When it comes to communications, there is no more heavily regulated industry than healthcare. Patient privacy is taken very seriously, with HIPAA (the Health Insurance Portability and Accountability Act) defining stringent limits on how healthcare providers can communicate and share patient data electronically. But here’s the challenge. Doctors and nurses are all walking around with smartphones and small tablets in their lab coats and are used to communicating rapid fire via text in their real life every day. It seems to follow that doing the same thing at work would save time, streamline workflows and improve patient care. However, if they send a text containing patient information, they are breaking the law.
"Hospitals all have policies in place clearly stating that caregivers cannot use SMS,” says Rich Quattrochi, Vice President of Business Development at Mutare Software, a company specializing in secure unified messaging solutions, “but many doctors and nurses are doing it anyway.” This is a problem, because as soon as they send or receive a SMS message over their network, they are violating HIPAA and opening up lines of communication that are difficult to track and recreate.
Security and Reporting Challenges with SMS
SMS is inherently a risky communications solution. Text messages are not encrypted either in transit or at rest, and if a phone doesn’t have a passcode on it, a lost phone will provide access to all text messages. According to Quattrocchi, “Even if your phone does have a passcode, standard text messages pop up on screen allowing anyone nearby to see them. This alone is a HIPAA violation.”
Another concerns with text messages is the lack of tracking, logging and reporting capability. If healthcare workers are using their personal devices for communication, the chain of activity related to individual cases is extremely difficult if not impossible to recreate. “This can become a huge liability nightmare for hospitals in cases where there are non-optimal outcomes,” explained Quattrocchi. “Having an audit trail with secure data retention is a must have for all types of patient related communications.”
And it is not just healthcare businesses. Financial service organizations face many of the same challenges. These organizations have extremely stringent policies that they set themselves in many cases. Most won’t allow communications even via email, unless it is secure email (for example through their website/client portal, behind their firewall), and it is illegal to leave any orders or trade execution details on a voicemail. They are certainly not going to allow for texting with clients via SMS. But what if their customers are demanding it?
Secure Messaging Apps Deliver Security, Visibility, Accountability
All of these things don’t take away from the fact that there are many ways to use personal tech to streamline workflows and professionals are already doing so. To jumpstart improvements, many individual doctors and nurses are looking towards “Free Texting” solutions that allow them to invite colleagues to text with them in an encrypted manner via a closed channel. These are often utilized outside of the hospital’s IT policy and, while an improvement, can result in data security, compliance and legal considerations that may not have been expected. For example, what happens when a provider leaves a hospital and all conversations leave with them?
To provide professionals with the ability to communicate more efficiently and securely while ensuring compliance, solutions like Mutare’s Vital Link platform deliver enterprise grade solutions specifically designed to address these challenges with mobile apps tied into a secure cloud-based environment. Key capabiloities organizations should be looking for at a minimum include closed-loop encrypted communication between team members, the ability to securely share photos and file attachments within a conversation, the tracking of conversation history and the status of individual participants, and the ability to disable an employee and scrub client / patient conversations if they leave your company.
“For financial firms and financial transactions, all these things apply as well,” says Quattrocchi. “it is about ensuring the user is authenticated, via username and password, or even better, confirmed with biometrics and everything must be tracked and retained and an audit trail must be maintained for future analysis and assessment..
You’re still not seeing a lot of texting or SMS in the business world, and the challenges highlighted by regulations like HIPAA and PCI demonstrate why. Leveraging a platform for secure mobile collaboration that provides businesses with the confidence that their communications are safe, trackable and can be reported on is the next step on the road to better customer and patient care.