Just like the rest of America, health care workers are becoming increasingly dependent on their mobile devices, and finding that texting is a convenience they’d rather not leave behind when they go to work. That’s despite the potential privacy concerns associated with unsecured texting apps.
A recent study in JMIR Medical Informatics found that 71% of 131 internal medical residents said they had received a patient’s first or last name by text, 82% received patient initials and 50% received a patient’s medical record number. These may be practices that pose the risk of HIPAA violations. The Joint Commission, in an informal blog post in April 2015, counseled caution with unsecured consumer-oriented texting apps, both for the potential to violate patient privacy and because abbreviated messages may insert confusion into patient care. More specifically, the Joint Commission has said in its standards FAQ that it is not acceptable to text orders in a healthcare setting.
The Joint Commission noted that it was talking about consumer smartphone texting, not secure technologies designed to be HIPAA-compliant. An Electronic Frontier Foundation review of consumer texting apps found that just six of 39 met its secure messaging standards. EFF’s review asked the following questions:
- Is your communication encrypted in transit?
- Is your communication encrypted with a key the provider doesn’t have access to?
- Can you independently verify your correspondent’s identity?
- Are past communications secure if your keys are stolen?
- Is the code open to independent review?
- Is the crypto design well documented? And
- Has there been an independent security audit?
Medical residents, presumably digital natives, prefer to communicate by text, said 72% of those in the JMIR study (though only 21% preferred texting over other methods for secure communication). The study’s authors, internal medicine physicians at the University of Chicago, suggested that hospitals find some middle ground, recognizing that texting may make it quicker and easier to communicate, thereby improving workflow and the quality of care.
Texting has the potential to add value in health care in other ways, according to researchers writing in the Online Journal of Public Health Informatics. They noted that texts can be used with patients to remind them of appointments or to take their medicine, or to send prevention messages and support.
At the same time, hospital leaders have to ensure that communications follow federal healthcare privacy law. Many healthcare organizations’ policies have not caught up with the ways that mobile devices have taken over daily life. More than half of healthcare organizations do not use encryption software for texting, according to a 2013 survey by the College of Healthcare Information Management Executives.
The Doctors Company, which sells malpractice insurance to physicians, recommends that texting among medical colleagues be encrypted and exchanged in a closed, secure network. It also suggests technical solutions such as autolock (which secures a device when it’s not being used) and wiping programs (to erase data, texts and email remotely). Health care organizations should have a texting policy that outlines the acceptable types of text communications.
There are a number of secure texting solutions available on the market. These include athenaText, a messaging app for iPhone and Android –and the Apple Watch. An advantage to athenaText is that it allows you to invite non-physicians, such as social workers on your care team, to register for the app so that your communication is secure. It is also linked to Epocrates, so it can easily pull clinical information from the Epocrates database into a message.
Given the complexities of choosing a HIPAA-compliant texting solution — and the importance of ensuring that patient data remains secure — many organizations seek outside assistance. A consultation with Vicert’s health IT experts could help you make a compliant and cost-effective choice. Contact us for more information.
We’re also interested in your experiences with texting — drop us a line through email or via twitter with your thoughts about how this technology we have all come to rely on in our personal lives can be used to improve workflow in health care without endangering patient privacy.