Evaluation of Secure Messaging Applications for a Health Care System: A Case Study
12 July 2018
04 January 2019
27 February 2019 (online)
Objective The use of text messaging in clinical care has become ubiquitous. Due to security and privacy concerns, many hospital systems are evaluating secure text messaging applications. This paper highlights our evaluation process, and offers an overview of secure messaging functionalities, as well as a framework for how to evaluate such applications.
Methods Application functionalities were gathered through literature review, Web sites, speaking with representatives, demonstrations, and use cases. Based on similar levels of functionalities, vendors were grouped into three tiers. Essential and secondary functionalities for our health system were defined to help narrow our vendor choices.
Results We stratified 19 secure messaging vendors into three tiers: basic secure communication, secure communication within an existing clinical application, and dedicated communication and collaboration systems. Our essential requirements revolved around functionalities to enhance security and communication, while advanced functionalities were mostly considered secondary. We then narrowed our list of 19 vendors to four, then created clinical use cases to rank the final vendors.
Discussion When evaluating a secure messaging application, numerous factors must be considered in parallel. These include: what clinical processes to improve, archiving text messages, mobile device management, bring your own device policy, and Wi-Fi architecture.
Conclusion Secure messaging applications provide a Health Insurance Portability and Accountability Act (HIPAA) compliant communication platform, and also include functionality to improve clinical collaboration and workflow. We hope that our evaluation framework can be used by other health systems to find a secure messaging application that meets their needs.
Protection of Human and Animal Subjects
Human and/or animal subjects were not included in this project.
- 1 Franko OI, Tirrell TF. Smartphone app use among medical providers in ACGME training programs. J Med Syst 2012; 36 (05) 3135-3139
- 2 Kuhlmann S, Ahlers-Schmidt CR, Steinberger E. TXT@WORK: pediatric hospitalists and text messaging. Telemed J E Health 2014; 20 (07) 647-652
- 3 McBride DL, LeVasseur SA. Personal communication device use by nurses providing in-patient care: survey of prevalence, patterns, and distraction potential. JMIR Hum Factors 2017; 4 (02) e10
- 4 O'Leary KJ, Liebovitz DM, Wu RC. , et al. Hospital-based clinicians' use of technology for patient care-related communication: a national survey. J Hosp Med 2017; 12 (07) 530-535
- 5 Shah DR, Galante JM, Bold RJ, Canter RJ, Martinez SR. Text messaging among residents and faculty in a university general surgery residency program: prevalence, purpose, and patient care. J Surg Educ 2013; 70 (06) 826-834
- 6 Prochaska MT, Bird A-N, Chadaga A, Arora VM. Resident use of text messaging for patient care: ease of use or breach of privacy?. JMIR Med Inform 2015; 3 (04) e37
- 7 Tran K, Morra D, Lo V, Quan S, Wu R. The use of smartphones on general internal medicine wards: a mixed methods study. Appl Clin Inform 2014; 5 (03) 814-823
- 8 Przybylo JA, Wang A, Loftus P, Evans KH, Chu I, Shieh L. Smarter hospital communication: secure smartphone text messaging improves provider satisfaction and perception of efficacy, workflow. J Hosp Med 2014; 9 (09) 573-578
- 9 Patel N, Siegler JE, Stromberg N, Ravitz N, Hanson CW. Perfect storm of inpatient communication needs and an innovative solution utilizing smartphones and secured messaging. Appl Clin Inform 2016; 7 (03) 777-789
- 10 Gulacti U, Lok U. Comparison of secure messaging application (WhatsApp) and standard telephone usage for consultations on Length of Stay in the ED. A prospective randomized controlled study. Appl Clin Inform 2017; 8 (03) 742-753
- 11 Greene AH. HIPAA compliance for clinician texting. J AHIMA 2012; 83 (04) 34-36
- 12 Drolet BC, Marwaha JS, Hyatt B, Blazar PE, Lifchez SD. Electronic communication of protected health information: privacy, security, and HIPAA compliance. J Hand Surg Am 2017; 42 (06) 411-416
- 13 McKnight R, Franko O. HIPAA compliance with mobile devices among ACGME programs. J Med Syst 2016; 40 (05) 129
