Courting HIPAA risk with message apps
Just 25 percent of healthcare institutions with an official mobile messaging platform use internal, company-authorized tools, a new report shows. The rest make use of consumer apps that don't offer the security needed to comply with regulations, such as HIPAA.
"We are seeing a rapid adoption of mobile messaging in healthcare as the industry looks to work faster, improve patient care and reduce wasteful spending," said Anurag Lal, CEO of Infinite Convergence Solutions, the mobile messaging developer that sponsored the study.
"The problem," he added in a press statement, "is that many healthcare institutions are not aware that the messaging apps and services that are popular for daily personal use do not follow the administrative, physical and technical safeguards that HIPAA requires."
[Learn more: Meet the speakers at the HIMSS and Healthcare IT News Privacy and Security Forum.]
The study found that only 8 percent of healthcare institutions prohibit consumer messaging apps for employee communication - perhaps unsurprising given employees in the healthcare industry use mobile messaging more frequently than voice calling for colleagues with whom they communicate most frequently.
More than half (51 percent) of respondents say their company doesn't have an official mobile messaging platform. Of those, 83 percent say their company doesn't recommend a mobile messaging platform. Of the 17 percent who say their company does recommend one, iMessage and Skype are most commonly cited.
Of that 51 percent, moreover, 92 percent would use a company-wide mobile messaging platform, if the company decided to implement one; 64 percent say it would make communication easier at their job.
Meanwhile, of the 49 percent of respondents who say their employer has an official mobile messaging platform, 24 percent have an internal, company-created app, 16 percent have GChat, 11 percent use WhatsApp.
"We've found that 91 percent of healthcare employees use mobile messaging at least a few times per week for business communication," said Lal, in a statement. But while HIPAA and other government rules require strict security measures, "our study finds that the vast majority of healthcare institutions are not using mobile messaging services that are compliant with these regulations," said Lal.
"Healthcare employees communicate inherently sensitive information," he said. "Healthcare institutions need to get serious about meeting their employees' needs and providing a secure, internal messaging platform that not only allows HIPAA compliance, but also replaces outdated communication systems, like pagers, in order to increase productivity and serve patients faster."
Access the full report here.