miSecureMessages Secure Messaging App Part 1 of 2 - Protecting ePHI
Protecting electronic patient health information (ePHI) has become even more critical since the healthcare industry has transitioned away from paper-based processes and into a more connected, electronic delivery model. Patient privacy and security is front and center in the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH).
Traditional messaging among healthcare providers often fail to meet the requirements of the current laws, leaving patient data vulnerable and providers liable for potential HIPAA violations. Providers are expected to protect against reasonably anticipated threats to security and impermissible uses and disclosures. They also must ensure compliance with these procedures by their workforce.
Healthcare providers need up-to-date messaging solutions that are secure, accurate, reliable, and immediate, ensuring compliance and improving patient satisfaction. Failure to protect ePHI can result in extremely costly fines levied by the Office of Civil Rights (OCR). The OCR performs random audits of healthcare organizations and their business associates, and breaches can also be reported to them.
According to a recent whitepaper from Protenus, a healthcare IT company specializing in protecting patient health data, breaches in the U.S. healthcare field cost $6.2 billion annually. The average HIPAA settlement fine is approximately $1.1 million and is increasing.
Secure Messaging and the Clinical Decision Support System
Currently, many healthcare providers still rely on paging systems to send messages to staff members. But pagers are a 1950s technology that is quickly being phased out and rendered obsolete by smart device technology. That’s why some hospitals have transitioned to SMS text messaging and e-mail, which staff members access on their mobile devices.
None of these communications methods are intrinsically secure. Pagers and mobile devices can be lost or left unattended, allowing unauthorized parties to access messages or e-mails. Even a doctor handing his phone to his son to play a game can potentially create a HIPAA violation if a patient-specific text is accessible on the device.
Providers are moving to consolidate devices, if favor of a a single, consistent messaging platform, that is secure and encrypted, and shifting away from pagers and other outdated technology.
An example of a secure messaging platform is our miSecureMessages app. miSecureMessages is a HIPAA and HITECH-compliant messaging application, that enables healthcare professionals to send fully encrypted messages to smart devices, ensuring privacy while leveraging technology that most physicians and staff already use. This technology can reduce costs, enhance service to patients, and improve the clinical decision support system (CDSS) in the process.
miSecureMessages sends and receives encrypted messages via smart devices and desktops. Clinical staff can send texts, photos, videos, and audio files securely. Recipients are notified about incoming messages via customizable, visual and audio alerts and can reply to an entire group or care team, just the person who sent the message, or someone else within the group. Busy staff can send quick phrases with a single touch or use the voice-to-text mode to speak a message into their device, which is then automatically converted into text. The app also provides a fully auditable record of all messages, as required by the Joint Commission.
The application issues a specific alert until the message is read, and can override the device’s settings with custom visual and audio alerts so important messages are immediately recognized and responded to. If a user is unavailable, they can turn the app off in order to stop receipt of new notifications and their “off” status is indicated to anyone attempting to send them a message.
A passcode or fingerprint scan can be set as a requirement to open the app. If a mobile device is lost or stolen, a network administrator can deactivate the individual miSecureMessages license remotely. Messages themselves are never actually downloaded onto the device - ensuring they are secure. This protects patient data without requiring a complete remote wipe of the mobile device. This way, once the device is recovered, users still have access to all of their personal data and contacts and can begin using the secure messaging solution again.
The solution works on both cellular data and WiFi-based wireless networks, and provides an unlimited alphanumeric character display for messages, as well as an unlimited number of messages per user. Users can message colleagues directly (device to device), and even send messages to entire care teams.