HIPAA Compliant Instant Messaging

HIPAA compliant instant messaging platforms can revolutionize communication in healthcare environments. In the past few years, use of these new communication tools has grown at an incredible rate and healthcare organizations that have adopted this new method of communication are reaping the rewards.

The Instant Messaging Revolution

The first instant messaging services were introduced in the late 1990s and proved to be a popular method of communication. With 3G and the growth in use of mobile devices, instant messaging soared in popularity and changed the way people communicate. Today, instant messaging platforms allow users to send text messages, audio, video, and other files free of charge. With figures suggesting 72.2% of individuals in the United States have a smartphone, and the ability to use instant messaging services across a range of different devices, instant messaging really does mean it is possible to communicate with people in an instant, no matter where they are located. Instant messaging apps are easy to use and allow people to get quick answers to questions and share important data almost instantaneously. Communication has never been so efficient.

Instant Messaging in Healthcare

Instant messaging apps have not only changed how people communicate with each other; they have changed how workers communicate. Businesses have adopted instant messaging platforms to streamline communication between employees, either through company-supplied devices of Bring Your Own Device (BYOD) schemes.

The healthcare industry was slow to join the instant messaging revolution and abandon faxes and pagers, and even today many healthcare providers, even some large hospital systems, are still totally reliant on landlines, pagers, faxes, and even loudspeakers for communication; however, times are changing. Internal communications systems are being updated to include instant messaging platforms as the benefits are too great to ignore.

The use of instant messaging in healthcare is now commonplace. Healthcare providers that have adopted this new communication method have been able to streamline communication, improve efficiency, and ensure doctors, nurses, and other members of care teams have the data they need, when they need it, no matter where they are located. The result has been major productivity gains, reduced costs, and improved patient outcomes.

HIPAA Compliant Instant Messaging Services

HIPAA compliant instant messaging services are similar to popular consumer apps such as Skype, WhatsApp, Viber, WeChat, and Telegram, in that they allow instant messages to be sent, files to be shared, and for voice and video calls to be made. However, consumer instant messaging apps cannot be used in connection with electronic protected health information and should not even be used for voice or video calls in which patient information is discussed.

Some consumer apps may appear at face value to be HIPAA compliant messaging services, but they are not. For instance, WhatsApp communications are protected with end-to-end encryption but that does not make WhatsApp a HIPAA compliant instant messaging service.

HIPAA compliant instant messaging involves more than just encryption of data at rest and in transit. Consumer grade apps lack the features and security controls essential for ensuring the confidentiality, integrity, and availability of electronic protected health information that are demanded by the HIPAA Security Rule.

HIPAA and Instant Messaging

The Health Insurance Portability and Accountability Act was signed into law in 1996 at a time when the first instant messaging platforms were still in their infancy. When the HIPAA Privacy and Security Rules were added in the early to mid-2000’s, even ICQ had yet to be launched. While instant messaging is not mentioned in HIPAA, the technology-agnostic nature of the legislation means it can be applied to any communication technology and there are several provisions in the HIPAA Security Rule that apply to instant messaging services.

Safeguards must be in place to ensure the confidentiality, integrity, and availability of ePHI sent through text and instant messaging services. To ensure confidentiality, there must be strong access controls and all communications must be protected by end-to-end encryption. Controls must be in place to ensure that in the event of loss or theft of a device, all ePHI stored on the device is protected. Mechanisms must also be in place to ensure that messages cannot be intercepted, altered, or deleted by accident. Messages must always be available to the authorized device user and other authorized individuals on the system. HIPAA also requires access logs to be recorded and an audit trail to be maintained. User activity must also be monitored. Instant messaging service providers are classed as business associates under HIPAA and must enter into a business associate agreement with the covered entity and agree to comply with the requirements of HIPAA. Consumer instant messaging services fail in one or more of these areas and are not HIPAA compliant instant messaging services.

Benefits of HIPAA Compliant Instant Messaging

There are many benefits that come from the use of HIPAA compliant instant messaging platforms in healthcare, one of the most important being the ability for doctors, nurses, and the entire care team to share and act on patient information quickly and efficiently, from any location, at any time.

Delivering timely, actionable patient information across shift changes, locations, and roles reduces the potential for medical errors, improves efficiency and productivity, vastly improves the patient experience, and has been shown to improve patient outcomes.

The improvements made to communication efficiency and productivity have been shown by early adopters of the technology to reduce the cost of healthcare provision while improving the quality of care. In emergency departments, healthcare providers have been able to achieve faster triage, increase patient throughput, and reduce wait times and the number of patients leaving without being seen.

After implementing a HIPAA compliant instant messaging platform, many healthcare providers have been able to improve bed utilization, reduce the average length of stay and readmissions, increase transfer times, and see more patients in less time.

There are also many intangible benefits that come from the use of healthcare instant messaging services such as improvements to staff morale, reduced cases of burnout, and improved quality of life at work for nurses and physicians by eliminating inefficiencies and wasted time. If you have yet to implement a HIPAA-compliant instant messaging service, all these benefits are being lost.