Home » Readers Write » Currently Reading:

Readers Write: Why Secure Messaging is Failing Hospitals

April 27, 2016 Readers Write 2 Comments

Why Secure Messaging is Failing Hospitals
By Ben Moore


Healthcare communications are growing up. Where we were once reliant on interruptive, one-way message pushes; device juggling; and kludgy workflows driven by pager use, modern clinicians have a wealth of tools at their disposal to facilitate effective care coordination.

Yet despite a relatively crowded marketplace (some estimates put the number of secure healthcare messaging providers at over 70) and a market that is ripe for disruption (just ask anyone who still uses a pager if they enjoy it), healthcare messaging solutions still face relatively low adoption, with an estimated 85 percent of hospitals still eschewing smartphones in favor of pagers.

Secure messaging and pagers share a common thread. Neither was specifically designed to address the nuances of healthcare communications. They were mass-market solutions that were adopted by healthcare owing to being in the right place place at the right time.

For pagers, adoption was spurred by the need to deliver around-the-clock care while also allowing providers to (occasionally) leave the hospital. For secure messaging solutions, it was a matter of encrypting PHI that clinicians were transmitting from unsecured personal smartphones, mitigating the risk that came with smartphone use in a clinical setting.

As smartphone use grew organically in healthcare workplaces, HIPAA pitfalls abounded:

  • Data remained resident on personal (and often unprotected) devices.
  • There was little control or policy enforcement.
  • There was no guarantee of SMS message receipt.
  • There was no visibility at an organizational level that any communication had occurred at all.
  • Clinicians became accustomed to utilizing shorthand codes or acronyms to communicate, increasing the propensity for error.

The end result of this was an enormous financial risk of HIPAA violation and compromised care delivery and confusion in the healthcare setting. Secure messaging vendors sought to correct these problems by handling data through a single vendor, implementing message self-destruction from personal devices, guaranteeing message delivery, supporting rich media such as images and video, and performing integrated directory lookup.

If security is the only concern (and don’t get me wrong—it should be a very big concern), these solutions fit the bill. But if the 85 percent of hospitals still utilizing pagers are any indication, healthcare providers are looking for much more when it comes to enabling mobile communications.

In application beyond HIPAA compliance, secure messaging is falling short in a big way. According to a survey conducted this year, 56 percent of providers felt a lack of useful integrations with other software was the leading reason current providers fell short; 44 percent felt they lacked structure and policy; and 33 percent felt that low user adoption was the biggest hindrance.

Inclusion and integrations must be addressed by secure texting apps. Messages are data in its rawest form. If this information is siloed from other departments (for example, if nurses and physicians use different mediums) or different systems (such as scheduling, EMR, nurse call, and paging systems), it’s useless.

The Joint Commission ruling on secure texting states that mobile order entry is not permitted because basic secure messaging lacks the ability to verify the identity of the sender and record a copy of the original message against the EMR. Integrations with Active Directory and EMR software (in that order) ensure that mobile orders remain compliant. Ask any physician if they’re looking for another way be awakened at 4 a.m. when they’re not on call and you may begin to understand why they’re not falling over themselves to try something new (see “adoption issues.”) This can be easily mitigated by integrating with the on-call schedule to ensure that messages and notifications are automatically routed to the correct on-call party.

In the age of big data and informed decisions – and, we’re told, interoperability — there is no excuse for messaging applications to not pull and push relevant or necessary information from other systems to provide additional context, value, and insight.

Healthcare communications are, by and large, structure- and policy-based. Providers in a clinical setting are familiar with not only which information needs to be captured, but who that information needs to be relayed to and when. Basic messaging such as SMS or chat does absolutely nothing to address this (just look at a millennial’s messaging history to confirm.)

For a healthcare communications application to succeed, it must be able to ensure that the relevant information is being captured, and then navigate a complex web of individual providers, care teams, departments, and schedules to deliver that information to the appropriate individuals. Further, secure communication solutions must provide an automated escalation policy and user confirmation of receipt of critical labs to ensure those results are delivered in a timely manner, according to JCAHO’s National Patient Safety Goals.

