Security Magazine

Fostering HIPAA Compliance and Saving Time with Secure Texts

November 15, 2013

Do your healthcare employees text? Careful – this could be a serious HIPAA compliance problem. According to SearchHealthIT, nurses and physicians are likely already using the unsecure text-messaging apps that come with their personal smartphones to communicate at a quicker pace.

"If you don't provide a communications system, they will find one, and they're going to use it, regardless," said Sally Reeves, healthcare project director at Frisbie Memorial Hospital in Rochester, N.H., in the article. "Things happen too quickly now in hospitals, and information needs to be distributed at such a fast pace in order to coordinate the next thing that's needed. We're under such constraints to get patients out in certain periods of time. They only have so many hours or days here based on their diagnosis, so you have to be speedy in getting results back, setting up the next test, all of those types of things."

Potential compliance violations start with a lack of proper encryption, audit logging and smartphone security issues, such as messages kept in-memory that could be read by whoever’s using the phone. The value of texting is irrefutable, cutting down on call volume, saving time and making patient care more efficient (no missed voicemails). So hospitals are turning to secure texting systems, SecureHealthIT reports.

The system that Frisbie Memorial Hospital is using connects iPhones and hospitals computers and phones via Voice over IP and logs practitioners out of the system once they leave the building.

Installing the program did require some additional infrastructure, including beefing up Wi-Fi capabilities and building geofences (which erase clinical data when a phone leaves the premises). The program doesn’t work with Bring Your Own Device policies, as the hospital’s IT department disables the devices’ cameras and prevents browsing. However, practitioners now send about 60,000 texts a month to each other, and the number of calls, formerly 1,500 per week, has been reduced to fewer than 200 per month.