Guest Column: A Secure Approach to Healthcare Messaging

By Colleen Curtin

Protecting electronic patient health information (e-PHI) has become even more critical as healthcare transitions away from paper-based processes into a more connected, electronic delivery model. Patient privacy and security is critical for the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH).

This includes the transmission of patient information shared via email, text messages, and pagers. Traditional messaging approaches often fail to meet legal requirements, leaving patient data vulnerable and providers liable for potential violations. Call centers need a messaging solution that is secure, reliable, and immediate to ensure compliance and improve client satisfaction.

The HIPAA Privacy Rule and the HIPAA Security Rule address the technical and non-technical safeguards that providers (covered entities) must have in place to secure e-PHI, including the administrative, technical, and physical security procedures for ensuring the confidentiality, integrity, and availability of data.

HITECH, passed in 2009 as part of the American Recovery and Reinvestment Act, contains incentives for information technology to be used in healthcare, widens the scope of privacy and security protections available under the HIPAA, and increases the potential legal liability for non-compliance. Covered Entities and their Business Associates must comply with both regulations and ensure that e-PHI is protected in transit and at rest. Providers are expected to protect against reasonably anticipated threats to security, impermissible uses, and disclosures. Failure to protect e-PHI can result in extremely costly fines levied by the Office of Civil Rights (OCR). The OCR performs random audits of healthcare organizations and their business associates; breaches can also be reported to them. A recent Ponemon Institute study found that over the past two years the average economic impact of a healthcare organization’s data breach was $2.4 million.

Communications methods such as pagers, SMS text messaging, and email are not intrinsically secure. Pagers and mobile devices can be lost or left unattended, allowing unauthorized parties to access e-PHI. Even a doctor letting his son play a game can potentially create a HIPAA violation if a patient-specific text is accessible on the device.

Amtelco’s HIPAA-compliant messaging solution, miSecureMessages (MSM), enables call centers to send fully encrypted messages to any smart device. This technology can reduce costs, improve service to clients, and enhance messaging efficiency.

This secure notification application, available in on-site and cloud-based configurations, sends encrypted messages to Android, Apple, Windows, and BlackBerry-based smartphones and tablets, allowing users to access, read, and respond to messages quickly using a secure transmission method. Recipients view messages through the MSM app via encryption; the messages themselves are never actually downloaded onto the device.

MSM is integrated with both Amtelco’s Infinity automated call distribution and unified messaging system and the Intelligent Series software and modules, including their cloud-based application. The solution works on both cellular data- and WiFi-based wireless networks and provides an unlimited alphanumeric character display for messages, as well as an unlimited number of messages per user. Users can message colleagues directly or send messages to entire teams.

The solution is protected using encryption. The application can require a passcode to open the app. If a mobile device is lost or stolen, a network administrator can deactivate the individual license remotely.

The system does not send SMS text messages, the messages do not pass through a third-party cellular provider (as is the case with SMS texts), and there are no associated messaging fees. The solution simply pushes out notifications that messages have been received. The messages themselves live only on the server and never pass onto the device.

The adoption of new technology is only going to accelerate, and ensuring that e-PHI is secure will become increasingly important. Call centers with healthcare clients should not rely on SMS text messaging or email solutions that are unencrypted and vulnerable to data breaches.

MSM not only provides a secure, fully encrypted messaging solution, it also enables new functionality that can streamline messaging procedures, improve productivity, and reduce costs. And it accomplishes all of that via smart devices that most call center clients already carry.

Colleen Curtin is the Amtelco product manager. For more information, contact Amtelco at 800-356-9148, info@amtelco.com, or www.misecuremessages.com.

[From Connection Magazine May/Jun 2014]