Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

Why Secure Text Messaging Is So Much Better Than SMS

Posted on January 14, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

One of my most popular articles of 2013 was titled “Texting is Not HIPAA Secure.” Certainly HIPAA compliance is good enough reason for every healthcare organization to implement a secure text messaging solution in their office. Considering the number of organizations I hear are recklessly sending PHI over SMS, I expect this is going to come back and really hit some organization where it hurts. Plus, you won’t be able to hide since the carriers often save the SMS messages for easy discovery by a legal team (which is another reason why SMS isn’t HIPAA compliant). It might take a major HIPAA violation for the industry to wake up.

HIPAA violation issues aside, there are so many other reasons why a healthcare organization should consider using a secure text messaging solution as opposed to insecure SMS as many do today.

As most of you know, I’m adviser to secure messaging company, docBeat (Full Disclosure). As I’ve worked with docBeat, I’ve been amazed at how much more a secure messaging platform can do beyond the simple messaging that you get with SMS. All of these features make a secure messaging option not just a way to avoid a HIPAA violation, but also a better option than default SMS.

Here’s a look at some of the ways a secure messaging solution like docBeat is better than SMS:

Message Delivered/Read Status – I think this is one of the most underrated features of a secure message solution. With an SMS message you have no idea what’s happening with the message. You have no idea if the message has even been delivered to the recipient, let alone read. We’ve all had times where we receive a SMS message well after it was sent. In the case of docBeat, they have a status indication on each message so you know if the message has been delivered to the recipient and if it’s been read. A simple, but powerful feature.

Secure Text to Groups – While SMS is great for sending a message to one individual, it fails when you want to include an entire group in a conversation. The concept of group messaging is really powerful in so many areas of healthcare. Much like the reply to all in email, you have to be careful not to abuse a group text message, but it’s easier to manage since they’re usually short messages that are easily consumed. In docBeat, they offer this group text messaging to a predefined group of users or to an adhoc group that you create on the fly. I especially like this feature when you need help from any one of many doctors, but you’re not sure which is available to help.

Controlled Message Storage – While this has HIPAA implications, the ability to control and audit the messages that are sent is really valuable for an organization. In the wild world of SMS you have no idea what the carrier is doing with those messages. Once they’re on the phone, there’s not an easy way to wipe them off if something happens to the device. With a secure message solution you can control and audit the secure messages. This might include knowing how many messages are sent, how quickly the messages were read, where the messages are stored, etc.

Mobile and Web – In a healthcare organization there are often a lot of people you want to message who don’t have a mobile phone issued by the organization. This often means those people start using their personal device to SMS providers (not a good thing) or they just can’t participate in the messaging. docBeat runs on the iPhone, Android and the web. In most cases, the web option is a perfect way for the non mobile staff to participate in the messaging. Try making that a reality with SMS.

Quick Messages for Common Responses – While many people have gotten very fast at typing on their cell phone, it still takes some time. One way to streamline this is to use quick canned messages for responses you give all the time. It’s much easier to one click a message like “I’m on my way. Be there in a minute.” than to try and type that message into the phone.

Scheduled Messages – Considering the 24/7 nature of healthcare, there are often times when someone is working late at night, but the message doesn’t need to be read until the next morning. Scheduled messages are a perfect solution for this problem. You can create and schedule the message to get sent at a reasonable time rather than waking the doctor up needlessly.

Secure Attachments – While MMS mostly works, I’ve seen where some telcom providers don’t support attachments using MMS. Unfortunately, the telcom provider doesn’t tell you this and so you have no way of knowing that the attachment you sent never made it to the recipient. Plus, MMS works best for pictures. It doesn’t support the wide variety of document formats that a secure messaging provider can support.

Ability to Send Location with Text – While you have to be careful with this feature, it can be a really nice added value to your organization to know their location. Are they sending you a message at your hospital or at their kids soccer game? Knowing this little piece of information can change your workflow so the patient gets better care.

Message Expiration – We could call this feature the snapchat feature. As we saw with the popularity of snapchat, there are times when you may want a message to only live for a certain duration. As is the case with most data retention policies in healthcare, some organizations love this feature and some hate it. Of course, each institution can choose how they want to use this type of feature. In the SMS world, you don’t have a choice. You’re at the mercy of the telcom providers decisions.

Automatic Message Routing to On Call Individual – One of the great features of docBeat is the ability to identify the On Call individual in a group. This was originally applied to docBeat’s call forwarding functionality, but they recently applied it to their secure messaging as well. Now you can message a provider and if they’re not around it can be auto routed to the on call provider. A powerful concept that wasn’t possible before.

One Messaging Platform – This is going to take a while to see fully fleshed out, but those in healthcare are starting to get messages from a variety of sources: SMS, phone, EHR, HIE, Patient Portal, medical devices, etc. As it stands today, those messages have to be checked and responded to in a number of different ways and locations. Over time, I believe each of these messages will be integrated into one messaging platform. The beauty of a secure messaging platform like docBeat is that it can handle any type of message you throw at it. We’re not far off from the day where a doctor can check her docBeat message list and see messages from all of the sources above. The idea of a unified messaging platform is really beautiful and can’t come soon enough.

I’m sure I’m leaving off other examples that I hope you’ll share in the comments. As I look through this list of secure text messaging benefits over SMS, I think we’re at the point where many will choose a secure messaging solution in healthcare because of the added features and not just to try and avoid a HIPAA violation.

New App Allows For HIPAA-Compliant Group Texting by Clinicians

Posted on June 11, 2012 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

John wrote previously on EMR and HIPAA about the need for HIPAA Secure Texting and a company he’s advising that does secure text messaging called docBeat.

Well, another new app called Medigram is being tested which will allow clinicians to send HIPAA-compliant text messages within a defined group. The app is currently in closed beta with docs at Stanford Hospital, Lucille Packard Children’s Hospital and the Palo Alto VA Hospital, according to iMedicalApps.com.

According to the company, Medigram meets not only HIPAA requirements but also privacy/security provisions in Subtitle D of HITECH.  It does so, in part, by using SSL connections between mobile apps and its servers, as well as NIST-approved 256-bit AES encryption to secure chat data.

Secure texting certainly seems like a good idea, given how mobile-friendly this generation of clinicians has turned out to be.  And it’s hard to argue Medigram’s core pitch, which is that texting is far more interactive than a pager. Given that a surprisingly large number of doctors still use pagers, improving on the model seems like a good thing.

My theory is that the app, if otherwise usable and bug-free, will be a big hit during its beta. If so, I expect to see HIPAA-compliant instant messaging turn up next. Smaller, presumably agile companies specializing in B2B messaging — such as HipChat, Trumpia and 24im — are logical candidates to develop such a utility. (This article outlines several other enterprise IM firms, just in case you want to dig deeper.)

Of course, there’s also Google and Microsoft, both of which have large IM bases. Perhaps creating a secure version of an existing product (such as Messenger) will be less of a marketing challenge than say, HealthVault.

Regardless, I’ll be quite interested to find out how the beta turns out — I’ll keep you posted. Meanwhile, here’s a video in which Medigram describes its product.