Healthcare thought-leadership

OnPage Report: The impact of not securing healthcare communications

Recent data from the Journal of Hospital Medicine highlights the battle for secure healthcare communications. Unfortunately, the battle is not progressing as well as one could hope. The statistics cited in the Journal’s July 2017 publication cite the following statistics:

  • Almost 80% of clinicians continue to use pagers. It is the most commonly used technology by hospital-based clinicians
  • 53% of clinicians use text messaging to exchange patient care information
  • 22% exchange text messages that include identifiable patient information
  • Relatively few hospitals have fully implemented secure mobile messaging applications

Besides pointing to the progress that remains to be done, these statistics also force us to consider what are the impacts that result from this lack of adoption? Yes, there will probably be more HIPAA fines. Some of those fines might be quite large and expensive. But are there damages beyond fines? The answer is, unfortunately, yes. Beyond the fines are the damages that will result from breached data as a direct result of unencrypted data.

Breadth of unsecure messaging

Many nurses, physicians and administrators continue to remain uneducated about the necessity of using secure messaging in their exchanges with colleagues.  Simply stated, healthcare workers don’t enter their industry to think about message security and encryption. For most healthcare providers, encryption in healthcare is just another nuisance that gets between them and their patients. As one source noted,

[I]t is unclear if resident providers are aware of the security concerns of SMS text messaging when communicating about patient care.

To further highlight this fact, many practitioners continue to routinely use unsecure applications for communications such as Facebook and GChat. In fact 52 percent of respondents in a survey said they use SMS/MMS text messages in addition to other popular messaging platforms such as Facebook Messenger, GChat, and WhatsApp. Sadly, many users believe that these third-party platforms are at least somewhat secure.

A major reason why practitioners often text is to avoid the time consuming “message and wait” protocols that pagers demand. By using text messaging, users get much quicker responses and can resolve issues more quickly. But while texting addresses timeliness, standard SMS is not HIPAA-compliant. For that matter, neither are the GChat, WhatsApp or other applications that practitioners often use.

One journal noted that hospital administrators can continue telling nurses and clinicians that they cannot text and that it is unsafe. However, at the end of the day:

Not [texting] is not practical. Without us providing some kind of an option, telling them not to do it is an exercise in futility.

As a result of this lack of encryption, the healthcare industry, from doctors to insurance companies are hemorrhaging patient data. Since 2009, over 29.3 million patient health records have been compromised in data breaches. Despite calls for more security, and legislation like HITECH and HIPAA, the healthcare industry is still struggling to protect its patients.

Messages going rogue

When unsecured devices are used, the exchanged messages are not encrypted and password protected. Additionally, there is no defined list of who can receive the messages so messages can be passed to an unintended individual. As such, if the content of those messages gets into the wrong hands then the content can be used for unintended purposes.

Healthcare is the most vulnerable sector of the US economy when it comes to breaches of patient health information. Healthcare tops the list of the most cyber-attacked industries.  In 2015, one in three Americans were the victim of healthcare data breaches. This figure translates into more than 11 million[6] individuals’ data being lost due to hacking or IT incidents in the U.S. alone. The leading cause of breaches was lost and stolen devices such as smartphone.

In the case of smartphones, many hospitals either explicitly or implicitly allow practitioners to bring their own device (BYOD). With the inherent challenges around developing adequate security measures for messaging on personal devices, sensitive data is left exposed. Many executive have stories of doctors and nurses designing work-arounds that bypass safety and security protocols, or simply using their devices in defiance of HIPAA standards. The issue becomes that if these devices are lost or stolen devices, hospitals and clinics have no way to wipe the device nor do they have encryption and passwords on messaging applications that would prevent improper use of the information.

Mobile devices remain a key access point for PHI and when lost or stolen, the information on the devices often results in costly data leaks. Demand for BYOD is significant among healthcare professionals with approximately 85 percent of healthcare professionals bringing their own devices to work. Given these statistics, it is likely that smartphone use will continue to grow in healthcare and that possibilities for stolen healthcare information will grow alongside it.

Further heightening insecurity about data leaks and cyberattacks, cybersecurity experts agree that it’s not a matter of if or when your data will be hacked, but whether you’ll know your data was hacked.

Download the White Paper to read the rest.

Shawn Lazarus

Share
Published by
Shawn Lazarus

Recent Posts

OnPage’s Strategic Edge Earns Coveted ‘Challenger’ Spot in 2024 Gartner MQ for Clinical Communication & Collaboration

Gartner’s Magic Quadrant for CC&C recognized OnPage for its practical, purpose-built solutions that streamline critical…

2 days ago

Site Reliability Engineer’s Guide to Black Friday

Site Reliability Engineer’s Guide to Black Friday   It’s gotten to the point where Black Friday…

2 weeks ago

Cloud Engineer – Roles and Responsibilities

Cloud engineers have become a vital part of many organizations – orchestrating cloud services to…

1 month ago

The Vitals Signs: Why Managed IT Services for Healthcare?

Organizations across the globe are seeing rapid growth in the technologies they use every day.…

1 month ago

How Effective are Your Alerting Rules?

How Effective Are Your Alerting Rules? Recently, I came across this Reddit post highlighting the…

2 months ago

Using LLMs for Automated IT Incident Management

What Are Large Language Models?  Large language models are algorithms designed to understand, generate, and…

2 months ago