Why and How Hospitals Should Adopt Secure Text Messaging
In hospitals everywhere, IT departments evaluating communication solutions for clinicians struggle to balance end user convenience and patient data security.
On the one hand, clinicians are demanding easy-to-use consumer messaging services to coordinate patient care. A recent survey of general surgery residents conducted by the University of Toronto found that 100 percent of respondents used texting for patient-related communication. Another study discovered that U.K doctors and nurses routinely use their own smartphones for patient care.
On the other hand, privacy for protected health information (PHI) is a growing concern. In 2016, the HIPAA “Wall of Shame” reported 329 breaches that affected more than 500 records. Altogether, those 329 breaches exposed 16,471,765 patient records. This represents a dramatic increase from the 18 breaches that exposed 134,773 records in 2009 when the HITECH Act first mandated that breaches of unsecured PHI affecting more than 500 records be posted online, according to HIPAA Journal.
Standard texting does not comply with data security regulations, and messaging systems are among the top information assets that pose a security risk. Approximately 75 percent of hospital administrators and health IT professionals responding to a recent survey by MedData Group concluded that these systems present a major security threat.
How do hospitals reconcile conflicting requirements to deliver the experience users want and the data security regulations require? The answer is secure text messaging.
What is secure texting?
Secure text messaging provides comprehensive security for the communication of PHI on mobile devices as the care team carries out critical patient care workflows. These solutions are developed specifically to comply with mandates, including those from the Health Insurance Portability and Accountability Act (HIPAA) and the Joint Commission.
HIPAA puts in place rules about who can look at, receive, and use a patient’s health information as well as measures that protect the confidentiality, integrity, and security of the information. HIPAA’s security rule sets national standards for the security of electronic PHI. A major aim for the HIPAA security rule is to “protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care.”
While HIPAA puts forth overall principles regarding the need to secure PHI, it offers few detailed guidelines for their implementation. The Joint Commission has filled in the gaps when it comes to secure text messaging by announcing specific secure text messaging requirements. These include a secure sign-on process, encrypted messaging, delivery and read receipts, date and time stamps, customized message retention time frames, and a specified contact list of individuals authorized to receive and record orders.
Improving patient care
Secure text messaging improves patient care by allowing caregivers to communicate more quickly and easily among themselves and with patients. Better communication engenders a wide range of advantages for patient care, including:
Faster decision-making—The ability to send messages, images, reports, videos, photos, and other attachments securely to members of a patient’s care team facilitates faster decision-making. For example, securely texting a radiologist’s interpretation of a patient’s imaging results can speed treatment.
Fewer medical errors—The Joint Commission estimates that 80 percent of medical errors are caused by miscommunication. For example, when messages are delivered over the phone, providers can misunderstand what’s being said or forget to take necessary action. A log of messages sent/received provides an easy-to-access record to support the proper care.
Better patient compliance—Clinicians can use secure text messaging to remind patients to take prescribed medicines and comply with recommended care practices, such as presurgical procedures designed to reduce infections. A study published by the Journal of the American College of Surgeons found that patients prefer text messaging when partnering with physicians to manage their healthcare.
Shorter hospital stays—When hospital care providers use secure text messaging to communicate, patients can have shorter hospital stays. A study at the University of Pennsylvania’s Perelman School of Medicine found that over the course of a year, patients whose providers used text messaging reduced their overall hospital stay by 14 percent.
What to look for in a secure texting solution?
When selecting a secure texting solution, hospitals should, of course, consider whether it offers the right features to ensure regulatory compliance. But a secure texting solution requires more than just features. Hospitals need to ensure they have the right wireless infrastructure to enable non-stop communications as well as capabilities for managing large numbers of mobile devices.
In order to meet Joint Commission and HIPAA requirements, a solution must offer a specific set of features. These include:
- Protection for messages in transit through encryption
- Security for data stored on the device through features that prevent message content from being viewed in front of the screen lock
- Access control measures, such as a PIN, to ensure that only appropriate parties are able to access messages containing PHI
- The ability to wipe the PHI in the event a device is lost or stolen
- The ability to allow message recipients to identify the sender and understand the context around a critical message, such as a medication request
- The ability to track the status of the message, including when it was received, opened, and so on to ensure it reached its intended audience in a timely manner.
Secure text messaging presents a use case that wireless networks usually don’t account for. Messages sent via secure text messaging applications can have a critical impact on patient care, and many require an immediate response. Yet wireless networks have many limitations that can disrupt network connectivity and cause delays in message delivery, presenting a significant risk to patient care, for instance:
- When access points have multiple service set identifiers too close to one another or hold onto IP addresses for too long, the signal can be diminished and internet connectivity lost.
- Wireless networks with captive portals that require users to accept terms and conditions before connecting can wreak havoc on network connectivity. When the device leaves the range, data connectivity is lost until the user manually accepts the terms again.
- Many hospitals run into problems when care providers work out of multiple affiliate hospitals with disparate wireless SSIDs, where some networks are restricted and some are not.
