Seven reasons you should tackle insecure texting in healthcare
Risks of insecure texting in healthcare
Many hospitals understand the limits of pagers in hindering communications. They see how pagers inhibit a robust communication system for the institution. As BYOD (bring your own device) increases in popularity, doctors are increasingly turning to texting as an easy way to communicate with one another and exchange patient information. Yet text messaging is not a secure form of communication and using texting brings with it a set of serious consequences.
The goal of this blog is to highlight the impacts of insecure texting on healthcare. Using insecure texting methods not only impacts security, it also has the capacity to extend to impacting the overall security and vulnerability of the hospital.
Insecure texting impedes quality of patient care
By using standard texting in pursuit of patient care, text messages get mixed in with personal contact texts on a mobile device. This can easily lead to sending important and personal healthcare information to the wrong recipient.
Furthermore, by using standard text messages, physicians are unable to combine the robustness of adding images, documents, voice recordings, x-rays or other pertinent information that would add to the information provided by a text. Doctors, nurses and colleagues are looking for robust functionality and interface capabilities. With standard texting, the robust information healthcare officials need and wat stays outside the communication and cannot be exchanged. These components are key to ensuring effective handoff.
Indeed, ineffective hand-off communication is recognized as a critical patient safety problem in health care. An estimated 80% of serious medical errors involve miscommunication between caregivers during the transfer of patients. Miscommunication causes mismanaged care and inevitably patient harm.
Insecure texting risks HIPAA violation
While texting addresses some of the timeliness issues healthcare workers face, standard SMS is not HIPAA-compliant. In a study of one particular hospital, it was noted that more than half of its clinicians used text messaging despite repeated warnings from IT. By failing to meet the standards of HIPAA compliance, physicians risk running afoul of HHS regulations and incurring significant fines.
Let’s face it. Texting is not part of a HIPAA compliant policy. Standard text messaging makes it possible for any person with access to a health care provider’s mobile device to view or reply to a message instead of the intended recipient. Text messaging services also offer little protection from the most significant danger to the privacy and security of texted ePHI: the unintended recipient.
Even the potential for such an occurrence can leave institutions afoul of HHS regulation. This was the case of a nursing home in North Carolina where a doctor and nurse exchanged unsecured messages about a patient. The result was, among many other mea culpas, having to send a letter to all patients and their families letting them know of their use of insecure texting.
Conclusion
Clinics and hospitals are trying to achieve the right balance of security and freedom around texting. Banning texting on BYODs is clearly not the answer. If administrators try to do so, they run the risk of mitigating the effectiveness of their teams. Policies that are adopted need to be created with doctors and nurses in mind and need to enable a secure messaging platform.
To read 5 more risks of insecure texting, download our whitepaper.