About a month ago I read an article that made me shake my head.
The article, “Medical Residents Embrace Texting, Putting Patient Info at Risk” summarized the findings of a recent survey conducted at two acute healthcare facilities. Among other findings, the researchers found:
• Medical residents’ preferred method of communication was SMS texting; 72 percent said it was preferred because of its efficiency and 80 percent because of its ease of use
• 71 percent reported having received patient identifiers (first and/or last name), 82 percent received patient initials, and 50 percent received a patient’s medical record through SMS texting
• 83 percent said they preferred the hospital paging system for secure communications, even though the paging system they referenced is not HIPAA-compliant
While the sample size for this particular study was fairly small, these findings underscore the critical importance of education about secure communication options in healthcare. If these medical residents, likely members of the Millennial generation who are generally early adopters of technology, are overwhelmingly using unsecured texting to send electronic protected health information (ePHI), how many others are doing the same? And why? Are they lacking education on HIPAA-compliant communications? Or, if they are aware that it is not compliant to send sensitive information via SMS, then are they not being presented with secure communication options by their organization?
Secure text messaging solutions can and should be in place at every organization bound by HIPAA. Consider the frequency with which cyberattacks are growing in healthcare: The Workgroup for Electronic Data Interchange (WEDI) reports that between 2010 and 2014, approximately 37 million healthcare records were compromised in data breaches. But in the first four months of 2015 alone, more than 99 million healthcare records had already been exposed through 93 separate attacks. Secure communications technology needs to be in place and permeate the ranks of every hospital, but even that isn’t enough. WEDI President Devin Jopp says healthcare security is a key issue that must be addressed by executive leadership teams “to build that culture of prevention.”
As the survey of medical residents illustrates, the culture of security breach prevention is still not present in some healthcare organizations, and perhaps it is not a focus in medical school curricula either. Patient information security measures should be included during medical school so students leave with a thorough understanding of ePHI, with secure text messaging being part of that. But the culture of security issue prevention also falls on all of us in the healthcare industry. If our team members, clinicians, and staff don’t know, we need to inform them, and if they do, we need to consistently reinforce the importance of secure communication of ePHI. Implementing a secure text messaging solution isn’t going to eliminate unsecure SMS texting by itself. But it’s a step in the right direction to educate students, residents, and clinicians on why they should use secure technology and who they are putting at risk if they don’t comply: their patients. There are several options for securely communicating ePHI. Besides secure text messaging applications like Spok Mobile®, paging can also be HIPAA-compliant.
For our part at Spok, we’ll continue to make our secure text messaging solution easy to use. We know part of the reason applications like iMessage® and WhatsApp® are used so heavily in healthcare is because they are so intuitive, and we are constantly thinking of the user when we add or modify features in Spok Mobile.