Why Choosing Secure Messaging Platforms Over Pagers is Important for HIPAA Compliance
Is it the End of Paging?
Since changes have been made to the HIPAA Privacy and Security Rules, there has been much talk about HIPAA compliance with respect to pagers. While not particularly mentioning pager communications, the modifications to the Security Rule state that there must be a system of physical, technical and administrative safeguards to make any electronic communication HIPAA-compliant. Alternatively, protected health information (PHI) must not be included in communications.
Many healthcare companies still depend on pagers as a means of communication. When sending PHI using pagers, communications must be encrypted; a system of information accountability must be put in place; and there must be a facility to remotely remove messages to safeguard PHI in case a pager is lost or stolen. There should be a procedure for user authentication on every device, and an automated log-out option to avoid unauthorized PHI access when a pager is left unattended.
Pagers have been an outdated method of communication for many years and many healthcare professionals prefer personal mobile phones for communication rather than pagers. The end of pagers in the medical field won’t be viewed as a loss by many people.Nevertheless, personal mobile phones are governed by the same guidelines as pagers with respect to HIPAA compliance, and thus communications delivered by SMS or electronic mail still need to have the required safeguards implemented to be HIPAA compliant.
Even disregarding pager security, pagers are a time-consuming and ineffective was of communicating. The receiver of a page often needs to call back the message sender to get more information. This leads to phone tag, since the sender and receiver of the message are rarely available at the same time. Miscommunications can easily occur, and the lack of message accountability is likewise a problem with pager communications.
Consistent with a study performed by HIMSS Analytics, numerous senior healthcare professionals continued using pagers because of their “perceived reliance” and their power to reach physicians through the network. Less than one in five healthcare professionals believed that pagers allow them to save time. The majority admitted that much time was being wasted – calculated to be 45 minutes each day per doctor by Ponemon Institute.
The HIMSS Analytics study calculated the average cost of maintaining a pager communications system was $8.40 per month, per user for hospitals with more than 100 beds. Analysts figured that healthcare companies are paying $179,000 per year on average on this “archaic communication technology”. The Ponemon Institute study determined that healthcare organizations are wasting $557,000 every year by the continued use of pagers on lost hours alone.
Secure Messaging Versus Pagers
Secure messaging platforms offer a solution to the problem of HIPAA compliance and pagers. Apps can be installed on desktop computers and mobile devices to allow messages and PHI to be sent securely. The apps work in a similar manner as commercial messaging applications such as iMessage and WhatsApp. The main differences are these solutions have all of the requires controls to ensure compliance with the HIPAA Security Rule.
The apps can only be used by authorized personnel, who must authenticate their identity every time they sign in using a centrally-supplied username and PIN number. As soon as they gain access to the network, messages can be sent and received, medical images shared, and other files can be transferred securely. If doctors forget to sign-out of the application, a time-out function logs them out of the network automatically.
There is 100% message accountability and access logs are generated so system managers can monitor compliance and perform risk assessments. Safety measures are included to avoid accidentally or maliciously sending PHI outside the healthcare company’s network, or copying and pasting messages to other applications or external storage devices. When a mobile device is lost or stolen,communications to the device can be blocked and all messages on the device can be remotely deleted.
The Advantages of Secure Messaging
For healthcare companies thinking about HIPAA compliance and pagers, there are 3 major advantages of secure messaging over pagers – HIPAA compliance, productivity and cost.
Benefits provided by secure messaging solutions include:
- Faster communications cycle
- Streamlining of workflow
- Increased productivity
- Improved coordination of care and faster discharges
- No more phone tag
- Full message accountability
Because secure messaging solutions are cloud-based, there is no complex software installation required. In addition, 87% of doctors (as per a Manhattan Research/Physician Channel Adoption Study) and 67% of nurses (as per a American Nurse Today study) currently use Smartphones at work to “assist their workflow,” and the majority of doctors are already utilizing personal mobile phones in healthcare facilities. As a result, the HIMSS Analytics study computed the average cost of secure messaging to be under $5.00 per authorized user each month.
A number of research studies have been mentioned in support of the use of secure messaging as an ideal substitute for pager messaging to solve issues about HIPAA compliance and pagers. One more research study shows the benefits of secure messaging to patients. The Tepper School of Business of Carnegie Mellon University conducted a research study on patient safety at Pennsylvania Hospitals. They compared “basic” EMRs with EMRs integrated with a secure messaging solution. Aside from benefits such as the sharing of data, eliminating information overload and enhancing collaboration between doctors and researchers, the research team point to the following benefits when integrating a secure messaging solution with an EMR:
- 25% reduction in complications caused by procedures and tests
- 30% less medication errors due to miscommunication and human error
- 27% less patient safety incidents overall
Healthcare organizations worried about HIPAA compliance and using pagers should definitely explore the opportunities offered by secure messaging.