8 steps for adopting secure messaging technology
How to ensure that texting applications meet HIPAA requirements, support care delivery.
More providers are adopting secure messaging to manage communication, but with many options to choose from, they need help knowing what to look for and what to avoid. “The reality is that many off-the-shelf texting apps can be inefficient and introduce security and safety risks, even if they promise total privacy,” says Benjamin Kanter, MD, chief medical information officer at Vocera Communications, a healthcare technology company that sells secure workflow and communication solutions. He offers eight key steps in implementing the technology.
1. Plan for efficiency
A standalone secure texting product is little better than a pager, Kanter contends. There are no escalations, no active acknowledgement that will let a sender know if the recipient got the message and no context, forcing the recipient to log into the electronic health record to get the information needed to make a decision. Delivery to someone who is going to take responsibility for the information is the key to success.
2. Do more than encrypt
The promise of encryption from a text messaging app isn’t enough, because there are questions to consider before encryption even matters, Kanter explains. What type of encryption protocol is being used? Is there end-to-end encryption? Text vendors should show proof of government and commercial security-related certifications, as well as proof of having passed third-party audits. “Only then is the claim of ‘encryption’ one worth taking seriously,” Kanter explains.
3. Adopt a healthcare-specific solution
Don’t rely on applications that are available on public markets, such as the App Store and Google Play, because most consumer messaging apps are not suitable for the healthcare environment. An app designed for healthcare should adhere to laws and regulations governing healthcare communication.
4. Opt for Interoperability
Clinical information systems provide key contextual data about a patient and create a record of an order, so care members have the same understanding of the patient’s status and needs. Providers should consider how secure messaging apps interface with clinical and other IT systems today and in the future, and to do that effectively, interoperability remains a must.
5. Get ready for BYOD
Adopting secure messaging requires revision of existing bring-your-own-device policies, or the development of a policy if none is in place. “Secure messaging policies and other security considerations should include a chain of custody for mobile devices that ensures proper access as part of the larger enterprise-wide security protocols,” according to Kanter.
6. Consider features that physicians want
You don’t need all the bells and whistles on a messaging app, some of which don’t provide any clinical value or improve collaboration. Still, there are features that doctors may want, such as cellphone number cloaking and profile-based message systems that ensure privacy for physicians, without sacrificing the convenience of secure messaging.
7. Treat messaging like a technology rollout
Secure messaging doesn’t have the high costs and complexities of more comprehensive forms of technology, but it still needs to be taken seriously. Like other implementations, messaging needs pilot tests in specific units; provider feedback; a physician champion named early in the process; and employee buy-in.
8. Make convenience a centerpiece
A text messaging app should simplify clinical workflows and integrate seamlessly with existing systems to ensure continuity of care, Kanter says. An enterprisewide approach to clinical communication and collaboration will put organizations on a path to deliver better experiences for care teams and patients.