As the health IT landscape continues to evolve, the ease of communicating between practices is increasing. Doctors interested in coordinating with other physicians, hospitals or medical offices no longer have to rely on the phone—they can send a text message, write an email or pass along a message through a portal-based system.
Yet sending and receiving messages and medical data easily is but one piece of the new healthcare landscape. Security must also be top of mind. Cyber-criminals who once targeted financial firms and retail companies are increasingly turning their attention to healthcare organizations. In fact, 90 percent of healthcare firms have been hit by some type of cyber attack in the past two years, according to a recent study by the security research firm, Ponemon Institute.
The number of attacks against doctors and hospitals has more than doubled in the past five years, as hackers seek out medical records that contain personal data, such as social security numbers and addresses. That information makes identity theft a breeze, which might explain why hacked medical records can sell for as much as 20 times the price of stolen credit-card information, according to Dell SecureWorks.
A data breach costs a hospital, on average, $2.1 million, the study found. While the financial cost to a medical office is sizably less, the damage to the practice's reputation can be devastating, resulting in a loss of patients and revenue. When it comes to communicating between practices, not all modes of communication are created equal. Here are the high-level security concerns to consider before you send your next message.
The trouble with texts
Text messaging can be a fast and efficient way to remind patients about upcoming appointments—because cell phones are integrated into most patients' daily lives. Nearly 80 percent of people with cell phones use text messaging, according to the Pew Research Center.
Yet using traditional SMS texting to relay sensitive information between practices opens clinicians to all sorts of liability concerns: Messages sent through telecommunications are noncompliant with the Health Information Portability and Accountability Act (HIPAA) because of inherent security issues. Anyone can read a text or forward it to another recipient, and the message and the medical information it contains remains on both the smartphones and the telecommunication providers' server indefinitely. The security concerns are so great that the Joint Commission has levied $50,000 fines against any healthcare organization that uses traditional SMS texting to transmit sensitive medical information. For repeat offenders, that fine can snowball to $1.5 million per year.
"Beyond security, text messages post a safety issue as well."
Beyond security, text messages post a safety issue as well. Abbreviations are commonplace when tapping out a text, but in a healthcare setting those same shortcuts and abbreviations can cause confusion or delay action.
Exacting electronic messages
In an industry laden with paperwork, email can seem like a fast, simple solution to cut through the clutter and communicate between practices. Yet clinicians would be wise to consider how secure their messaging platform is. Offices that use standard email platforms for consumers to send sensitive patient information and medical data run a larger risk of having that data hacked or intercepted.
To ensure patient privacy and the security of sensitive medical information, clinicians should move all electronic messaging to a dedicated system that deploys sophisticated encryption. Eschewing consumer platforms for a patient portal that integrates robust security measures also provides peace of mind that your practice is compliant with federal regulations regarding patient privacy and security and will be able to skirt costly breach repairs.
Communicating between practices is a must for any modern medical office or hospital, and concerns about compliance, security and privacy shouldn't curtail a practice's efforts. Yet taking the time to research and invest in a secure system can deliver the benefits of instant communication—without the safety concerns.