This content is part of the Essential Guide: Technology strengthening physician-patient relationship
Get started Bring yourself up to speed with our introductory content.

How to monitor physician-patient communication and boost engagement

Find out how providers are fighting the security risks imposed by today's electronic methods of communication.

As digital health data becomes increasingly accessible and more providers turn to technology to involve patients in their care, pressure mounts to ensure the safety of physician-patient communication, especially with stage 2 meaningful use criteria mandating patient engagement.  

Electronic communication is one of the means being used to maximize patient engagement and it must be secured prior to deployment to maintain the privacy of all involved.

One of the measures within meaningful use stage 2 addresses secure electronic messaging. An eligible provider that fails to protect their communications will be disqualified from the incentive payment program. The criteria outlines that all electronic messaging, which is used to communicate relevant health information to 5% of unique patients during the specified reporting period, must be secure.

The requirement also indicates that both patients and technology users must be authenticated, and that the content exchanged must be encrypted in accordance with the hashing algorithm identified by the National Institute of Standards and Technology (NIST).

Secure communication must be applied to several components that are part of an organization's patient communication methods. Some the communication models used in healthcare today are: patient portals, text messaging, emails and electronic data exchange. As patients become more digitally active and involved in their care, hospitals are addressing patient engagement safety by taking the following steps.

Official communication methods

In order to properly protect physician-patient communication, a health system must identify all the systems a provider uses to facilitate its electronic messaging. A health system must inventory these systems and tools, then ensure they provide appropriate security safeguards that meet NIST criteria.

Patient portals must be equipped with Secure Sockets Layer, as well as user authentication. Emails must be properly encrypted to ensure medical information that resides within the emails or attachments doesn't fall in the wrong hands.

Securing mobile healthcare communication

Data breaches decrease as BYOD grows

Wireless manager shares data security advice

Learn how IT can secure mobile devices

Secure text messaging on mobile devices is another hurdle that providers need to clear. They must check that their employees use the appropriate apps or tools and that their messages are secure.

Policies and procedures

There are a number of ways to enforce the encryption of messages when they leave an EHR system and land in a patient portal, or once an email containing sensitive patient information is sent out. Providers must choose the option that is the best fit for their needs. Bring your own device (BYOD) policies complicate security and can tempt clinicians to use unsecure messaging apps. It's important to put policies in place and technical controls when possible to avoid this. Follow up with educating clinicians to help them understand that using inappropriate tools or avoiding proper procedures can lead to violations of internal organizational policies.


Developers are continuously introducing new tools that shrink the gap between providers and patients. As more mHealth apps are used to  develop greater patient involvement, healthcare professionals and patients must be trained and educated on the risks associated with not protecting the information mHealth apps exchange.


Increased patient engagement can have a significant impact on population health and draws attention to the importance of implementing safe and effective ways to electronically communicate with patients. Secure messaging can also provide a financial advantage to a healthcare organization. Providers, mid-level practitioners and non-physicians can be reimbursed for time spent electronically communicating with patients. In other words, these activities can become a revenue stream for the organizations using them.

Many providers recognize that promoting better physician-patient communication  will help patients better manage their health. However, electronic messaging comes with increased security risks for organizations.  Hospitals and medical practices need to address all their security components and remain vigilant as new communication methods enter the marketplace and land on the providers' mobile phones.

About the author:
Reda Chouffani is vice president of development at Biz Technology Solutions Inc., which provides software design, development and deployment services for the healthcare industry. Let us know what you think about the story; email or contact @SearchHealthIT on Twitter.

Dig Deeper on Electronic health records privacy compliance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.