Secure Messaging Platforms

From Clinfowiki
Jump to: navigation, search

Secure Messaging Systems in the context of healthcare refers to the principle of real-time, HIPAA compliant communication amongst providers and between providers and ancillary staff.

Electronic Health Records (EHR) have come a long way in communicating to a reader about a patient’s health condition, but real-time communication has lagged in both security and robustness[1]. Within the EHR, a provider may write a note, input vital signs, upload media and documents, store patient communications, and even directly import a photo of a wound into a patient’s chart, [2]and yet up to 80% of hospitals still rely on pagers and phone conversations as the primary method of communication between providers and nursing staff. [3]

Requirements for secure messaging systems

In the age of digital media, it may be tempting for providers to utilize SMS (short message service) or other encrypted personal device communication (iMessage). However, encrypted services often store copies of messages sent on the platform, requiring BAAs (Business Associate Agreements) between the healthcare entity and the business with access to those messages. [4] As a result, only a small number of secure messaging platforms meet HIPAA standards despite the large number of “encrypted messaging” applications available to the general public.

Types of Encryption

Data encryption can be broken down into two broad categories: symmetric and asymmetric. Symmetric uses the same key to encrypt and decrypt the message. Asymmetric encryption utilizes a public key to encrypt data, and a private key to decrypt data, theoretically resulting in increased security.[5] Top performers in the field utilize AES (advanced encryption standard), a symmetric (utilizes the same key to encrypt and decrypt) encryption standard designed by the NIST (National Institute of Standards and Technology). It should be noted that data encryption encodes data for storage and transport, but does not prevent the encrypted data from being intercepted. SSL/TLS (Secure Sockets Layer/Transport Layer Security) are protocols currently used to establish secure connections. [6]

Innovation in Secure Communication

Interestingly, secure messaging within the healthcare environment has grown to include non-traditional functionality. The basic requirements of HIPAA compliant, secure communication is fairly straight-forward: adequate encryption and a signed BAA.[4] Beyond this, user preference drives development spanning user interface, which devices can be used, and interoperability. Listed below are existing innovations in the field of secure messaging.[7] [8]

Innovations:

  • Directory inclusion – All available end-users are available within a searchable directory within the platform
  • User roles – roles with different functionality may include “nurse” or “resident physician”
  • Ability to recall messages – A message sent in error can be recalled
  • On-call integration – platforms integrate with scheduling software, routing pages to the appropriate end-user. For example, a message sent to the “hospitalist consult” pager would be routed to a different user at shift change.
  • Policy-based messaging – rules can be set within the system to reroute messages. For example, I’m not taking inpatient call while in the clinic on Tuesday, and all messages from inpatient nurses should reroute to a designated partner.
  • Mobile and desktop integration – messages are displayed simultaneously on web-based applications, desktop, or within a secure app on a phone.
  • Patient Messaging – able to send and receive messages and photos with patient without requiring patient sign-up or apps
  • EMR integration – streamlined integration made possible by FHIR (Fast Healthcare Interoperability Resources) specifications and includes:
    • Order Entry
    • Patient-based threads
    • Critical lab results

Rankings of KLAS category top-performers, 2020:[9]

A study done by the University of Washington broke down the different types of secure text messaging communication systems into tiers based on the level of secure communication they provided. They then made a list of pros and cons of each system. This is provided in the table below marked Table 1.10 Tier 1 is described as “Basic Secure Communication”.10 The system is considered HIPPA compliant and can encrypt and send data over the device.10 This system is usually the cheapest and can be free at times but only offer this basic function. Tier 2 “Secure Communication within an Existing Clinical Application” are also HIPPA compliant but offer more functional uses than Tier 1.10 A common system classified as Tier 2 is Epic. The Epic system has the capability to add this communication feature into its design. By being able to already add this feature to an established system it can improve workflows and communication amongst providers. Tier 3 systems, such as Vocera, are considered “Dedicated Communication and Collaboration Systems”.10 This system will be the most expensive of the three because it usually requires building a new interface within an already existing interface. They are more costly because they offer more applications with advanced features. These features include establishing scheduling systems integrated into the electronic health record and providing ongoing support to the organization as a separate vendor.10

