If you’re a healthcare IT manager, you know your physicians are using personal smartphones to exchange text messages with other care team members. You also know that standard SMS texting is insecure, putting your hospital’s protected health information (PHI) at risk. It’s time to stem the tide, safeguard your patients’ data, and protect your hospital from the hefty fine of a HIPAA violation.
So how can you get started with a secure texting strategy? Ask yourself three important questions:
1. How can my physicians use personal smartphones to send text messages from various locations to nurses and others inside the hospital?
It’s great if your texting solution lets physicians communicate securely with other providers. What’s even better is if it also lets them communicate with the entire care team, whether they are in the hospital, at a medical office or visiting a patient rehab facility. The texting application you choose should integrate personal smartphones with hospital-owned devices to bring the entire care team together.
Another way to unite care teams is with a comprehensive directory that makes it easy to see who is immediately available and who is busy. Consider all the ways physicians may want to search for a caregiver – by name, title, unit or availability – and be sure your texting app has that capability.
2. How can I protect data in transit and at rest?
To meet HIPAA requirements, your texting application must encrypt all data that could potentially contain PHI both “in transit and at rest.” That means data is safe on your servers, while in transit and on your physicians’ smartphones. By encrypting databases on physicians’ personal smartphones, you can protect their message history and prevent unauthorized access.
Pinlocks are another important security feature. Look for a solution that leverages the native pinlock in Apple’s iOS, for example, rather than requiring an additional layer of security. By requiring physicians to tap in a 4-digit number to unlock their smartphones, you can safeguard data even if a phone is accidentally left behind or lost.
3. How will my IT team support a smartphone infrastructure, and simplify the software installation and configuration process for physicians?
Your IT department is busy. Your physicians are focused on patient care. Some physician devices are hospital-owned and under control of your mobile device management (MDM) plan, while others are not. Make sure your texting application is supportable and secured in both scenarios. It also needs to be straightforward to configure and install. The ability to support Active Directory authentication will ease both deployment and support for your IT team and your physicians.
How is your hospital responding to the need for secure physician texting? Leave a comment below to share what’s working for you.