Relias Media - Continuing Medical Education Publishing

The trusted source for

healthcare information and

CONTINUING EDUCATION.

  • Sign In
  • Sign Out
  • MyAHC
    • Home
      • Home
      • Newsletters
      • Blogs
      • Archives
      • CME/CE Map
      • Shop
    • Emergency
      • All Products
      • Publications
      • Study Guides
      • Webinars
      • Group Sales
    • Hospital
      • All Products
      • Publications
      • Study Guides
      • Webinars
      • Group Sales
    • Clinical
      • All Products
      • Publications
      • Study Guides
      • Webinars
      • Group Sales
    • All Access
      • Subscribe Now
      • My Subscription
    • My Account
      • My Subscriptions
      • My Content
      • My Orders
      • My CME/CE
      • My Transcript
    Home » The Risk of HIPAA Violations and Messaging Apps

    The Risk of HIPAA Violations and Messaging Apps

    Txt
    February 1, 2016
    No Comments
    Reprints
    Facebook Twitter Linkedin Share Share

    Related Articles

    HIPAA Regulatory Alert: Insurance policy to cover violations of HIPAA rules

    HIPAA Regulatory Alert: HHS increases penalties for HIPAA violations

    HIPAA Regulatory Alert: Make these changes to avoid HIPAA violations

    Related Products

    UMass Settles HIPAA Violations After Malware Infection

    Smartphone apps are a new frontier for minimal risk studies

    Anthem refuses audit by Office of Inspector General before and after massive HIPAA breach

    EXECUTIVE SUMMARY

    Few healthcare organizations restrict the use of messaging apps by employees. This lack of restrictions could pose a risk of violating the Health Insurance Portability and Accountability Act (HIPAA).

    • More than half of employees say their company does not have an official mobile messaging platform.
    • Almost all employees would use a company-wide mobile messaging platform if their employer decided to implement one.
    • The most commonly used messaging apps are not HIPAA-compliant.

    Only 8% of healthcare institutions prohibit consumer messaging apps for employee communication, which risks potential violations of the Health Insurance Portability and Accountability Act (HIPAA), according to a recent study conducted by a mobile messaging company.

    In addition, only a quarter of healthcare institutions that have an official mobile messaging platform are using an internal, company-authorized app. The rest are recommending or using consumer-oriented messaging apps and services that don’t provide the enterprise-grade security needed to comply with regulations, such as HIPAA, explains Anurag Lal, CEO of Infinite Convergence Solutions, a Chicago-based company that provides messaging technology and conducted the study. (The study results are available online at http://tinyurl.com/hdelajn.)

    “The global healthcare industry is under strict privacy and security regulations to protect patient information, but our study finds that the vast majority of healthcare institutions are not using mobile messaging services that are compliant with these regulations,” Lal says. “Healthcare employees communicate inherently sensitive information, like patient prescriptions, medical information, etc., yet their employers do not have the proper mobile messaging security infrastructure in place to adhere to HIPAA or other regulatory requirements.”

    The study also found that employees in the healthcare industry use mobile messaging more frequently than voice calling for their business communication, where they most frequently communicate with colleagues. The immediacy of the information employees need to communicate matters most when they are deciding whether to use phone, email, or mobile messaging to reach someone.

    However, 51% of healthcare employees say their company doesn’t have an official mobile messaging platform, despite the fact that 92% of these employees would use a company-wide mobile messaging platform if their employer decided to implement one. Sixty-four percent said it would make communication at their job easier, as well.

    “We are seeing a rapid adoption of mobile messaging in healthcare as the industry looks to work faster, improve patient care and reduce wasteful spending,” Lal says. “The problem is that many healthcare institutions are not aware that the messaging apps and services that are popular for daily personal use do not follow the administrative, physical, and technical safeguards that HIPAA requires.”

    Of the 49% of healthcare employees who say their employer has an official mobile messaging platform, 16% say that platform is GChat and 11% percent say it’s WhatsApp. What’s more, even without an official mobile messaging platform, healthcare institutions recommend employees use consumer mobile messaging apps. None of these messaging apps or services typically follow HIPAA guidelines for messaging security.

    “We’ve found that 91% of healthcare employees use mobile messaging at least a few times per week for business communication,” Lal says. “Healthcare institutions need to get serious about meeting their employees’ needs and providing a secure, internal messaging platform that not only allows HIPAA compliance, but also replaces outdated communication systems, like pagers, in order to increase productivity and serve patients faster.”

    Like most other people, healthcare employees clearly are fond of the speed and ease that mobile messaging apps bring to communication, Lal says. And it is effective. Research has shown that most people receiving a mobile message respond within 15 minutes, which is much faster than voicemail and email communication, Lal notes.