Tier 1 • HIPAACHAT • Tigertext free edition Pros: • Secure communication platform • Inexpensive/free Cons: • No functionality to help with workflow • Minimal functionality to improve communication• Might be difficult to get full adoption due to minimal functionality

Tier 2 • CareAware Connect (Cerner secure messaging) • Cores secure messaging • Epic secure messaging• Medisas • miSecureMessages (AMTELCO) • Mobile Heartbeat • TeamStitch Pros: • Secure communication platform • Potentially easier to implement if you already use native system extensively (i.e., Cerner or Epic)• Some offer functionality to help with hospital workflow and communication • Well integrated with existing native system • Vendors may have been in the health care sector for long periods of time. Cons: • Additional licensing costs for messaging functionality• Difficult to integrate across multiple different clinical applications• Less advanced functionality (system-dependent)• Unclear how vendors will prioritize support and development of messaging functionality compared with native application• Ability to customize or integrate with third party systems uncertain

Tier 3 • Cureatr • Doc Halo • Imprivata Cortext • PatientSafe Solutions • PerfectServe • Spok Care Connect • Tigertext enterprise edition • Voalte • Vocera • Zipit Wireless Pros: • Secure communication platform• Intended to be integrated communication platform across entire health system. Solely dedicated to this area, offer good support• Offers extensive functionality to help with hospital workflow and communication • Offers the highest functionality, including integration with electronic health records, laboratory, scheduling, nurse call alerts, monitor alerts, etc. • Most customizable to meet specific workflow needs or integrate with third party systems. Cons: • Most expensive option• May require additional time/expense to integrate with other clinical applications to leverage advanced functionalityNote: Vendors in this space are relatively new, and the market is evolving (uncertain which vendors will thrive with market maturation).


  1. TelmedIQ is a vendor that offers HIPPA compliant messaging systems for healthcare providers and organizations. It transforms a Smartphone into a mobile paging device that leads to less provider interruptions answering in house pages, in turn increasing access to patient care. These features help to improve work efficiency, patient and provider communication, and patient and provider outcomes and satisfaction. Telmediq has the technology to provide clinicians with a specific phone number and Voice over IP (VOIP) to improve callback to the correct provider in a timely manner and keeping the number secure and private. It has the capability to send messages even if a Smartphone loses its signal. This is often a common reason healthcare organizations and hospitals keep traditional paging systems because of the risk of dead spots or losing connectivity. Telmediq’s software can be integrated into an existing electronic medical record system allowing providers to access patient records remotely and in real time. This all leads to simplified patient care and coordination.
  2. TigerConnect provides secure messaging, priority messaging, broadcast messaging, initiation of phone calls, custom reply messaging, auto forward, forums, delivery confirmation, message lifespan, message recall, group messaging, automated role assignments, scheduling integration, admin-controlled setup, message continuity, and manual role swipe ins. It also allows collaboration by text voice or video. A case study by Temple Health found that by using TigerConnect they were able to decrease their paging bill from $12,000 a month to $1000, with the use of this new technology data showed a drop of 30-40 percent of mortality linked to early treatment intervention. This led to improved patient care, quality and satisfaction.
  3. Epic Secure Chat is a well known company that sells electronic medical record software and is commonly used throughout a wide number of hospitals. Paging is a common feature built into the software. They now offer a mobile application called Haiku and have a secure chat format for all Epic providers to send non-emergent communications. This includes pharmacy, nursing, physician, lab, inpatient and outpatient departments. A nice feature of this system is a patient’s electronic health record can be attached to the secure message. This will lead to improved efficiency and decrease in medical error when all members of the team can have access to the patient chart in real time.
  4. Hillrom also known as Voalte Mobile solution is a medical communication app that can be used on a smartphone. Big picture is it offers mobile services, clinical workflow design, project management, integration services, educational services, consulting services, application administration, and technical support. Communications are secured on an encrypted platform where there is access to patient-related alerts and notifications via voice and text communications. It offers desktop messaging, a point-of-care app for caregiver communication, a BYOD app for providers who work outside the hospital, direct integrations with Hillrom Nurse Call, Alert and Alarm Management, Middleware and Waveform Visualization. Alerts can be sent from a smart bed, vital signs monitors, and from other patient monitoring devices. It offers Dynamic Directory where one can perform on call scheduling and easily find team members. Physician Communications is a feature where physicians can set their availability, find nurse assignments, and receive patient lab results, code alerts and pages. Flexible Reporting allows for easy access to reports to study alert trends. Robust Integration is a feature that allows the capability to integrate through other hospital systems. Intelligent Alerting can be initiated from nurse call systems, monitoring devices, the EMR to assure the right individual is notified of the message.
  5. Halo Clinician, founded Halo Health, which was one of the first cloud-based, HIPAA-compliant messaging applications in healthcare. Symplr acquired Halo Health which now further broadens the product portfolio of healthcare operations. It is able to offer on call scheduling, EHR HL7 ADT integration, unified mobile platform for messaging, calls, critical results, alerts, instant routing of critical data, messages are time- and date-stamped and marked appropriately: “Sent,” “Delivered,” or “Read”, can be set for different sounds for urgent messages and can mark themselves as off duty for specified dates/times, has the ability to do analytics and scheduling reporting.
  6. PatientSafe Solutions Solutions has a PatientTouch Platform that consolidates secure messaging, voice calls, critical alerts, nurse calls, and clinical workflows including rounding and handoff, specimen collection, assessments, documentation, and patient coordinated care. Patients can automatically be tagged in texts allowing real time patient data to be displayed.
  7. PerfectServe is a message service that can be securely used across multiple locations, on all devices, with EHR embedded messaging and advanced routing, with support for key integrations such as provider schedules, nurse call, and patient lists in the EHR.
  8. Vocera Collaboration Suiteis a company founded in 2000 that provides clinical communication platforms and workflow solutions. They are most commonly known for their hands free Vocera Smartbadge that was on TIME’s list of 100 Best Inventions of 2020. It is commonly used by nurses in hospitals to provide hands free communication while treating patients. Benefits include real time communication with other healthcare providers and cons are HIPPA compliance when discussing patient care in an open setting. They also have the capability to improve workflow efficiency with electronic healthcare record integration that allows secure texting and voice communication between physicians and care teams across different healthcare settings

