bst2012 - Fotolia
In the emergency department, time is of the essence. Paging or calling sought-after doctors and nurses in that setting can be disruptive, and they may be too busy to answer.
Yale-New Haven Hospital in New Haven, Conn., faced this challenge in its ED, Allen Hsiao, M.D., chief medical information officer at the Yale School of Medicine and Yale-New Haven Health, said.
"You can imagine with nurses, providers of many different levels, techs, technicians, everybody needs to work as a team, but all juggling different patients with different levels of acuity," he said. "You never know what's going to come through the door."
Hsiao explained that finding the right clinician to ask a question of or get help from is already tough. "But in [the ED], it was even more challenging," he said.
Although some people -- two residents who know each other well, for example -- unofficially used texting to improve communication, Hsiao said, this approach could not be adopted hospital-wide because it is not HIPAA compliant and texting a patient's PHI is not allowed.
"We really wanted to find a way to communicate better," Hsiao said. "That's where the Mobile Heartbeat MH-CURE platform was first identified for us."
MH-CURE and healthcare secure messaging
Mobile Heartbeat's secure messaging application, MH-CURE, is run on a secure enterprise server, James Webb, vice president of strategic accounts at Mobile Heartbeat based in Waltham, Mass., said. The MH-CURE application "runs on iOS, Android and desktop devices, and that always connects up to a server that sits within the hospital's firewalls for communication inside and outside of the hospital through secure texting, calling, voice-over IP calling, and alerting and patient information," Webb said. The app integrates with Yale-New Haven's EHR from Epic Systems. Yale-New Haven has been using MH-CURE for almost four years now.
Doctors, residents and nurses can either download the application onto their personal phone, or a hospital can opt to purchase phones with the application on them that authorized staff can use.
Hsiao explained that when a doctor or nurse goes to pick up a phone provided by the hospital, they swipe a badge that will then open up a big cabinet full of phones -- in Yale-New Haven's case, iPhones. Doctors or nurses then swipe their badges again to pick up the phone.
"It automatically logs you in based on your badge to that device," Hsiao said. "You get assigned to that device, your virtual number that is assigned to you as a clinician, and then you appear in the directory as 'Now Available' on that unit so that everyone else who's also on that unit carrying an iPhone with MH-CURE [can communicate with you]."
Webb added that the configuration process is not complicated, and it mainly depends on how a hospital wants to set everything up. Usually, it takes about a week of configuration and a week of training to get the hospital and staff up and running on MH-CURE.
Once MH-CURE is active, voice calls can be made to places outside the hospital, Hsiao said. He added that voice calls can also be received from outside the hospital.
Another feature that Hsiao said is helpful is the fact that a person can see whether a sent message has been read.
"If you've read your message then the person that sent the message can actually see that you've read it," Hsiao said. If Hsiao is busy and not able to read the message, "the person, clinician who sent me the message knows that I haven't looked at it yet. They can decide to send me another one; they can escalate to a higher level of secure messaging within MH-CURE if they wish; or they can decide, 'Let me go find another clinician because it looks like Allen is busy with a patient right now and hasn't been able to read my message.' That's very effective for communication."
Critical lab results reported quicker
In addition to using MH-CURE to improve communication within units, especially finding certain clinicians, Yale- New Haven is also using the healthcare secure messaging application to more effectively handle lab results.
Hsiao explained that the health system has a list of its top 60 critical lab results that, depending on what the results are, could change the care of the patient. When lab tests fall within these top 60 critical results, "we actually get an alert page into our MH-CURE application so that as soon as that result is back, I know right away already when it's a critical one," Hsiao said. "This saves a great deal of time," such as helping lab technicians avoid phone-tag trying to track down a particular doctor to report a result. The app can also:
In addition to being HIPAA compliant, Webb said, "all of our data is encrypted in transit and at rest. We go through rigorous application and server-side penetration testing to ensure that we are compliant and not vulnerable to any kind of data breaches."
He added that Mobile Heartbeat also works with the hospital IT team to make sure the infrastructure is configured, secure and complies with all of the hospital's standards.
"We tend to have our server sitting behind a couple of firewalls, which are controlled, but still allow the access inside and outside the hospital seamlessly, but through the app," Webb said.
Mobile Heartbeat also works to secure the end devices by using mobile device management tools, ensuring the application itself is secure, and not allowing any data to be held outside of the app.
"We have features, such as if the device loses wireless connectivity for a configured period of time, we'll wipe all data off the application," Webb said. For example, if someone leaves the hospital and the phone disconnects from the hospital's wireless network, the application will wipe all the data from the device. This is also the case if the MH-CURE application is on someone's personal mobile device. In fact, the only way to access the data is through the application; no clinical messages are stored on the device itself, Webb said.
In addition, "we have active directory logins, so we use the same password so that it's all held by the hospital through [Lightweight Directory Access Protocol] authentication, and then we also have an additional security feature on our admin for managing and tracking devices, but also allowing access to the actual application," Webb said. "So even if you have the application and some active directory credentials, but you haven't had your administrator allow access to the portal, you can't get into any of the secure data."
Epocrates app and secure physician-to-physician SMS texting
For call centers, secure text messaging part of HIPAA compliance
Four emerging trends for secure texting in healthcare