- Some devices do not support simultaneous voice and data on mobile data networks. They cannot receive data while the user is on a voice call.
- Many device settings can cause issues with network connectivity and/or delivery of push notifications, such as airplane mode, turning off Wi-Fi and low power mode.
Before implementing a secure messaging solution, organizations need to architect their wireless networks to provide ubiquitous coverage within the hospital, particularly within critical areas such as the OR or ER, in common areas such as nurses stations and lounges, and in hallways.
Scalability is a significant challenge that hospitals face as they plan to implement secure text messaging. IT needs a way to rapidly deploy the client application to large numbers of clinical users, manage security settings, and report on the environment at scale.
Mobile device management (MDM) and enterprise mobility management (EMM) tools can help healthcare organizations achieve scalable deployments and manage large populations of users. These tools automate, speed, and simplify the process of deploying hardware settings to new employees. Organizations gain control over who can access hospital systems through mobile devices by using MDM or EMM solutions to configure device-level security settings, such as encryption and passcodes. These solutions enable remote wiping of hospital-related information if the device is lost or stolen or if an employee leaves the organization. They also provide device-level reporting—providing an inventory of devices, applications and settings (user’s name, phone number, SIM carrier, network provider, and data about the device such as model and serial number) that project managers need to validate HIPAA compliance or troubleshoot incidents.
Where is secure texting headed?
Secure texting is a great initial step for hospitals wishing to deliver secure, HIPAA compliant communications. But hospitals’ communication needs are evolving well beyond simple messaging. To deliver care precisely when and where it’s needed, hospitals need a comprehensive solution that goes beyond mere texting to enable better care coordination and simplify end-to-end workflows.
Within a hospital, staff need information from dozens of programs and systems—EHRs, critical lab/radiology results, patient-specific monitors, nurse call, employee directory, building security and monitoring, and the bed management system. These systems need to send information to a multitude of different devices including smartphones, pagers, voice badges, email systems, LED boards, tablets, and Wi-Fi phones.
Hospitals are recognizing the need for communication tools designed specifically for healthcare’s complex work environment that can integrate information from a wide variety of inputs and disseminate it to any number of output systems and devices.
Such an integrated secure texting solution can improve a wide range of hospital workflows. A few examples include:
Easily locate the right on-call provider. Finding the right care provider can be tricky when hospitals have many shifts and on-call schedules. If one provider is unavailable, how do you find the next in line? An integrated solution that brings together the staff directory, web-based on-call schedules, and intelligent escalation rules can quickly find the right provider to more easily coordinate care and improve patient safety.
Facilitate communications with nurses. Patients are happier when they can communicate with their nurse soon after hitting the nurse call button. Texting alone can’t address this situation, but paired with a robust communication system, nurse call alerts can go directly to the appropriate nurse’s pager, smartphone, or Wi-Fi phone.
Streamline workflows. Physicians and nurses waste a lot of time playing phone tag or waiting for orders. With enhanced communications, once a nurse makes a request, the physician can enter the order remotely into a computerized physician order entry (CPOE) system, which will automatically send the nurse a message from the EHR when the order is ready.
Expedite code calls. Processing codes quickly is a matter of life and death. An efficient code call response requires that the right people be notified regardless of their location or device and that the situation is monitored and notifications escalated. Secure messaging applications must be integrated to support this complex workflow.
Accelerate test-result reporting. Many hospitals use a time-wasting combination of phone tag, paper documentation and EHR documentation for radiology and lab test result reporting. An integrated communications platform with critical test results management plus secure texting can deliver results directly from the laboratory information system (LIS) and the picture archiving and communications system (PACS) to an ordering provider’s mobile device. After radiologists or pathologists report their findings through the system, it can launch a message and deliver it to a smartphone via secure text, email or pager. The alert can include detailed actionable information and follow escalation rules for unacknowledged alerts to reduce administrative time and enable faster care. It also leaves a clear audit trail.
Lower the volume. Reducing noise from alarm notifications makes the hospital quieter and provides a more restful environment for patients. Secure text messaging is less disruptive than overhead paging. Combining secure text messaging with mobile device alerts from monitoring systems and staff assignment protocols enables routing of patient alarms directly to the appropriate staff for faster response and reduced overhead paging.
Streamline handoffs. Handoffs continually happen between providers. An integrated communication solution can make the handoff points seamless, making it easier to get the right information to the assigned team quickly. This can happen with support for HL7, a standard format used to share information among different healthcare systems.
Hospitals seeking to meet clinicians’ needs for convenient communication that meets regulatory demands for safeguarding PHI are increasingly turning to secure text messaging. Even the simplest solutions enable hospitals to improve patient care through rapid, secure communication. And solutions that integrate with an enterprise healthcare communications platform can go even farther. These tools can simplify a wide range of end-to-end hospital workflows, such as locating the right provider, improving communication with nurses, speeding order fulfillment, getting test results back quicker, identifying sepsis cases, more efficiently responding to code calls—and even reducing noise and streamlining handoffs.