    As messaging becomes increasingly popular for personal communication, it is only natural that it creeps into business because people want the same convenience and effectiveness for work matters. They pay little attention to the security of the app they’re using, Lal says, and they don’t realize that they are subverting the extensive safety measures the employer has implemented for safe communication.

    “This is not malicious or intentional, but inevitably patient information is sent between a nurse and physician, or between other physicians and staff. The protected information is transmitted without protection, but people may assume that these popular messaging apps are somehow a one-to-one communication that can’t be breached,” Lal says. “That is not true at all. Using these apps to transmit patient information would violate HIPAA.”

    Lal’s advice to risk managers first is to accept that mobile messaging is here to stay. People love using it, and a ban on mobile messaging in the workplace will be met with resistance and little success, he says. The better approach is to develop a policy on use in the workplace that requires staff to use a specified mobile app that is HIPAA-compliant, he suggests.

    HIPAA-compliant mobile apps are available from vendors including Netsfere from Infinite Convergence Solutions, TigerText, Spok, and qliqCONNECT from qliqSoft.

    “Seek an app that provides simplicity but also the richness that end users are looking for. Present that to the end users so they can continue to be productive and use the advantages of mobile messaging, but in a way that does not compromise their regulatory obligations,” Lal says. “About 20% or 25% of healthcare organizations are aware of this issue and beginning to address it, but the large majority of the healthcare industry is not responding. The level of awareness has not gotten to the point that they believe action has to be taken.”

    Source

    • Anurag Lal, CEO, Infinite Convergence Solutions, Chicago. Telephone: (224) 764-3400.

    Post a comment to this article

    Report Abusive Comment

    www.reliasmedia.com

    Healthcare Risk Management

    View PDF
    Healthcare Risk Management (Vol. 38, No. 2) February 2016
    February 1, 2016

    Table Of Contents

    Give special attention to the ED, or face significant liability

    Hospital revamps its security after psychiatric patient kills tech

    The Risk of HIPAA Violations and Messaging Apps

    Fear of repercussions different among nurses and doctors, report says

    OIG’s 2016 Work Plan includes HIPAA and provider-based clinics

    ASCs, lab billing also in OIG’s sights

    University of Rochester Medical Center settles after HIPAA breaches

    Undiagnosed bacterial meningitis in infant results in brain damage, verdict in excess of $10 million

    Failure to clear airway in a timely manner leads to permanent brain damage, $20 million plus verdict

    Begin Test

    Buy this Issue/Course

    Financial Disclosure: Author Greg Freeman, Executive Editor Joy Daughtery Dickinson, and Nurse Planner Maureen Archambault report no consultant, stockholder, speaker’s bureau, research, or other financial relationships with companies having ties to this field of study. Arnold Mackles, MD, MBA, LHRM, physician reviewer, discloses that he is an author and advisory board member for The Sullivan Group and that he is owner, stockholder, presenter, author, and consultant for Innovative Healthcare Compliance Group.

    Shop Now: Search Products

    • Subscription Publications
    • Books & Study Guides
    • Webinars
    • Group & Site
      Licenses
    • State CME/CE
      Requirements

    Webinars And Events

    View All Events
    • Home
      • Home
      • Newsletters
      • Blogs
      • Archives
      • CME/CE Map
      • Shop
    • Emergency
      • All Products
      • Publications
      • Study Guides
      • Webinars
      • Group Sales
    • Hospital
      • All Products
      • Publications
      • Study Guides
      • Webinars
      • Group Sales
    • Clinical
      • All Products
      • Publications
      • Study Guides
      • Webinars
      • Group Sales
    • All Access
      • Subscribe Now
      • My Subscription
    • My Account
      • My Subscriptions
      • My Content
      • My Orders
      • My CME/CE
      • My Transcript
    • Help
    • Search
    • About Us
    • Sign In
    • Register
    Relias Media - Continuing Medical Education Publishing

    The trusted source for

    healthcare information and

    CONTINUING EDUCATION.

    Customer Service

    customerservice@reliasmedia.com

    U.S. and Canada: 1-800-688-2421

    International +1-404-262-5476

    Accounts Receivable

    1-800-370-9210
    ReliasMedia_AR@reliasmedia.com

    Mailing Address

    • 1010 Sync St., Suite 100
      Morrisville, NC 27560-5468
      USA

    © 2021 Relias. All rights reserved.

    Do Not Sell My Personal Information  Privacy Policy  Terms of Use  Contact Us  Reprints  Group Sales

    For DSR inquiries or complaints, please reach out to Wes Vaux, Data Privacy Officer, DPO@relias.com

    Design, CMS, Hosting & Web Development :: ePublishing