1 (800) 409 8078
Log In
New Here ? Sign Up

Secure Messaging Isn't Rocket Science

August 11,2015

Secure Text Messaging Can Sound Like Rocket Science

Secure text messaging is getting lots of play these days as a solution to the communication inefficiencies that plague the healthcare environment. Infrastructure, encryption, authentication, integration, aggregation... What in the world?  Oh, and they have secure tunnels too! That prison break in Mexico that's been in the headlines. That's right...through a secure tunnel. Yikes!

Any healthcare provider who has been through an abysmal EMR/EHR change thinks, “There is no way I am adding another “technology” on my plate. Forget about it! And what are they all talking about anyway?”

So to avoid that glazed over look, I decided to cut through the clutter and simply explain what all this stuff means to you and why it is important. 


Texting Is Not HIPAA Compliant…

This is a legitimate concern and one that shouldn't be taken lightly. Many physicians and their staff are texting PHI because it's fast and efficient. So what's the big deal? Well, it is risky. The data being sent is not safe, you have no way of knowing if it was received by your intended recipient and the message can remain on the sender and receiver phones and on wireless carrier servers indefinitely, potentially getting into the wrong hands. Plus, there is a financial risk for texting non-secure PHI. So, bottom line, you do need to be careful.

4 Essentials for HIPAA Compliant Messaging

(I know... the glazed over look...but this is the Cliff Notes version!)

To guarantee HIPAA compliance, a secure texting vendor will have:

  1. Tier IV data center which means that where the data is physically stored has safeguards and must also be certified that it adheres to information security best practices. In short, the data center needs to meet industry requirements for HIPAA compliance.
  2. Messages need to be encrypted both in transit and at rest. There needs to be a means of authenticating that the message was received by the intended recipient, plus have the ability to recall or delete a message if it is misdirected.
  3. Data needs to be secured on your mobile devices through a password or pin. If your kid is playing on your iPad and can open up your “secure” app…NOT HIPAA compliant.
  4. And finally, a secure texting vendor needs to have the ability to record and document an audit trail of all communications that include PHI.

Whew! I know you're glad that's over.


Choosing a Secure Texting Vendor

Ensuring compliance and security are the most important considerations. Secure messaging providers run the gamut in terms of “security.” After this has been determined, however, there are, what I call, “The Big 4,” that are also essential to creating an efficient communication process. Because that's what this is about, right? Coming up with a solution that will streamline workflow, improve efficiency, save time and reduce costs. Not one that adds months of training and frustration until finally an epiphany comes!

Make sure:

  • It is easy to use. The bottom line is that if the solution has a learning curve and is not as easy as your existing texting application, it likely will not be widely adopted or embraced in your organization.
  • It is easy to implement. The software should not require any long trainings or sophisticated IT interventions. You'll also want to find a vendor that will pre-build your network of internal and external colleagues. Otherwise it becomes a time-consuming activity for you.
  • It is affordable. Is it priced in such a way that even if it was not included in your annual budget, it can still be implemented?
  • It is a partnership. Do you want to be a partner with a secure messaging in which you can develop features and use cases that meet your group’s needs? Think about the relationship you're looking for...just another customer or a valued partner.

There is no doubt that the technology behind secure messaging is very sophisticated – that is why so few have actually succeeded in developing it. But the real questions for physicians and their staff is “How will this simplify communication...reduce phone tag...improve patient care...save time...reduce liability?”  I get that.

So as new “secure-text-speak” buzzwords du jour pop up, feel free to contact me for translation.

Dana Allison

Chief Operating Officer

IM Your Doc