Implementing HIPAA-Compliant Secure Messaging in Your Practice

While health care technology has generated many benefits, such as digitizing patient records and performing advanced analytics, one of its greatest contributions has been enhancing communication between care teams and clinicians. Not that long ago, physicians and their teams communicated through phone calls, pagers, fax machines, hand-written messages and games of phone tag. Now, through advanced technology, we have access to smartphones, which are literally millions of times faster than NASA’s 1960s computers.

With smartphones, various forms of text messaging and related collaboration have started to take hold. Some recent statistics provided by SimpleTexting indicate that:

• Average Americans check their phones 46 times a day
• Average adults spend 23 hours a week texting
• Text messages are read, on average, in under 5 seconds
• The average millennial exchanges an average of 67 text messages per day

Additional data show that text messages are easier to respond to than emails and have a much higher open rate.

• It takes 90 minutes to respond to an email but only 90 seconds to respond to a text message
• 90 percent of text messages are read while only 20 percent of emails are opened

Incorporating Secure Messaging into Your Workflow

There are many different secure, HIPAA-compliant messaging solutions on the market. To be HIPAA compliant, an application must meet health care industry standards for elements such as privacy, security and data storage. For example, communications must be contained within the application versus stored on a local device. This is one reason standard SMS texting is non-compliant.

To varying degrees, leading solutions offer patient-specific methods for communication between physicians and care teams. More sophisticated solutions can incorporate information from Health Information Exchange and act as the vehicle to provide Care Transition Notifications to medical staff.

The following five considerations and cautions can help make your organization successful as you implement a secure messaging solution.

1. Select an application that is intuitive and can be integrated into your existing systems. This is important as you will want a way to query applicable patient names and have the ability to include their names in the messages. A step further would be to incorporate these messages in the electronic medical record.
2. Agree on a workflow between the physician and the care team. Secure messaging is not effective if people aren’t checking their messages in a timely manner.
3. Make sure your team knows that using standard SMS texting is not HIPAA compliant when referencing patient information
4. For hospital services, do not use secure messaging for patient orders, as required by the Joint Commission
5. Check labor rules and applicable laws when deciding what devices to use for secure messaging plus who should access the messages at what times

In conclusion, secure messaging has the opportunity to improve patient care and reduce the amount of time it takes to respond to important