References

  1. Why Most HIPAA Compliant Texting Apps Fail [Internet]. [cited 2020 Oct 27]. Available from: https://www.telmediq.com/news/hipaa-compliant-texting-apps-fail
  2. Epic HaikuiPhone User Guide [Internet]. [cited 2020 Oct 27]. Available from: https://www.choa.org/~/media/files/Childrens/medical-professionals/physician-resources/haiku-user-guide-for-iphone.pdf
  3. O’Leary KJ, Liebovitz DM, Wu RC, Ravi K, Knoten CA, Sun M, et al. Hospital-based clinicians’ use of technology for patient care-related communication: A national survey. J Hosp Med [Internet]. 2017 Jul 1 [cited 2020 Oct 27];12(7):530–5. Available from: https://www.journalofhospitalmedicine.com/jhospmed/article/141692/hospital-medicine/hospital-based-clinicians-use-technology-patient-care
  4. 4.0 4.1 Apple’s iMessage HIPAA Compliance on iPhones | TBHI Blog (formerly TMHI Blog) [Internet]. [cited 2020 Oct 27]. Available from: https://telehealth.org/blog/apples-imessage-hipaa-compliant/
  5. 6 Types of Encryption That You Must Know About [Internet]. [cited 2020 Oct 28]. Available from: https://www.goodcore.co.uk/blog/types-of-encryption/
  6. HIPAA compliant encryption text messaging [Internet]. [cited 2020 Oct 28]. Available from: https://tigerconnect.com/about/faqs/hipaa-compliant-encryption-text-messaging/
  7. TigerConnect | Healthcare Communication & Collaboration for All [Internet]. [cited 2020 Oct 28]. Available from: https://tigerconnect.com/
  8. Clinical Communication and Collaboration | Secure Messaging | Telmediq [Internet]. [cited 2020 Oct 28]. Available from: https://www.telmediq.com/
  9. 2020 Category Leader Secure Communications [Internet]. [cited 2020 Oct 28]. Available from: https://klasresearch.com/best-in-klas-ranking/secure-communications/2020/285

Submitted by Ben Theobald

Submitted by Amy Woods