Six Ways Most Messaging Apps Fall Short for Healthcare

The Fundamental Flaws in Consumer and Enterprise Messaging Apps that Can Harm Your Healthcare Organization.

TigerConnect is a central communication and collaboration hub for healthcare professionals with a big mission — to cut down on communication breakdowns during handoffs, which is estimated to be a factor in 70 percent of medical error deaths, according to research from the US Agency for Healthcare Research and Quality.

With more than 50 healthcare messaging apps in existence and others like Slack and WhatsApp looking for a piece of the healthcare market, it’s easy to take the shortcut and go with what’s free and popular. After all, many of these services are encrypted. Unfortunately, even a cursory look can reveal shortcomings, which, at a minimum could slow productivity and at worst could harm patients or reveal sensitive data.

As a pioneer in secure texting and proud owner of the industry’s most widely adopted healthcare communication platform, we’ve seen a lot of solutions come and go. Healthcare is a unique industry with requirements that go way beyond anything conceived in consumer messaging product meetings. To help protect healthcare buyers from choosing a solution that won’t solve their needs long term, we’ve put together this guide that puts a finer point on the shortfalls of most messaging apps.

1. HIPAA Compliance Is Just the Beginning

For any technology used within a healthcare organization, HIPAA compliance is just the beginning. So when a vendor says they are HIPAA compliant make sure to question what that entails.

An effective clinical communication solution is only effective if it can be used securely by the largest number of people that are involved in a patient’s care. This means administrative controls should be set up to ensure everyone in the hospital has access to the information needed to do their job. For example, a messaging app should include role-based workflow, automated alerts to specific roles, secure single sign-on with an automated role assignment, and limited lifespan on messages with patient health information (PHI) so it isn’t out there indefinitely. These measures limit access to PHI under The Security Rule of HIPAA, which indicate covered entities must “protect against reasonably anticipated, impermissible uses or disclosures.” This typically means that organizations will attempt to limit access to PHI by staff, within reasonable limits.

Also important to note here is that HIPAA only provides guidelines for the texting of patient information, not enforcement. Thus, the ‘HIPAA-compliant’ claim is really self-enforced unless the vendor has undergone some type of third-party testing such as through HITRUST or other security review organizations. You’ll be hard-pressed to find a horizontal or consumer messaging app that carries this distinction.

2. Workflows Ensure PHI Access Is Restricted Within Reasonable Limits

Within most messaging apps, ensuring optimal collaboration among staff will likely prove to be a challenge, as these two goals are somewhat at odds. To keep communication about the patient private in a typical enterprise or consumer messaging app, healthcare organizations will likely end up forming groups by department — #EmergencyRoom, #EndoscopyUnit, or #Pharmacy, etc. which may make cross communication around a single patient difficult. And then what happens when the patient is discharged or transferred? The information can remain in the group thread or device indefinitely. Leading purpose-built healthcare communication apps will have an ephemerality component that ensures messages permanently self-destruct after a set period.

A patient-centric group or channel, i.e. #JohnSmith, is common in countries without regulations like HIPAA, but in the U.S. most patient-centric communication would need to be done through a direct message (DM) to avoid misidentifying a patient. These restrictions limit the collaboration that can be realized with a tool that is open yet also has permission-based workflows to ensure limited access to PHI. Look for an app that enables patient-centric conversations based on bed or room number, and an app that auto-assigns roles to a bed or room based on the who’s scheduled to be on duty. This resolves potential confusion.

3. Governance and Administrative Tools Protect Access to PHI

Whatever messaging app you are considering, it’s important to ensure the proper safeguards are in place to remotely manage users and to enforce the organization’s security policies. There are the basics, such as authorization of users through a verified ID with username and password. But once a user is in the app it’s important to ensure compliant use of the app.

One of the most common concerns is around an organization’s device policies. Your messaging app vendor should be able to support both a bring your own device (BYOD) strategy or a hospital-owned device strategy. This includes security mechanisms that prevent a user from saving information outside of the application — including downloading photos, videos, attachments, or copying and pasting information from the app to a location outside the network. It should also prevent users from accidentally uploading information from their personal phones to the app, such as pictures.

Administrative controls should also be in place to allow administrators to revoke access to the application from a stolen or lost device or for an employee who is no longer with the organization. In addition, administrative level permissions shouldn’t grant access to view all messages, messages should be encrypted so only participants on the message thread can see the content of the message.

4. Your Healthcare Messaging App Should Support Mission-Critical Communication

Let’s get back to the problem we are trying to solve — providing communication tools that support the complex workflows to help coordinate care in situations where a patient’s life may be on the line.

Any secure messaging solution you consider should allow you to explicitly define a communication workflow, including who needs to communicate to whom, what they need to communicate and when. Ideally, your vendor should have an experienced team that has managed the implementation of numerous healthcare-specific communication workflows from sepsis alerts, to discharge processes, and more.

Let’s take the example of transport. The minute a call comes into the ED, automated notifications should be sent out via the messaging app so the Transport team can prepare the right staff and equipment, and the Trauma team can start preparing for the patient’s arrival. Everyone from the transport nurse to the ED physician needs to coordinate and connect to maximize the efficiency of this process. Is the right equipment on the transport? Does the ER have an operating room available and are they preparing for the patient’s arrival, etc.? The sheer complexity of coordinating this effort isn’t possible with today’s standard messaging apps.

5. Secure Video and Voice Communication Allow for Deeper Communication

Advanced communication functionality that goes beyond messaging is important for providing care to homebound or elderly patients or connecting disparate providers and care professionals on a single call. Video and voice-enabled capabilities tied to the hospital’s EHR and data systems allow for deeper communication when a secure text message conversation isn’t enough. Look for a solution that enables group video and group calling.

6. Integrations with Critical Hospital Systems Is Key

Most hospitals have a range of data collection tools in place, starting with the EHR and extending to nurse call, PACS, lab, scheduling, and other systems. True healthcare communication tools centralize the most relevant parts of patient data so it’s accessible and actionable by the appropriate members of the care team. Real-time alerting mechanisms and the distillation of data elements into an elegant or customized design are generally outside the scope of consumer or enterprise messaging apps.

Another important integration to consider is scheduling. Role-based workflows are only as good as your team’s diligence to sign in and out of a role. With a scheduling integration, this process happens automatically so human error is completely eliminated.

And let’s not forget the need to securely capture conversations for legal reasons. Integration with an archiving solution is critical given the litigious nature of healthcare and the need for legal teams to have fast access to past conversations about patients.

The technology landscape for clinical communications has evolved from a simple, real-time texting tool to a platform-based, extensible solution that now facilitates advanced healthcare communication processes and improved patient outcomes.

If you are considering a clinical communication solution for secure text messaging, keep these six areas in mind to ensure you make the choice that is right for your organization.

Your Guide to Understanding the Clinical Communication Market Get eBook

Tags: Medicare ACOs, Medicare Shared Savings, ACO Risk, Risk-based, Clinically Integrated Networks, CINS, Industry Insights, CMS Toolkit ACO, Medicare, MSSP, Accountable Care Organizations, ACOs, CMS