What Does “Secure Texting” Really Mean?

Spok is pretty active on social media, and we get a lot of questions from people following us around the globe. We use social media sites like Twitter and LinkedIn to help us tell the story behind our technology. We talk a lot about secure texting in particular, as it figures into nearly everything we do.

Recently a Twitter user named Amanda asked us the basic yet thought-provoking question, “Can you explain what #securetexting is?” While our answer could be to rattle off the usual detail about HIPAA’s Security Rule and encrypted PHI (protected health information), the truth is that it goes much deeper than that—especially for healthcare, which is Amanda’s background.

At this point, most people realize that standard SMS text messaging isn’t a safe or accepted method for sending PHI due to the lack of encryption.  But encryption isn’t the complete answer either. If encrypting a message during transmission were the only requirement, more consumer-grade apps such as Snapchat, Skype, and WhatsApp would be acceptable for clinicians to use to share sensitive patient details. Yet plenty of clinicians are using these and other unsecure methods to send what should be well-protected information.

There’s a reason we use the term “secure texting” rather than just referring to it as encrypted—security goes beyond the encryption of the message in transit. True security means protecting the data while it’s on the device and requiring a PIN to access messages with PHI. True security means wiping that PHI in the event a device is lost or stolen. True security means that message recipients can identify the sender and understand the context around a critical message (such as a medication request), instead of receiving a useless note from an anonymous number. And, of course, security also means the ability to track the status of a message: when it was received, opened, and so forth.

These are some of the considerations that need to be applied to healthcare-grade messaging apps when organizations are evaluating their needs. Viewed through these lenses, the number of options is significantly narrowed.

Amanda’s question was an interesting one because it causes us to think not only about the above-mentioned aspects of security, but also about something we at Spok consider vital—the security felt by hospital administrative and IT staff in knowing that clinicians will use such an app rather than just falling back on comfortable methods such as SMS. The best way to get an app used is by making it useful. In the case of a communications app, that means allowing users to do more than just send and receive messages between one another. The app needs to integrate with systems in the hospital used by staff and clinicians and be a part of their normal workflow. Additionally, those systems need to be able to send messages, too. Being useful includes delivering patient monitoring alerts to the same app as a consult request, or delivering a nurse call request the same way as an admit notification.

So thanks, Amanda, for asking a question that requires us to reflect, and thanks to all who connect with Spok on our social media channels such as TwitterLinkedIn, and Facebook.