Few healthcare organizations restrict the use of messaging apps by employees. This lack of restrictions could pose a risk of violating the Health Insurance Portability and Accountability Act (HIPAA).
- More than half of employees say their company does not have an official mobile messaging platform.
- Almost all employees would use a company-wide mobile messaging platform if their employer decided to implement one.
- The most commonly used messaging apps are not HIPAA-compliant.
Only 8% of healthcare institutions prohibit consumer messaging apps for employee communication, which risks potential violations of the Health Insurance Portability and Accountability Act (HIPAA), according to a recent study conducted by a mobile messaging company.
In addition, only a quarter of healthcare institutions that have an official mobile messaging platform are using an internal, company-authorized app. The rest are recommending or using consumer-oriented messaging apps and services that don’t provide the enterprise-grade security needed to comply with regulations, such as HIPAA, explains Anurag Lal, CEO of Infinite Convergence Solutions, a Chicago-based company that provides messaging technology and conducted the study. (The study results are available online at http://tinyurl.com/hdelajn.)
“The global healthcare industry is under strict privacy and security regulations to protect patient information, but our study finds that the vast majority of healthcare institutions are not using mobile messaging services that are compliant with these regulations,” Lal says. “Healthcare employees communicate inherently sensitive information, like patient prescriptions, medical information, etc., yet their employers do not have the proper mobile messaging security infrastructure in place to adhere to HIPAA or other regulatory requirements.”
The study also found that employees in the healthcare industry use mobile messaging more frequently than voice calling for their business communication, where they most frequently communicate with colleagues. The immediacy of the information employees need to communicate matters most when they are deciding whether to use phone, email, or mobile messaging to reach someone.
However, 51% of healthcare employees say their company doesn’t have an official mobile messaging platform, despite the fact that 92% of these employees would use a company-wide mobile messaging platform if their employer decided to implement one. Sixty-four percent said it would make communication at their job easier, as well.
“We are seeing a rapid adoption of mobile messaging in healthcare as the industry looks to work faster, improve patient care and reduce wasteful spending,” Lal says. “The problem is that many healthcare institutions are not aware that the messaging apps and services that are popular for daily personal use do not follow the administrative, physical, and technical safeguards that HIPAA requires.”
Of the 49% of healthcare employees who say their employer has an official mobile messaging platform, 16% say that platform is GChat and 11% percent say it’s WhatsApp. What’s more, even without an official mobile messaging platform, healthcare institutions recommend employees use consumer mobile messaging apps. None of these messaging apps or services typically follow HIPAA guidelines for messaging security.
“We’ve found that 91% of healthcare employees use mobile messaging at least a few times per week for business communication,” Lal says. “Healthcare institutions need to get serious about meeting their employees’ needs and providing a secure, internal messaging platform that not only allows HIPAA compliance, but also replaces outdated communication systems, like pagers, in order to increase productivity and serve patients faster.”
Like most other people, healthcare employees clearly are fond of the speed and ease that mobile messaging apps bring to communication, Lal says. And it is effective. Research has shown that most people receiving a mobile message respond within 15 minutes, which is much faster than voicemail and email communication, Lal notes.
As messaging becomes increasingly popular for personal communication, it is only natural that it creeps into business because people want the same convenience and effectiveness for work matters. They pay little attention to the security of the app they’re using, Lal says, and they don’t realize that they are subverting the extensive safety measures the employer has implemented for safe communication.
“This is not malicious or intentional, but inevitably patient information is sent between a nurse and physician, or between other physicians and staff. The protected information is transmitted without protection, but people may assume that these popular messaging apps are somehow a one-to-one communication that can’t be breached,” Lal says. “That is not true at all. Using these apps to transmit patient information would violate HIPAA.”
Lal’s advice to risk managers first is to accept that mobile messaging is here to stay. People love using it, and a ban on mobile messaging in the workplace will be met with resistance and little success, he says. The better approach is to develop a policy on use in the workplace that requires staff to use a specified mobile app that is HIPAA-compliant, he suggests.
HIPAA-compliant mobile apps are available from vendors including Netsfere from Infinite Convergence Solutions, TigerText, Spok, and qliqCONNECT from qliqSoft.
“Seek an app that provides simplicity but also the richness that end users are looking for. Present that to the end users so they can continue to be productive and use the advantages of mobile messaging, but in a way that does not compromise their regulatory obligations,” Lal says. “About 20% or 25% of healthcare organizations are aware of this issue and beginning to address it, but the large majority of the healthcare industry is not responding. The level of awareness has not gotten to the point that they believe action has to be taken.”
- Anurag Lal, CEO, Infinite Convergence Solutions, Chicago. Telephone: (224) 764-3400.