The Health Insurance Portability and Accountability Act (HIPAA) was established
in 1996 to set rules regarding privacy and security of “not only what is
considered protected health information, but also minimum standards for the
protection of such information” (Przybylo et al., 2014, p. 573). With
technology becoming a widely popular way for healthcare providers to
communicate, maintaining HIPAA compliance should be the priority. HIPAA
compliance can be defined as “meeting the minimum standards for physical,
network and process security” (Przybylo et al., 2014, p. 573). In
healthcare, various forms of telecommunication are used such as (a) email, (b)
overhead paging, (c) voice calls and (d) text messaging (Przybylo et al.,
2014).
Identification
of Problem
Many physicians prefer to utilize
text messaging as a form of sharing information about patients or to give
nursing staff orders. According to a survey done by Ponemon, 80% of the
physicians surveyed admitted to texting patient health information insecurely
over their personal mobile device (“Secure communications for healthcare”,
2014). When physicians use personal mobile devices, messages sent
may not be secure which can result in a HIPAA violation costing up to $1.5
million per event (“Secure communications for healthcare”, 2014). For some
physicians, it may be easier to use their personal devices than a secure
messaging program. Using a personal device without secure messaging risks
patient health information being sent to the incorrect individual
or even being compromised by a third-party.
The National Cybersecurity Institute reported a total of
112 million healthcare breaches in 2015 (Stanaland,
2016). HIPAA defines
healthcare breach as “the unauthorized
acquisition, access, use or disclosure of protected health information (PHI)
which compromises the security or privacy of such information.” (“Protecting
health information: the HIPAA security and breach notification rules”, 2014). Approximately 87% of physicians use a personal unsecure
mobile device to support their workflow due to 53% of hospitals not having a
secure text messaging system in place (Stanaland,
2016). One of the main
focuses in 2016 for hospitals was the implementation of a secure text messaging
program due to the increasing number of information breaches (Stanaland, 2016).
According the Baptist Health
Policy (2014, p.1) on text messaging, encryption is the "process
of converting information into a form unintelligible to anyone except
holders of a specific cryptographic key." Messages sent via a
non-secure device or program are not encrypted and therefore not HIPAA
compliant. Recommendations can be made to ensure the safety and security of
personal patient health information.
Recommendations
for Improvement
There are some recommendations to
be made regarding the safety and security of personal health information sent
via text. One of the ways text messaging can be secured is through
HIPAA-compliant group messaging (HCGM) programs. HCGM programs allow
information to be sent via secure text messaging while maintaining HIPAA
compliance. Hospitals have a variety
of HCGM programs to choose from and would be a good
recommendation. Hospitals should encourage the physicians and staff
to utilize the HCGM program provided at their facility to
communicate patient health information via text.
Some of the resistance to using a
HCGM program could be the need to type a message whereas if certain messages
were programmed, then the physicians would not have to waste time typing. The
programmed messages could include anything from preset diet orders to common
medications. By having preset text messages the risk of mistyping a word
or medication would be reduced and improving patient outcomes. According
to the Baptist Health Policy (2014) physicians and other licensed professionals
are not allowed to text orders to nursing staff. The ordering professionals are
to either give the order via telephone or place the order themselves.
Another recommendation to improve
the safety and use of text messaging in healthcare involves interoperability of
HCGM programs and the various documentation systems. Some of the HCGM programs
could connect with the documentation system used at the hospital or facility,
to allow physicians to place orders securely from their phone. The
interoperability of the HCGM and documentation systems would help with the
productivity of physicians placing orders instead of texting them to nursing
staff. Baptist Health performs audits of all text messages sent via Cortext
Imprivata; the HCGM program used at all the facilities (Baptist Health, 2014). Performing
these audits allows monitoring of all messages and the ability to track
physicians giving orders over the HCGM. Therefore, having a secure messaging
program that not only allows physicians to contact the nursing staff, but also
place orders would help prevent physicians giving orders via the HCGM, secure
patient health information and ultimately keep the patients safe.
Nursing
Benefits and Improved Patient Outcomes
The previous recommendations will not only benefit
nursing, but also improve patient outcomes. Secure text messaging is beneficial
to nursing in critical situations such as notifying the physician of a rapid
response or code (Gellert, Conklin & Gibson, 2017). The use of secure
messaging could be used when family would like to speak with the physician and
the notification of lab or radiology results (“Secure communications for
healthcare”, 2014). Some physicians do not want to be called for messages
regarding family or other topics that can be answered via a simple
text. Some physicians respond faster to text messages than telephone
calls, which can improve the patient outcomes. Physicians should be able to use
autonomy to decide if a physical telephone call should be made to the nursing
staff or if it can be done via text message. There are HCGM programs that allow
physicians to call the nurse back directly from the text message, which allows
for a quicker response and in turn, can lead to a better patient
outcome. According to Przybylo et al. (2014), 85% of the physicians surveyed
said they would recommend the use of a HCGM system for communication among
colleagues and nursing staff.
At Baptist, Cortext Imprivata is
used to communicate between the nursing staff and the physicians. Cortext
Imprivata is a secure messaging program that allows for higher provider
productivity and easier care coordination between the interdisciplinary team
("Secure communication for healthcare", 2014). Although Baptist does
not allow physicians to give orders over text, the Joint Commission
"reversed the prohibition on texting patient care orders if a secure
encrypted clinical texting platform is utilized" (Baptist Health System,
2014; Gellert et al., 2017, p. 1). With the help of the Joint
Commission and health information professionals, policies about secure text
messaging can be developed to minimize the risk to patients, clinicians, and
hospitals systems as "secure clinical texting becomes standard accepted
practice" (Gellert et al., 2017, p. 1).
References
Baptist Health System. (2014). Text messaging. (Policy 4.6). Retrieved from
Gellert, G. A., Conklin, G. S., & Gibson, L. A. (2017).
Secure clinical texting: patient risk in
high-acuity
care. Perspectives in Health
Information Management, 14. Retrieved from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5430112/[ncbi.nlm.nih.gov].
Protecting health information:
the HIPAA security and breach notification rules. (2014).
Retrieved
from https://www.privacyrights.org/consumer-guides/protecting-health-information-hipaa-security-and-breach-notification-rules
Przybylo, J. A., Wang, A., Loftus, P., Evans, K. H., Chu, I.,
& Shieh, L. (2014). Smarter hospital
communication: Secure smartphone text
messaging improves provider satisfaction and perception of efficacy,
workflow. Journal of Hospital
Medicine, 9 (9), 573-578. doi:10.1002/jhm.2228
Secure communications for healthcare. (2014). Retrieved July
31, 2017, from
https://www.imprivata.com/secure-messaging[imprivata.com]
Stanaland, J. (2016, May 06).
By the numbers: the secure text messaging market. Retrieved
August
04, 2017, from https://www.hieanswers.net/numbers-secure-text-messaging-market/
 |
| Secure text messaging. (2017, July 18). Retrieved from https://www.vocera.com/product/secure-text-messaging |
