Why Secure Messaging is Failing Hospitals
By Ben Moore
Healthcare communications are growing up. Where we were once reliant on interruptive, one-way message pushes; device juggling; and kludgy workflows driven by pager use, modern clinicians have a wealth of tools at their disposal to facilitate effective care coordination.
Yet despite a relatively crowded marketplace (some estimates put the number of secure healthcare messaging providers at over 70) and a market that is ripe for disruption (just ask anyone who still uses a pager if they enjoy it), healthcare messaging solutions still face relatively low adoption, with an estimated 85 percent of hospitals still eschewing smartphones in favor of pagers.
Secure messaging and pagers share a common thread. Neither was specifically designed to address the nuances of healthcare communications. They were mass-market solutions that were adopted by healthcare owing to being in the right place place at the right time.
For pagers, adoption was spurred by the need to deliver around-the-clock care while also allowing providers to (occasionally) leave the hospital. For secure messaging solutions, it was a matter of encrypting PHI that clinicians were transmitting from unsecured personal smartphones, mitigating the risk that came with smartphone use in a clinical setting.
As smartphone use grew organically in healthcare workplaces, HIPAA pitfalls abounded:
- Data remained resident on personal (and often unprotected) devices.
- There was little control or policy enforcement.
- There was no guarantee of SMS message receipt.
- There was no visibility at an organizational level that any communication had occurred at all.
- Clinicians became accustomed to utilizing shorthand codes or acronyms to communicate, increasing the propensity for error.
The end result of this was an enormous financial risk of HIPAA violation and compromised care delivery and confusion in the healthcare setting. Secure messaging vendors sought to correct these problems by handling data through a single vendor, implementing message self-destruction from personal devices, guaranteeing message delivery, supporting rich media such as images and video, and performing integrated directory lookup.
If security is the only concern (and don’t get me wrong—it should be a very big concern), these solutions fit the bill. But if the 85 percent of hospitals still utilizing pagers are any indication, healthcare providers are looking for much more when it comes to enabling mobile communications.
In application beyond HIPAA compliance, secure messaging is falling short in a big way. According to a survey conducted this year, 56 percent of providers felt a lack of useful integrations with other software was the leading reason current providers fell short; 44 percent felt they lacked structure and policy; and 33 percent felt that low user adoption was the biggest hindrance.
Inclusion and integrations must be addressed by secure texting apps. Messages are data in its rawest form. If this information is siloed from other departments (for example, if nurses and physicians use different mediums) or different systems (such as scheduling, EMR, nurse call, and paging systems), it’s useless.
The Joint Commission ruling on secure texting states that mobile order entry is not permitted because basic secure messaging lacks the ability to verify the identity of the sender and record a copy of the original message against the EMR. Integrations with Active Directory and EMR software (in that order) ensure that mobile orders remain compliant. Ask any physician if they’re looking for another way be awakened at 4 a.m. when they’re not on call and you may begin to understand why they’re not falling over themselves to try something new (see “adoption issues.”) This can be easily mitigated by integrating with the on-call schedule to ensure that messages and notifications are automatically routed to the correct on-call party.
In the age of big data and informed decisions – and, we’re told, interoperability — there is no excuse for messaging applications to not pull and push relevant or necessary information from other systems to provide additional context, value, and insight.
Healthcare communications are, by and large, structure- and policy-based. Providers in a clinical setting are familiar with not only which information needs to be captured, but who that information needs to be relayed to and when. Basic messaging such as SMS or chat does absolutely nothing to address this (just look at a millennial’s messaging history to confirm.)
For a healthcare communications application to succeed, it must be able to ensure that the relevant information is being captured, and then navigate a complex web of individual providers, care teams, departments, and schedules to deliver that information to the appropriate individuals. Further, secure communication solutions must provide an automated escalation policy and user confirmation of receipt of critical labs to ensure those results are delivered in a timely manner, according to JCAHO’s National Patient Safety Goals.
To address this, next-generation healthcare messaging solutions are building fail-safes into the software itself, including continuous multi-channel delivery attempts (by text and phone), automated escalation rules and message routing in the event that a recipient is unavailable, and delivery visibility so that senders can conclusively confirm a message has been received.
Lastly, in the world of healthcare technology, particularly communication applications, a product is only as good as the number of people who use it. It’s no surprise that a number of secure messaging implementations have been scrapped or cancelled in the face of low adoption. Concerns about device number privacy, a lack of time to learn a new product, or even, yes, pager attachment (a digital version of Stockholm Syndrome) can prevent secure messaging solutions from being successfully rolled out enterprise-wide.
To overcome these obstacles, solution providers must support dedicated number provisioning (providing a unique phone number that exclusively works for communications within the app), pager network integration and pager functionality via a smartphone app (for the pager holdouts), and driving messaging through integration points (some hospitals use as many as 10 disparate systems, including call centers, scheduling solutions, and so on) and providing a user experience that is, at minimum, better than native SMS functionality on smartphones. Really, it’s not that difficult to do.
As a whole, secure healthcare messaging has a lot of room for improvement. However, with the willingness to listen to customers and the ambition to look beyond simply providing security as a service, the opportunity to transform how healthcare workers communicate, collaborate, and deliver care is there.
Ben Moore is founder and CEO of TelmedIQ of Seattle, WA.