- 14 U.S. Department of Health & Human Services. Summary of the HIPAA security rule. Available at: https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html . Accessed July 20, 2017
- 15 U.S. Department of Health and Human Services Office for Civil Rights (2017). Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information. Available at: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf . Accessed July 20, 2017
- 16 National Cybersecurity Institute. 2015 Healthcare Breaches Surpassed 112 Million Records (2016). Available at: http://www.nationalcybersecurityinstitute.org/healthcare/2015-healthcare-breaches-surpassed-112-million-records/ . Accessed July 20, 2017
- 17 The Joint Commission (2016). Clarification: use of secure text messaging for patient care orders is not acceptable. Available at: https://www.jointcommission.org/assets/1/6/Clarification_Use_of_Secure_Text_Messaging.pdf . Accessed July 20, 2017
- 18 Karasz HN, Eiden A, Bogan S. Text messaging to communicate with public health audiences: how the HIPAA Security Rule affects practice. Am J Public Health 2013; 103 (04) 617-622
- 19 Spok. Hospital CIOs on data security and clinical mobility. Available at: http://www.spok.com/infographic-chime-survey-2017 . Accessed July 20, 2017
- 20 Stanaland J. By the numbers: the secure text messaging market (2016, May 11). Available at: https://www.hieanswers.net/numbers-secure-text-messaging-market/ . Accessed July 20, 2017
- 21 PerfectServe. PerfectServe survey results (2015, April). Available at: http://www.perfectserve.com/wp-content/uploads/2015/09/perfectserve_final_report_040315_0.pdf . Accessed July 20, 2017
- 22 Patel MS, Patel N, Small DS. , et al. Change in length of stay and readmissions among hospitalized medical patients after inpatient medicine service adoption of mobile secure text messaging. J Gen Intern Med 2016; 31 (08) 863-870
- 23 Medicine UW. UW Medicine Fact Book. Available at: http://www.uwmedicine.org/about/Documents/UW-Medicine-Fact-Book.pdf . Accessed August 3, 2017
- 24 Gartner. Technology overview for secure texting for healthcare (2013, December 20). Available at: https://www.gartner.com/doc/2640716/technology-overview-secure-texting-healthcare . Accessed July 20, 2017
- 25 Gartner. Market guide for clinical communication and collaboration (2016, November 15). Available at: https://www.gartner.com/doc/3115031/market-guide-clinical-communication-collaboration . Accessed July 20, 2017
- 26 Gartner. Market guide for secure mobile communications (2016, July 11). Available at: https://www.gartner.com/doc/3372117/market-guide-secure-mobile-communications . Accessed July 20, 2017
- 27 Gartner. When secure texting is not enough for healthcare delivery organizations (2016, August 18). Available at: https://www.gartner.com/doc/3416317/secure-texting-healthcare-delivery-organizations . Accessed July 20, 2017
- 28 KLAS. Secure messaging 2015: first look at who providers are considering and why (2015, September). Available at: https://klasresearch.com/resources/press-releases/2015/10/06/new-klas-report-gauges-who-leads-the-market-in-secure-messaging . Accessed July 20, 2017
- 29 Kahneman D. Thinking, Fast and Slow. 1st ed. New York, NY: Farrar, Straus and Giroux; 2011
- 30 Musiani F, Ermoshina K. What is a good secure messaging tool? The EFF secure messaging scorecard and the shaping of digital (usable) security. Westminster Papers in Communication and Culture 2017; 12 (03) 51-71
- 31 National Institute of Standards and Technology. Security requirements for cryptographic modules. Available at: https://csrc.nist.gov/publications/detail/fips/140/2/final . Accessed November 13, 2018
- 32 Abu-Salma R, Sasse M, Bonneau J. , et al. Obstacles to the adoption of secure communication tools. 2017 IEEE Symposium on Security and Privacy, 137–153
- 33 Sinsky C, Colligan L, Li L. , et al. Allocation of physician time in ambulatory practice: a time and motion study in 4 specialties. Ann Intern Med 2016; 165 (11) 753-760
- 34 Aerohive Networks. High-density Wi-Fi design principles (2012). Available at: https://media.aerohive.com/documents/2034844328_Aerohive-Whitepaper-Hi-Density_Principles.pdf . Accessed August 3, 2017
- 35 Bartnik A. Proactive wireless monitoring with aruba clarity (2016, April 28). Available at: https://www.swc.com/blog/swc-technology-partners/proactive-wireless-monitoring-aruba-clarity . Accessed August 3, 2017