Your artwork is not HIPAA compliant

Chicago art exhibit displays problems of pager use – Non HIPAA Compliant

At OnPage, we have long rallied against pagers, highlighting the problems they cause when used as a form of communication between doctors. In many blogs and whitepapers, we have described how:

  • pagers are not secure
  • pagers are easily hacked
  • pagers enable the leaking of protected patient information(PHI).

Our goal, in persistently extending this message is to encourage physicians and hospital staff to use secure, HIPAA compliant communications instead of pagers. But little that we write could be as powerful as the art instillation created by Brannon Dorsey called Holypager.

One man’s pager is another man’s art

We read about Dorsey’s exhibit in an article that was forwarded to us. His exhibit, Holypager is designed to intercept all POCSAG pager messages sent in the city of Chicago. Once intercepted, the messages are all anonymized and then printed out at the exhibit on one of three rolls of receipt paper. The display makes for a large paper pile-up for gallery visitors to view.

While this might not be everyone’s definition of art, Holypager does none-the-less seem to always elicit a reaction. People seem genuinely surprised that pagers’ messages are so easily hacked. Perhaps, they think, patient information should be held to a higher level of security.

An artist’s message of privacy

Perhaps as surprising as the ease with which the pages are hacked is the source of the messages. Almost all of the messages are sent between doctors and hospital staff. According to Brannon, messages almost all contain:

  • Patient’s first name
  • Patient’s last name
  • Patient’s date of birth
  • Patient diagnosis

I’m sure visitors to the exhibit expressed thoughts such as ‘Isn’t that sort of information supposed to be protected’? Shouldn’t there be some form of encryption on that information?

Yes, pieces of information like name and diagnosis are clearly PHI. Exchanging the information in a manner which is so easily hacked is a clear HIPAA violation. Doctors are violating HIPAA norms when they exchange this information over pagers rather than using HIPAA compliant messaging.

According to HIPAA Standard 164.306 “doctors must ensure the confidentiality of all electronic PHI they transmit and protect against any reasonably anticipated threats or hazards to the security or integrity of such information”.  As the Holypager exhibit demonstrates the standard of confidentiality is far from maintained.

According to Brannon,

Given the severity of the HIPPA Privacy Act, one would assume that appropriate measures would be taken to prevent this information from being publicly accessible to the general public.

The seemingly obvious answer to Brannon’s assumption is that appropriate measures are not being taken. Brannon hopes to show his results to the hospitals whose pages he has intercepted and let them know they need to embrace more secure messaging methods.

Conclusion

The artist believes that his project is meant to serve as a reminder that as the complexity of digital systems increases, humans don’t always develop a corresponding level of literacy about the systems.

Maybe.

But what I think is easy to get across here is that pagers are a technology whose ship has long ago sailed. Perhaps we’d all be much better off if we recognized the need for our physicians to use and maintain HIPAA compliant communications.

 

OnPage Corporation

Share
Published by
OnPage Corporation

Recent Posts

From Tickets to Action: Ensuring Proactive IT Support with Jira and OnPage

We're excited to announce the launch of our bi-directional integration between OnPage and Jira! This…

5 days ago

OpsGenie End of Life? What’s next for OpsGenie users.

If you haven’t heard already (which would be shocking considering the numerous posts I’ve seen…

6 days ago

Reflections from HIMSS 2025: Conversations, Challenges & The Future

HIMSS 2025 is in the books, and after days of conversations, sessions, and navigating the…

3 weeks ago

The Need for Full-Stack Observability

In a recent survey, it was discovered that 57% of software developers' time is spent…

3 weeks ago

From Beeps to Breakthroughs: How Mobile Apps are Taking Over Pagers in Healthcare

In recent years, the healthcare industry has been facing a pivotal shift on the communication…

4 weeks ago

Why OnPage Outperforms Epic Secure Chat for Critical Communication

Electronic Health Records (EHRs) like Epic are undoubtedly pivotal to modern healthcare. With their intuitive…

1 month ago