One of my most popular articles of 2013 was titled “Texting is Not HIPAA Secure.” Certainly HIPAA compliance is good enough reason for every healthcare organization to implement a secure text messaging solution in their office. Considering the number of organizations I hear are recklessly sending PHI over SMS, I expect this is going to come back and really hit some organization where it hurts. Plus, you won’t be able to hide since the carriers often save the SMS messages for easy discovery by a legal team (which is another reason why SMS isn’t HIPAA compliant). It might take a major HIPAA violation for the industry to wake up.
HIPAA violation issues aside, there are so many other reasons why a healthcare organization should consider using a secure text messaging solution as opposed to insecure SMS as many do today.
As most of you know, I’m adviser to secure messaging company, docBeat (Full Disclosure). As I’ve worked with docBeat, I’ve been amazed at how much more a secure messaging platform can do beyond the simple messaging that you get with SMS. All of these features make a secure messaging option not just a way to avoid a HIPAA violation, but also a better option than default SMS.
Here’s a look at some of the ways a secure messaging solution like docBeat is better than SMS:
Message Delivered/Read Status – I think this is one of the most underrated features of a secure message solution. With an SMS message you have no idea what’s happening with the message. You have no idea if the message has even been delivered to the recipient, let alone read. We’ve all had times where we receive a SMS message well after it was sent. In the case of docBeat, they have a status indication on each message so you know if the message has been delivered to the recipient and if it’s been read. A simple, but powerful feature.
Secure Text to Groups – While SMS is great for sending a message to one individual, it fails when you want to include an entire group in a conversation. The concept of group messaging is really powerful in so many areas of healthcare. Much like the reply to all in email, you have to be careful not to abuse a group text message, but it’s easier to manage since they’re usually short messages that are easily consumed. In docBeat, they offer this group text messaging to a predefined group of users or to an adhoc group that you create on the fly. I especially like this feature when you need help from any one of many doctors, but you’re not sure which is available to help.
Controlled Message Storage – While this has HIPAA implications, the ability to control and audit the messages that are sent is really valuable for an organization. In the wild world of SMS you have no idea what the carrier is doing with those messages. Once they’re on the phone, there’s not an easy way to wipe them off if something happens to the device. With a secure message solution you can control and audit the secure messages. This might include knowing how many messages are sent, how quickly the messages were read, where the messages are stored, etc.
Mobile and Web – In a healthcare organization there are often a lot of people you want to message who don’t have a mobile phone issued by the organization. This often means those people start using their personal device to SMS providers (not a good thing) or they just can’t participate in the messaging. docBeat runs on the iPhone, Android and the web. In most cases, the web option is a perfect way for the non mobile staff to participate in the messaging. Try making that a reality with SMS.
Quick Messages for Common Responses – While many people have gotten very fast at typing on their cell phone, it still takes some time. One way to streamline this is to use quick canned messages for responses you give all the time. It’s much easier to one click a message like “I’m on my way. Be there in a minute.” than to try and type that message into the phone.
Scheduled Messages – Considering the 24/7 nature of healthcare, there are often times when someone is working late at night, but the message doesn’t need to be read until the next morning. Scheduled messages are a perfect solution for this problem. You can create and schedule the message to get sent at a reasonable time rather than waking the doctor up needlessly.
Secure Attachments – While MMS mostly works, I’ve seen where some telcom providers don’t support attachments using MMS. Unfortunately, the telcom provider doesn’t tell you this and so you have no way of knowing that the attachment you sent never made it to the recipient. Plus, MMS works best for pictures. It doesn’t support the wide variety of document formats that a secure messaging provider can support.
Ability to Send Location with Text – While you have to be careful with this feature, it can be a really nice added value to your organization to know their location. Are they sending you a message at your hospital or at their kids soccer game? Knowing this little piece of information can change your workflow so the patient gets better care.
Message Expiration – We could call this feature the snapchat feature. As we saw with the popularity of snapchat, there are times when you may want a message to only live for a certain duration. As is the case with most data retention policies in healthcare, some organizations love this feature and some hate it. Of course, each institution can choose how they want to use this type of feature. In the SMS world, you don’t have a choice. You’re at the mercy of the telcom providers decisions.
Automatic Message Routing to On Call Individual – One of the great features of docBeat is the ability to identify the On Call individual in a group. This was originally applied to docBeat’s call forwarding functionality, but they recently applied it to their secure messaging as well. Now you can message a provider and if they’re not around it can be auto routed to the on call provider. A powerful concept that wasn’t possible before.
One Messaging Platform – This is going to take a while to see fully fleshed out, but those in healthcare are starting to get messages from a variety of sources: SMS, phone, EHR, HIE, Patient Portal, medical devices, etc. As it stands today, those messages have to be checked and responded to in a number of different ways and locations. Over time, I believe each of these messages will be integrated into one messaging platform. The beauty of a secure messaging platform like docBeat is that it can handle any type of message you throw at it. We’re not far off from the day where a doctor can check her docBeat message list and see messages from all of the sources above. The idea of a unified messaging platform is really beautiful and can’t come soon enough.
I’m sure I’m leaving off other examples that I hope you’ll share in the comments. As I look through this list of secure text messaging benefits over SMS, I think we’re at the point where many will choose a secure messaging solution in healthcare because of the added features and not just to try and avoid a HIPAA violation.