The following is a guest article by Amit Modi, Chief Product and Technology Officer, Movius Corp.
Improving the ways in which patients communicate with their clinician may feel like sending a search party into a blackhole. With today’s preference for instant communication via text and the laundry list of app-based messaging services, patients are increasingly seeking this seamless experience in various aspects of their lives, including healthcare. In fact, one recent survey found 90% of respondents would like the ability to communicate via secure text messaging with a family member’s care team if that loved one were ill.
In highly regulated industries such as healthcare and financial services, being able to meet the public’s demand for faster and more instant forms of communication has historically proved to be a slow process. However, with the emergence of mobile banking in financial services and other innovations in adjacent industries, it is clear the communications needs of consumers are top-of-mind for industry leaders globally.
The Growth of Instant Messaging and the Healthcare Connection
According to research by Pew, 97% of smartphone owners text regularly. With Pew also finding 81% of Americans now own a smartphone, it is easy to understand why texting and SMS exchange would be sought after in the healthcare industry.
However, since the healthcare industry is one of the most regulated industries in the world, changes to the business and working processes of healthcare professionals are not easily achieved. For example, HIPAA, the Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA) which provides data privacy and security provisions for safeguarding medical information in the U.S., has grown to greater prominence and awareness in recent years due to data breaches and ransomware attacks on health insurers and providers.
When it comes to clinician-patient text communication, challenges can quickly arise. SMS texting can be in violation of HIPAA regulations (specifically the HIPAA Security Rule) and other regulations if the text messages contain any protected health information (PHI) for which a patient had not given their consent.
All healthcare providers know that being vigilant about patient privacy and securing patient consent is crucial. However, the actual cost surrounding HIPAA violations can be staggering.
Adapting Mobile Strategies to Achieve Compliant Clinician-Patient SMS Communication
Healthcare providers willing to adapt their mobile communications strategies can drastically impact the patient experience and help patients feel more connected to their clinicians.
First, the implementation of secure cloud-based communication solutions can provide a perfect way for clinicians to leverage their personal devices to communicate with patients, all while remaining compliant.
When searching for possible solutions, it is critical the solution provides a clear, easily understood way to collect HIPAA-consent from patients before SMS communication begins. Select solutions providers provide “Opt-In/Opt Out” features for patients. For example, when an initial SMS is received from a patient or delivered to a patient by an employee, an explicit HIPAA consent message is sent to the patient’s cell phone and confirmation is requested. This message is auditable consent and can be produced upon demand to demonstrate compliance.
In addition, cloud-based solutions allow clinicians and caregivers to leverage their personal devices to communicate with patients via a separate, designated business phone number. Also, voice and SMS recording can also be used to meet industry regulations with ease.
Additional Mobile Strategy Considerations
Once healthcare providers select their preferred secure, cloud-based solution, it is important to comprehensively build internal security policies. According to TechTarget’s SearchMobileComputing, essential elements of any BYOD security policy should include:
- Acceptable use policies
- Minimal security controls on the device
- Company-provided components, such as SSL certificates for device authentication
- Company rights for altering the device, such as remote wiping for lost and stolen devices
In the healthcare context specifically, it may also be beneficial to discuss responsiveness guidelines when communicating with patients via SMS. For example, if a patient text is sent, caregivers should respond to patients within one hour of receiving the message.
As trends in communication change and new forms of connecting with our friends, family and professional associates develop, it is only natural that most people will want to leverage those forms of communication in various aspects of their lives.
Coupled with the prominence of mobile banking in financial services, HIPAA-compliant SMS messaging between clinicians and patients is also beginning to become more common. As the practice is still in its infancy, it is paramount for healthcare providers to ensure their mobile communications policies leverage secure, cloud-based solutions to ensure communication remains HIPAA-compliant.
If this is achieved, patients can finally realize instant communication with their clinicians. And, most importantly for clinicians, healthcare providers will not have to worry about whether they are putting patient privacy at risk.