By: Andrew A. Brooks, MD | August 2012 (Featured in AAOS Now)
I’m often amazed at how little healthcare communication has changed in the nearly 25 years since I was a medical student. The last great innovation was the introduction of the pager.
In most hospitals, the communication process among physicians is arcane, inefficient, and potentially dangerous as it relates to patient care. According to The Joint Commission, a breakdown in communications could be tied to more than 60 percent of all reported sentinel events in 2011.
To improve communication efficiency with other physicians, hospitals, or their offices, many physicians are turning to smartphone technology — specifically Short Message Service (SMS) text messaging. But in doing so, are they potentially exposing themselves to unrecognized liabilities? This article explores some of the key facts related to text messaging in the healthcare environment and what orthopedic surgeons need to know.
Short Message Service text messaging can improve communication among healthcare providers, but may also increase liability risks.
Text messaging has become a major part of social communication in today’s society. It’s efficient, allows information to be transmitted asynchronously and succinctly, and can thwart unnecessary or prolonged conversation.
Compared to email, with its seemingly endless number of spam messages, texting serves as a priority communication channel. Because people may be more reluctant to share cell phone numbers than email addresses, the group who can text an individual is usually more restricted and trusted.
Although text messaging has obvious social communication advantages, it also has clear utility in health care. Texting is fast, direct, and simplifies the traditional, laborious pager and callback workflow that hospitals and other organizations have used for years.
For example, a study conducted by the Robert Wood Johnson Foundation found that nurses waste as much as 60 minutes of each workday tracking down physicians for a response. Imagine the cumulative waste of time and added labor costs across our entire healthcare system these delays have caused.
Unfortunately, traditional SMS messaging is inherently nonsecure and noncompliant with safety and privacy regulations under the Health Information Portability and Accountability Act (HIPAA). Messages containing electronically protected health information (ePHI) can be read by anyone, forwarded to anyone, remain unencrypted on telecommunication providers’ servers, and stay forever on the sender’s and receiver’s phones.
In addition, senders cannot authenticate the recipient of SMS messages (ie, senders cannot be certain that the message has been sent to and opened by the right person). Studies’ have shown that 38 percent of people who text — including me — have sent a text message to the wrong person.
As a result, The Joint Commission has effectively banned physicians from using traditional SMS for any communication that contains ePHI data or includes an order for a patient to a hospital or other healthcare setting. A single violation for an unsecured communication can result in a fine of $50,000; repeated violations can lead to $1.5 million in fines in a single year, not to mention the reputational damage is done to an organization and its ability to attract patients.
A recent case, for example, resulted in a $50,000 fine to the provider. In addition, the provider was required to “implement security measures sufficient to reduce risks and vulnerabilities to ePHI to a reasonable and appropriate level for ePHI in text messages that are transmitted to or from or stored on a portable device.”
The Joint Commission did not ban all text messaging solutions, however. Instead, it established Administrative Simplification Provisions (AS) that serve as guidelines for developing secure communication systems. Under the AS guidelines, the following four major areas are critical to compliance:
Standard consumer-based messaging systems fail most of these requirements. The data centers are often not designed with the highest levels of physical and data security. Messages can be intercepted and are not encrypted. Recipient authentication is not available and, although messages and delivery details may be stored indefinitely, they are not designed to provide a fully functional audit trail.
By using a private, secure texting network, doctors, nurses, and staff can not only send and receive patient information but also potentially achieve the following goals:
In today’s increasingly mobile world, technology will undoubtedly continue to be a massive driver of greater efficiency. Physicians are typically eager to embrace and adapt new technologies. Used properly, texting technology has the potential to revolutionize the quality of how health care is delivered to patients.
Andrew A. Brooks, MD, is an orthopedic surgeon and co-founder and chief medical officer of Tigertext, a secure mobile messaging platform designed to help hospitals and businesses improve workflow and reduce risk. He can be reached at Andrew@Tigertext.com.