HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Non-Compliant Hospital Pager Use Persists

Communicating protected health information (PHI) over unsecured networks is not permitted under Health Insurance Portability and Accountability Act (HIPAA) Rules, which means pagers cannot be used to send PHI unless messages are encrypted.

Encryption alone is not sufficient to ensure compliance with HIPAA. Not only must messages be encrypted to prevent interception, there must be a means of verifying the identity of the user. User authentication is essential, as there is no guarantee that a message containing PHI will be received by the intended recipient. If a pager is lost, stolen, or is left unattended, PHI could potentially be accessed by an unauthorized individual. It is also necessary to implement controls to automatically log off users and allow messages to be remotely erased in the event that a pager is lost or stolen.

Due to the cost implications of applying these safeguards, and the difficult in doing so, many hospitals implement policies that prohibit the transmission of PHI over the pager network. If PHI needs to be communicated, a pager message is sent and the recipient must call in and be provided with the information over the phone. Contacting the sender of a message also invariably involves a degree of phone tag.

The use of pagers in hospitals wastes a considerable amount of physicians’ and nurses’ time. A study conducted by the Ponemon Institute determined that on average, hospital-based physicians and nurses wasted 46 minutes a day by using pagers and beepers. The study suggested that pagers are costing the healthcare industry an estimated $8 billion each year. An average hospital was determined to be wasting around $1.75 million a year on the continued use of pagers.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Figures from the Radio-television and Telecommunications Commission in Canada suggest that the use of pagers is in decline, falling by around 11% per year. In the United States, use of pagers is also falling as alternatives to the pager are increasingly being adopted.

However, pagers are still extensively used by hospitals to communicate with physicians and nurses, even though they have many drawbacks and do not allow HIPAA-compliant messages to be sent.

The Natural Replacement for Hospital Pagers

Secure smartphone messaging apps encrypt messages to NIST standards, and feature authentication controls, audit logs, message lifespans, and permit the remote deletion of messages, ticking all the HIPAA-compliance check boxes.

They permit two-way communication, feature read and delivery receipts, and have been shown to speed up communication, saving a considerable amount of physicians’ and nurses’ time.

Pagers use narrowband communication which restricts the data that can be transmitted over the pager network. The broadband network, used by modern wireless devices such as smartphones, allows far more data to be transmitted. Messages need not be restricted to alpha-numeric characters. Multimedia messages can also be sent securely allowing documents, spreadsheets, PDFs, and image files to be sent securely without violating HIPAA Rules. This allows physicians to be sent a host of data such as test results and medical images such as x-rays.

The vast majority of physicians and nurses now carry a smartphone. A Physician Channel Adoption Study conducted by Manhattan Research in 2012 showed that 87% of doctors carried a smartphone. Last year, Spyglass Consulting conducted a study with the results indicating that figure had risen to 96%. An American Nurse Today study conducted in 2013 indicated that 67% of nurses carried a smartphone. A study conducted by InCrowd last year, suggests that figure has now risen to 88%.

With smartphones now being carried by the vast majority of physicians and nurses, and the considerable additional benefits of Smartphones, they are the natural replacement for hospital pagers. Secure smartphone messaging apps also ensure healthcare workers can communicate PHI without violating HIPAA Rules.

Furthermore, a recent HiMSS Analytics study has revealed the cost of supporting pagers is actually higher than the cost of using HIPAA-compliant secure text messaging apps. That could well be the final nail in the healthcare pager’s coffin.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.