Protecting ePHI and Improving Clinical Workflows with Secure Messaging
Protecting electronic patient health information (ePHI) has become even more critical since the healthcare industry has transitioned away from paper-based processes and into a more connected, electronic delivery model. Patient privacy and security is front and center in the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH).
Traditional messaging among healthcare providers often fail to meet the requirements of the current laws, leaving patient data vulnerable and providers liable for potential HIPAA violations. Providers are expected to protect against reasonably anticipated threats to security and impermissible uses and disclosures. They also must ensure compliance with these procedures by their workforce.
Healthcare providers need up-to-date messaging solutions that are secure, accurate, reliable, and immediate, ensuring compliance and improving patient satisfaction. Failure to protect ePHI can result in extremely costly fines levied by the Office of Civil Rights (OCR). The OCR performs random audits of healthcare organizations and their business associates, and breaches can also be reported to them.
Cyber criminals are targeting the $3.6 trillion U.S. healthcare industry because much of the information contained in a medical record is permanent and can’t easily be replaced like credit card numbers. Failure to adequately safeguard ePHI has plagued the healthcare industry for the past few years. According to The Ponemon Institute/IBM Security and its 2019 Cost of a Data Breach Report, a healthcare data breach in the U.S. costs an average of $15 million.
Secure Messaging and the Clinical Decision Support System
Currently, many healthcare providers still rely on paging systems to send messages to staff members. But pagers are a 1950s technology that is quickly being phased out and rendered obsolete by smart device technology. That’s why some hospitals have transitioned to SMS text messaging and e-mail, which staff members access on their mobile devices.
None of these communications methods are intrinsically secure. Pagers and mobile devices can be lost or left unattended, allowing unauthorized parties to access messages or e-mails. Even a doctor handing his phone to his son to play a game can potentially create a HIPAA violation if a patient-specific text is accessible on the device.
Providers are moving to consolidate devices, if favor of a a single, consistent messaging platform, that is secure and encrypted, and shifting away from pagers and other outdated technology.
An example of a secure messaging platform is our miSecureMessages app. miSecureMessages is a HIPAA and HITECH-compliant messaging application, that enables healthcare professionals to send fully encrypted messages to smart devices, ensuring privacy while leveraging technology that most physicians and staff already use. This technology can reduce costs, enhance service to patients, and improve the clinical decision support system (CDSS) in the process.
miSecureMessages sends and receives encrypted messages via smart devices and desktops. Clinical staff can send texts, photos, videos, and audio files securely. Recipients are notified about incoming messages via customizable, visual and audio alerts and can reply to an entire group or care team, just the person who sent the message, or someone else within the group. Busy staff can send quick phrases with a single touch or use the voice-to-text mode to speak a message into their device, which is then automatically converted into text. The app also provides a fully auditable record of all messages, as required by the Joint Commission.
The application issues a specific alert until the message is read, and can override the device’s settings with custom visual and audio alerts so important messages are immediately recognized and responded to. If a user is unavailable, they can turn the app off in order to stop receipt of new notifications and their “off” status is indicated to anyone attempting to send them a message.
A passcode, fingerprint scan, or facial recognition can be set as a requirement to open the app. If a mobile device is lost or stolen, a network administrator can deactivate the individual miSecureMessages license remotely. Messages themselves are never actually downloaded onto the device - ensuring they are secure. This protects patient data without requiring a complete remote wipe of the mobile device. This way, once the device is recovered, users still have access to all of their personal data and contacts and can begin using the secure messaging solution again.
The solution works on both cellular data and WiFi-based wireless networks, and provides an unlimited alphanumeric character display for messages, as well as an unlimited number of messages per user. Users can message colleagues directly (device to device), and even send messages to entire care teams.
Improving Clinical Workflows
Secure messaging can improve hospital operations. For example, the miSecureMessages app is currently being used by a healthcare organization to improve hospital porter efficiency. Before, porters carried pagers. If someone needed a porter, they would call a central dispatch number to place an order. The dispatcher would write down the details and send a message to the pager. The porter would then call in to get those details.
Now, all of the details of the order can be sent directly to smart devices that have been issued to the porters. Those placing orders can enter their own notes, which has made the dispatch process more efficient. Porters can better organize their calls since they can see all the details of each order at once. The porters also are leveraging their devices to send messages to each other to better coordinate their activities. They are even using the built-in cameras to take photos of broken equipment.
Reduce Costs and Improve Patient Care
Hospitals lose on average $8.3 billion each year due to using pagers and other outdated technologies (Ponemon Institute). Secure messaging can reduce the cost of hospital communications. Clinicians can get rid of their pagers and use their smart phones and tablets (devices they likely already carry) to manage work-related communications, which further reduces the cost of IT and administrative support for multiple devices. The average cost of a wide-area pager is approximately $9/month per user, and if an organization is using a two-way paging system, the cost is even higher. Compare that to the lower cost of miSecureMessages, which not only provides two-way messaging as part of the base solution but also allows users to message more than 100 recipients simultaneously.
Because detailed information is available in the secure messages, hospitals can even reduce the amount of overhead paging in the care environment, reducing “noise pollution” levels and improving conditions for both patients and staff.
Secure messaging also improves messaging response times. One customer pilot study found that with traditional paging, it took an average of 2.5 minutes to send a message and obtain a response from the recipient. Using miSecureMessages, the same process took just 34 seconds. If a typical hospital sends out 2,000 pages per day, that would be nearly 67 staff hours per day in saved time, or more than 24,000 hours per year. At an average hospital wage of $20/hour, that could lead to nearly $0.5 million dollars per year in labor savings. That total increases to over $1 million of savings annually when the result of reduced patient discharge times is also factored in.
Faster responses also mean that patient-related issues are handled more efficiently, without the need for time-consuming phone calls and note taking. Doctors can spend more time with their patients and reduce patient discharge time by 50 minutes (Ponemon Institute). The miSecureMessages app can be integrated with existing database solutions to improve access to EMR, decision support tools, and medical references.
The Future of Secure Messaging
The adoption of new healthcare technology is accelerating. Ensuring that ePHI is secure and private will be an increasingly important and challenging task. Hospitals and other healthcare providers that want to move away from outdated and costly paging solutions had limited alternative options in the past. However, current secure messaging apps provide a secure, fully encrypted replacement for traditional paging and enables new functionality that can improve patient care, streamline messaging procedures, improve productivity, and reduce costs.