Standard pagers remain a reliable, cost effective, and convenient way for communicating non-sensitive short messages, such as code alerts (without PHI), transport requests, and environmental notifications to name a few. As the largest paging provider in the U.S., we want to remind the industry that standard pagers should not be used to send PHI under any circumstances. For clinicians who need to coordinate care and are routinely sending PHI, secure messaging solutions like Spok Mobile or encrypted pagers protect that sensitive information.
What is encrypted paging?
Encrypted paging has been around for several years—we introduced our proprietary encrypted pagers in 2015—yet many hospital IT departments have been slow to act, as they feel they have systems in place that result in secure messaging. However, this is often not the case. For example, an assistant CIO at a large hospital recently told me that “our messages are ALL secured.” When I prodded to see how this was possible when they are not using Spok encryption equipment, I was told they “forward their pages to their smartphones that have a password!”
Certainly this method works just fine for information that is not protected. For example, a page to notify staff of a parking ramp closure or to alert housekeeping that a room is ready to be cleaned can be sent to a standard wide-area pager or a smartphone with no concerns. It was the fact that all messages in this hospital were viewed as being secure when sent via this method that gave us pause. For those messages sent by clinicians and undoubtedly containing some PHI, an encrypted channel would be the better, safer, and more compliant means of communication.
A passcode on a phone does not equal encryption. Encryption means industry standard encryption algorithms that encrypt sent and received messages over the air, plus display lock, remote data wipe, and display lock clear for additional security. For our T5 one-way encrypted pager and T52 two-way encrypted pager, each device is programmed with a unique key. Messages are encrypted using the AES-128 algorithm as they enter the Spok network and are sent over the air to the device where they are decrypted for display to the user. Standard pagers are not equipped with these security features.
Why does my hospital need encrypted paging?
Your hospital may not need encrypted paging. It’s all about choosing the right tool for the specific job. If your organization already has a diverse device mix that is appropriate to the role and nature of the work—for instance, standard pagers for nonclinical roles/messages without PHI, and Spok Mobile or encrypted pagers for clinical roles/messages with PHI—you’re already doing the right thing. If you know that departments or roles within your hospital are using unsecure methods to send PHI, you have cause for concern. While the risk of someone buying the necessary equipment to illegally “eavesdrop” on your patient care coordination notifications and conversations via pages is low, it is still a risk.
John Riggi, senior adviser for cybersecurity and risk at the American Hospital Association, advises hospitals should move to secure, encrypted pager systems when communicating PHI.
“When sending or receiving personal health information, the AHA recommends all hospitals and health systems use secure data transmission platforms that are in full compliance with standards of the HIPAA Data Privacy and Security Rules,” Riggi said.
How do I move to encrypted paging?
If you’ve determined that unsecure messages containing PHI are occurring at your hospital and want to take action to implement a secure method, whether it be secure messaging for smartphones or encrypted paging, we’re here to help with all of that. Not only are we the paging leader in the industry and have experts available to answer any questions you may have, but we have already been doing this exact thing—moving hospitals to secure smartphone and/or encrypted paging—for years.
We introduced Spok Mobile in 2010, and soon after, invested millions in innovating paging and developing encrypted pagers, which hit the market in 2015. Ever since, we’ve been helping hospitals make the shift to secure communication. No other company in healthcare has a history that extensive. We’ve helped hospitals with thousands of clinical paging users transition from standard pagers to encrypted ones or to secure smartphone messaging, and we’re ready to help you, too. In many cases, it can be as simple as swapping a pager!
If you’re continuing to use standard pagers for the foreseeable future, continually train and educate your hospital staff to refrain from sending messages containing PHI while using standard pagers or any other unencrypted mobile device. It is simply not safe nor is it HIPAA-compliant to use standard pagers for sensitive information.
I’m ready to learn more.
Great! Thank you for being so proactive and taking action to ensure that your communication methods protect your hospital and your patients’ data. We’ll be with you every step of the way. Contact your Spok representative directly or our business solution advisors so we can learn more about your communication needs and answer your questions about secure messaging and encrypted paging.
No matter which devices compose your hospital’s unique mix—standard pagers, encrypted pagers, smartphones, tablets, Wi-Fi phones, and more—Spok Care Connect supports them all. We only want to help you make sure you have the right device for the role and workflow, and of course, that you’re protecting patient data at all times.