We recently had a chance to interview Adam Greene, a lawyer in Washington D.C. with the firm Davis Wright Tremaine LLP. One of Adam’s most intriguing cases occurred in 2014 with a hospital client. This hospital’s doctors and staff used pagers to routinely communicate about a patient’s status or immediate needs. This type of communication is quite routine. However, unbeknownst to the hospital, the sensitive information employees exchanged on pagers was monitored and recorded by individuals outside of the hospital.
Pagers are a dying breed outside of the hospital. However, pagers are still very much alive in medicine. Approximately 90 percent of hospitals still use pagers and on average spend around $180,000 per year on maintaining and updating them. Hospitals continue to alert, message and communicate with doctors by using pagers because administrators find it difficult to replace legacy technologies.
Yet the risks of pagers are underappreciated as technology has escalated faster than the pace of pager development. Pager security in healthcare was designed long before cybercrime and hacking became issues. Due to the lack of encryption or authentication in paging systems, it’s near impossible to verify messages and thwart spoofing attempts.
Hospitals need to consider secure messaging as part of their overall HIPAA compliant strategy. While using a pager is not a HIPAA violation per se, the information exchanged on pagers has to be extremely circumspect and non-descriptive to ensure compliance.
For example, doctors could exchange simple information such as a phone number they should call or the need for cleaned sheets in a hospital room. However, any information that describes something specific about the patient’s condition such as:
The patient in room 2 is HIV positive
could not be exchanged as it represents too high of a risk if the information were intercepted. Even knowing this information though seems to have little impact on doctor behavior as doctors are focused on treating patients. They are not focused on the security of the messages they exchange.
Read our white paper to learn more about pager security in healthcare and how this hospital had its pagers hacked and patient information exposed.
Being “on call” sounds simple: you’re not actively working, but you need to be available…
What's the first thing that comes to mind when you hear the word 'pager?' For…
Zetron Outages Expose the Need for a Real Replacement If your Zetron paging system has…
Intro: When Paging Systems Fail, Teams Need Answers If your Zetron paging system has stopped…
We’re excited to share that OnPage has been recognized as a Sample Vendor in the…
Imagine you’re working on a hospital floor when suddenly a patient’s condition starts to deteriorate.…