News Feature | November 30, 2015

90% Of Healthcare Institutions Employ Non HIPAA-Compliant Messaging Apps

Christine Kern

By Christine Kern, contributing writer

Texting Best Practices

Although healthcare is driven by federal regulations regarding privacy and security of protected patient data such as HIPAA, an Infinite Convergence Solutions study has found 92 percent of healthcare institutions are currently employing messaging apps that are not HIPAA-compliant. Further, just one-quarter of all healthcare institutions that have an official mobile messaging platform employ an internal, company-authorized app, meaning the rest rely on consumer-facing apps and services that cannot provide the level of security necessary to meet federal regulations.

The October 2015 survey queried 500 professionals across the finance/banking, healthcare, retail, and legal industries regarding their mobile messaging habits and behaviors.

“The global healthcare industry is under strict privacy and security regulations to protect patient information, but our study finds that the vast majority of healthcare institutions are not using mobile messaging services that are compliant with these regulations,” Anurag Lal, CEO of Infinite Convergence Solutions said in a prepared statement. “Healthcare employees communicate inherently sensitive information, like patient prescriptions, medical information, etc., yet their employers do not have the proper mobile messaging security infrastructure in place to adhere to HIPAA or other regulatory requirements.”

The study found 65 percent of healthcare respondents communicate most frequently for business via email, 22 percent employ mobile messaging, and 13 percent use voice calling. When asked why mobile messaging was not their method of choice, participants cited preferring to send emails or make calls (31 percent), no paper trail associated with mobile messaging (19 percent), lack of security (18 percent), too informal (17 percent), and the action is not authorized by the company (16 percent).

Message security was ranked the primary concern with mobile messaging for business communication, and over half (57 percent) said the decision of which communication method to use is based primarily on the immediacy of information that needs to be communicated.

When it comes to third-party messaging apps, 52 percent of respondents reported using SMS/MMS to communicate followed by GChat, Facebook Messenger, and WhatsApp. Surprisingly, only 8 percent reported third-party messaging apps are prohibited by their company, while 9 percent say they prefer not to use such apps.

Forty-two percent said they are confident the majority of their business correspondence is secure using third-party messaging apps, while 20 percent reported they do not believe it to be secure. Thirty percent reported such apps are completely secure for business communication.

“We are seeing a rapid adoption of mobile messaging in healthcare as the industry looks to work faster, improve patient care and reduce wasteful spending,” Lal said. “The problem is that many healthcare institutions are not aware that the messaging apps and services that are popular for daily personal use do not follow the administrative, physical and technical safeguards that HIPAA requires.”

“We’ve found that 91 percent of healthcare employees use mobile messaging at least a few times per week for business communication. Healthcare institutions need to get serious about meeting their employees’ needs and providing a secure, internal messaging platform that not only allows HIPAA compliance, but also replaces outdated communication systems, like pagers, in order to increase productivity and serve patients faster.”