BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
As digital health data becomes increasingly accessible and more providers turn to technology to involve patients in their care, pressure mounts to ensure the safety of physician-patient communication, especially with stage 2 meaningful use criteria mandating patient engagement.
Electronic communication is one of the means being used to maximize patient engagement and it must be secured prior to deployment to maintain the privacy of all involved.
One of the measures within meaningful use stage 2 addresses secure electronic messaging. An eligible provider that fails to protect their communications will be disqualified from the incentive payment program. The criteria outlines that all electronic messaging, which is used to communicate relevant health information to 5% of unique patients during the specified reporting period, must be secure.
The requirement also indicates that both patients and technology users must be authenticated, and that the content exchanged must be encrypted in accordance with the hashing algorithm identified by the National Institute of Standards and Technology (NIST).
Secure communication must be applied to several components that are part of an organization's patient communication methods. Some the communication models used in healthcare today are: patient portals, text messaging, emails and electronic data exchange. As patients become more digitally active and involved in their care, hospitals are addressing patient engagement safety by taking the following steps.
Official communication methods
In order to properly protect physician-patient communication, a health system must identify all the systems a provider uses to facilitate its electronic messaging. A health system must inventory these systems and tools, then ensure they provide appropriate security safeguards that meet NIST criteria.
Patient portals must be equipped with Secure Sockets Layer, as well as user authentication. Emails must be properly encrypted to ensure medical information that resides within the emails or attachments doesn't fall in the wrong hands.
Secure text messaging on mobile devices is another hurdle that providers need to clear. They must check that their employees use the appropriate apps or tools and that their messages are secure.
Policies and procedures
There are a number of ways to enforce the encryption of messages when they leave an EHR system and land in a patient portal, or once an email containing sensitive patient information is sent out. Providers must choose the option that is the best fit for their needs. Bring your own device (BYOD) policies complicate security and can tempt clinicians to use unsecure messaging apps. It's important to put policies in place and technical controls when possible to avoid this. Follow up with educating clinicians to help them understand that using inappropriate tools or avoiding proper procedures can lead to violations of internal organizational policies.
Developers are continuously introducing new tools that shrink the gap between providers and patients. As more mHealth apps are used to develop greater patient involvement, healthcare professionals and patients must be trained and educated on the risks associated with not protecting the information mHealth apps exchange.
Increased patient engagement can have a significant impact on population health and draws attention to the importance of implementing safe and effective ways to electronically communicate with patients. Secure messaging can also provide a financial advantage to a healthcare organization. Providers, mid-level practitioners and non-physicians can be reimbursed for time spent electronically communicating with patients. In other words, these activities can become a revenue stream for the organizations using them.
Many providers recognize that promoting better physician-patient communication will help patients better manage their health. However, electronic messaging comes with increased security risks for organizations. Hospitals and medical practices need to address all their security components and remain vigilant as new communication methods enter the marketplace and land on the providers' mobile phones.
About the author:
Reda Chouffani is vice president of development at Biz Technology Solutions Inc., which provides software design, development and deployment services for the healthcare industry. Let us know what you think about the story; email firstname.lastname@example.org or contact @SearchHealthIT on Twitter.