Digital Health Communication and MessagingDigital information is everywhere, including medical institutions where it is now common practice to utilize electronic medical records. This can be a good thing, making patient care more efficient and effective. However, it can also be an easy doorway for data thieves to access private information. Many doctors and nurses utilize mobile data to aid in their daily tasks from accessing clinical data to communicating with other staff members. Many primary care providers also regularly use text messaging as a way to communicate with patients for appointment bookings and cancellations. Text messaging is a quick and easy way to do this.
HIPAAThe U.S.’s Health Insurance Portability and Accountability Act (HIPAA) of 1996 exists, in part, to protect personally identifiable information when being used by the healthcare industry, through regulating how it can be used and communicated. Specifically, the HIPAA Security Rule stipulates that numerous safeguards be employed by administrative and medical staff to protect personal information, including the use of encryption in digital communication where possible. If medical staff and institutions follow the safeguards required by HIPAA, there shouldn’t be cause for concern. However, HIPAA doesn’t require encryption non-discriminately across the board, and there is always the possibility of human error and negligence. In particular, smaller clinics which previously had minimal security procedures in place have found it particularly challenging to comply with the requirements of HIPAA.
Safeguarding Medical InformationSo, what can be done to safeguard medical communications? Secure text messaging is a viable option, though it is challenging to implement on a whole-scale level and depends a great deal on employee participation. One study found that only 31 percent of medical staff were encrypting information as standard practice before sending it to the cloud. Apps exist that will encrypt text messages, but every single device sending and receiving these texts has to be using the same system. However, medical staff also need to consider the chance that someone other than their intended recipient may view their messages, making it imperative that personally identifiable information be communicated in a way that maintains patient privacy. Ideally, a medical facility’s IT department will spearhead the efforts to get everyone on board. But this becomes increasingly difficult with nationwide coverage of medical care. It is one thing to secure one system. It is quite another to secure two systems or hundreds of systems, as is the case with many of the larger institutions. If it is deemed too daunting a task for the whole company to establish an all-encompassing encryption service. At the bare minimum, each employee’s device should use its own encryption app, and the use of encryption should be monitored with employees being held responsible for failure to comply. In addition to encryption, a passcode should be made mandatory on every device. Finally, medical staff should never assume that having access to a patient’s mobile number means that they have given their consent to be contacted via text message. Consent should be gained by each patient before any text-based communication occurs, and the patient should be informed that any messages sent or received may become part of their medical record. Since there is no way to cease the use of smart devices or text messaging in this day and age, establishing secure mobile messaging in healthcare is a must. Medical information is among the most sensitive and expensive information out there and when, or if, it gets into the wrong hands. The consequences could be far-reaching and devastating. A patient seeking medical help should not have to be concerned for the security of their personal information. If you feel you are at risk, you are within your rights to ask your doctor to prove that they use some kind of encryption if they have to transmit any of your information via text message. If they cannot or will not, then you have the right to tell them you do not want any of your information sent over mobile devices.
About the Author: Sophie is a marketing specialist at Security Gladiators. A writer by day and a reader by night, she is specialized in tech and cybersecurity. When she is not behind the screen, Sophie can be found playing with her dog. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.