To address this, next-generation healthcare messaging solutions are building fail-safes into the software itself, including continuous multi-channel delivery attempts (by text and phone), automated escalation rules and message routing in the event that a recipient is unavailable, and delivery visibility so that senders can conclusively confirm a message has been received.

Lastly, in the world of healthcare technology, particularly communication applications, a product is only as good as the number of people who use it. It’s no surprise that a number of secure messaging implementations have been scrapped or cancelled in the face of low adoption. Concerns about device number privacy, a lack of time to learn a new product, or even, yes, pager attachment (a digital version of Stockholm Syndrome) can prevent secure messaging solutions from being successfully rolled out enterprise-wide.

To overcome these obstacles, solution providers must support dedicated number provisioning (providing a unique phone number that exclusively works for communications within the app), pager network integration and pager functionality via a smartphone app (for the pager holdouts), and driving messaging through integration points (some hospitals use as many as 10 disparate systems, including call centers, scheduling solutions, and so on) and providing a user experience that is, at minimum, better than native SMS functionality on smartphones. Really, it’s not that difficult to do.

As a whole, secure healthcare messaging has a lot of room for improvement. However, with the willingness to listen to customers and the ambition to look beyond simply providing security as a service, the opportunity to transform how healthcare workers communicate, collaborate, and deliver care is there.

Ben Moore is founder and CEO of TelmedIQ of Seattle, WA.

HIStalk Featured Sponsors


Currently there are "2 comments" on this Article:

  1. If you expect to be viewed as credible when citing a survey or statistics you must include the source, even if (or especially if) it’s an internal survey. Of the 70+ vendors in the secure texting space, there’s a small group that are 3rd generation and exclusively healthcare based that have already overcome the obstacles the author describes. Seek out vendors who have experience in hospital systems integration and who are knowledgeable about data and communications flow prior to the secure texting evolution. Their references will tell you whether the technology and those who support it are credible and valuable vendor partners. Healthcare technology has always had and will always have unique requirements which separate out consumer based technology trying to adapt to such a demanding market.

  2. Hi Chris, thanks for your comment! To address your concerns, the survey cited was conducted internally during a well-attended webinar we held on this exact topic; if you’d like to view the results, I invite you to visit https://www.telmediq.com/resource/secure-text-messaging-apps-failing-hospitals/. I apologize for not linking to it in the original article, but the platform didn’t allow for it.

    Secondly, I wholeheartedly agree that there are healthcare-focused messaging apps that do address the nuances of healthcare communications workflow beyond security, but I’d be hesitant refer to these as ‘secure texting apps’—indeed, it almost feels like a disservice to do so. We refer to TelmedIQ as a ‘healthcare communications hub’, a centralized platform to collect and disseminate relevant information from a wide variety of entry points; however, with the relative adoption of ‘secure texting’ solutions remaining so low, I’d suggest that the market at large has some catching up to do. According to Gartner research, we’re at a point where early adopters of secure messaging are eschewing their original point solutions in favor of more fully realized platforms—a trend that I imagine we will see continue.

    Lastly, I completely agree with your point regarding references—the most effective way to demonstrate the utility of a product is to speak to those already using it on the ground. I appreciate you taking the time to share your feedback and would love to discuss with you further, if you’d like—feel free to shoot me an email!

Founding Sponsors


Platinum Sponsors




















































Gold Sponsors













Reader Comments

  • David Butler: Great list. You're spot on. These were the EXACT issues I was frustrated with Epic in the early-mid 2000s. After goin...
  • WestCoastCFO: Re: Olive. Not seeing it, what am I missing? They seem to have found a nice niche, but they are not what I would call...
  • rxpete: Politico reporter didn't see "No Time for Sergeants" which leaves no doubt as to the spelling of cavalry based on the pr...
  • AnInteropGuy: Of the six EHRs I am familiar with, I have seen at least one or two of the problems described in each of them. Certainly...
  • Robert D. Lafsky M.D.: Stupid question: Why can't you name an EHR when you talk about its flaws? Answer honestly....

Sponsor Quick Links