innovations, BMC Medical Informatics, JMTM, Epocrates). The trend is so prevalent, that many hospitals have adopted Bring Your Own Device (BYOD) policies.

Although technologically-savvy doctors are bringing mobile devices into their workplace, innovation in hospital communication hasn’t drastically changed since the introduction of the pager. Most hospitals rely on pagers, internal email exchange systems and phone operators for reaching on-call physicians, all of which are often time consuming for all parties involved.

With so many available options and devices, no wonder a breakdown in communication is a common issue in hospitals. In fact, according to a Joint Commission report, it's tied to more than 70% of all reported sentinel events in 2013. So, to avoid missing vital information, physicians are turning to smartphones to reach each other.

Miscommunication is the root problem of 70% of all reported sentinel events in 2013 - a Joint Commission report.

Text Messaging is Inherently Non-Secure

The main problem with text messaging is that it’s non-secure and non-compliant with many privacy and security standards. Text messages sent among clinical staff most likely contain a patient’s personal health information. Messages containing private information can be read by anyone and forwarded to anyone. They can also remain unencrypted on telecommunication servers and stay on the sender’s and receiver’s phones. Unfortunately, this has lead to cases of privacy leaks reaching media attention, signaling their importance and magnitude. In Cincinnati for example, UC Health officials said more than 1,000 of their patient’s information may have been be compromised after an email error. More recently, in Quebec, a text message with patient information was sent to the wrong person and made it to the radio.

In the U.S., the Joint Commission has banned physicians from using traditional SMS for communicating personal health information; a violation that can result in a fine of $50,000 per patient. As a response, the U.S. federal government has passed the Health Insurance Portability and Accountability Act (HIPAA) which outlines the privacy and security provisions that need to be taken when managing electronic personal health information.

The Canadian government has not mandated country-wide compliance. With the emergence of electronic documents however, the government of Canada put forth the Personal Information Protection and Electronic Documents Act (PIPEDA). This law stands to protect the privacy of the data found in most electronic files, including patient files. Some Canadian provinces also have other regulations similar to or not as strict as HIPAA, such as Ontario’s PHIPA, although the comparison can be difficult to make.

What Does “Secure Messaging” Actually Mean?

Most people assume that secure messaging is synonymous with encryption. However, security goes beyond encryption of the message in transit. Real security means:

  • Protecting personal information while it’s on the smartphone and requiring a PIN to access messages with personal information.
  • Being able to wipe that personal information in the event that the smartphone is lost or stolen.
  • The ability for recipients to identify the sender and understand the context around the message instead of receiving a questionable note from an anonymous number.
  • Ability to track the status of a message: when it was received, opened, etc.

These are some considerations that should be applied when choosing a secure messaging app, but to break the communication silos between department and hospital staff, a secure messaging system should be deployed throughout the entire hospital.

Standardising Hospital-Wide Communication is the Answer

So what can hospital executives do about physicians sending text messages containing patient information? Implement a hospital-wide communication system that complies with privacy and security standards.

For texting to be a comprehensive solution for healthcare communication and become a true enterprise solution for physicians, it has to be part of a broader healthcare communication system. The best way to get an app to be used is by making it useful. This means the app needs to integrate with current hospital systems already being used by staff and clinicians and be part of their normal workflow.

PetalMD is a Secure Hospital-Wide Communication Platform

We take unprecedented steps to ensure the security of our data and communication system. Our platform complies with HIPAA privacy and security standards and beyond, so that patient health information is protected.

PetalMD privacy and HIPAA-compliance highlights:

  1. User authentication to confirm the medical professional’s identity
  2. Protected Health Information is encrypted at every level with the strictest international encryption standards.
  3. Data stored with 256-bit AES encryption
  4. Secure, private server with backup
  5. Security policies and procedures to prevent and contain security violations
  6. Federal Information Processing Standard (FIPS) 140-2 Standards Compliant
  7. Data Infrastructure is SSAE-16, ISAE 3402 and CSAE 3416 compliant
  8. Continuous audits by a third-party company

Improve Patient Care with a Secure Texting Network

Although more efficient for the clinical and administrative staff, a hospital-wide communication platform also benefits patient care. With a private and secure texting network, doctors, nurses and staff can achieve the following goals:

  • Better clinical decision making with faster information at hand.
  • Quicker intervention and improved patient outcome.
  • Securely send lab results, imaging results, patient procedures, and medical histories, allowing physicians to have more information readily available.
  • Faster on-call notifications
  • Reduce hospital operations costs by relying less on phone operators
  • Integrate with scheduling systems for timely staff management

If you have any questions regarding security compliance, don’t hesitate to contact us.