The thing about secure email

Disappointment.  Anger.  Frustration.  Betrayal.

A wave of emotion rushes over me every time I open my inbox and see a secure email sitting there, staring me in the face.

I take a deep breath and try to channel compassion and kindness for whomever sent the dreaded message — I know they were trying to do the right thing.  HIPAA compliance is important, from both a regulatory and ethical standpoint, and secure mail is a means to that end.  So it’s fine…it’ll be fine.

But it’s not.  By the time I click on the secure link, establish a username and password and click on another link to finally access the content of the message, my blood is boiling again.  Why so many clicks?  Why?  We shouldn’t have to live like this.

Thankfully, we don’t.  Secure texting is quickly surpassing email as the preferred HIPAA-compliant messaging solution, and the change can’t come soon enough.  There may be those among you who are thinking, “wait, I thought email was cool.  I can send email on my smartphone”  That’s cute.  Email is cool, in its own way, but not secure email.  Never secure email.

Who uses it?

There are only two potential exceptions to the “no secure email” rule that come to mind.

  1. You work for a large hospital or health system and you’re stuck at a computer all day, likely send emails to your colleagues that are already on the same secure email system because the bureaucracy mandates it.
  2. You work in revenue cycle management (AKA billing) and you use secure email to communicate with the carriers and clearinghouse.  If this is the case, it is probably the least of your problems.  Godspeed, brave soul.

Even in these two instances secure texting would be a better, easier means of communicating, but adoption of new technology in these venues is slow and challenging.

Secure texting > Secure email

For small to medium-size physician practices, home health agencies, nursing homes, mental and behavioral health organizations and a whole range of other healthcare providers, secure texting incorporates all the functionality of secure email, without all the extra clicks.  Clinicians can attach photos, lab results, insurance cards, and any other PHI that needs to be shared.  It’s a vastly easier, quicker and — in many cases — cheaper way for providers to communicate with one another, their staff, or their patients.

The Risks of SMS Texting in Healthcare

Texting and HIPAA Violations

A recent survey indicates that over 73% of physicians use text messages to communicate with their staff or referring providers regarding patient care, and many doctors have also adopted the practice of texting directly with patients.  Often texting is the easiest, quickest form of communication for busy physicians, but SMS texting is not compliant with HIPAA security measures.

With health data security breaches on the rise, it’s important for medical practices to understand the risks of SMS texting to discuss PHI.

Risks of SMS texting PHI include:

  1. doctor texting consultant

    Written by Amelia Coleman

    Security breaches – more than 120 million patients have been affected by more than 1100 health data breaches since 2009.  In 2015 alone, 112 million Americans (almost 35% of the population) had health data compromised in a breach.  As credit card data becomes more secure, experts predict that healthcare data will become increasingly vulnerable to hacking and theft; a Reuters report recently found that medical information is now 10 times more valuable than a credit card number.

  2. Higher IT administrative costs – Every instance of breached healthcare data requires costly mediation, which takes heavy toll on individual organizations and the industry as a whole.  The average cost of a single breach is almost $4 million, up almost 25% since 2013.  These costs could include hiring an auditing company, providing ID theft protection services for affected patients, and fines levied by the HHS Office for Civil Rights (OCR).  A recent data breach study estimates that breaches cost the healthcare industry about $5.6 billion annually.
  3. Fines – OCR launched Phase 2 of its HIPAA Audit Program in 2016.  Privacy and security breaches can result in fines of $100 to $50,000 to covered entities.  In 2014 HHS fined two NYC health systems $4.8 million for a highly publicized breach.
  4. Reputation and patient trust – The old adage “there’s no such thing as bad publicity” does not apply in the healthcare industry.  Trust is the cornerstone of the patient/provider relationship and bad press around HIPAA violations can be damaging to hospital, health system or physician practice.
  5. Termination by employer – If you’re employed and you failed to secure data, you could be found to be at fault in the audit process and risk losing your job.

Facilitating easy, effective, secure communication is central to the OhMD mission.  We’ve designed our platform to look and feel just like text messaging so that providers don’t need to choose between convenience and compliance, and we offer our basic texting functionality free of charge.  Questions about how OhMD would work in your practice?  Contact us.

The Free Healthcare App Making Waves

OhMD is a new healthcare app revolutionizing communication in healthcare for free. Until now, conversations between physicians and their teams were relegated to slow and inefficient channels. A telephone call often turned into a voicemail, which often turned into a game of phone tag that would ultimately waste valuable time every day. While texting has been a preferred channel of communication outside of healthcare, HIPAA rules prevent the use of SMS or even encrypted texting apps like Whatsapp in the industry.

The OhMD app gives healthcare professionals a way to communicate protected health information (PHI) over a HIPAA secure texting platform. A physician can use OhMD to send any text message that needs to go over a HIPAA secure channel. It can be used by any healthcare professional to communicate with any other provider, within or outside any organization.

And for those forward-looking practices searching for more efficient ways to communicate with patients, OhMD does that too.

Practices can use the app to proactively reach out to all their patients, a subset of patients, or one patient at a time. Most practices are inundated with patient calls from open to close, so texting allows practices to reach patients in a far more efficient way. So instead of phone tag with patients to reschedule an appointment or to answer a clinical question, it’s a quick text message. Practices see as much as a 30% reduction in call volume and an instant increase in patient engagement as well as patient satisfaction.

The app is designed to protect patient information through the use of bank-grade encryption and centralized account management. All protected health information is securely stored in an encrypted database and no sensitive information is stored on user devices. If a user were to misplace their smartphone, not only is their OhMD account protected by a password and/or pin code, but their account can be disabled remotely.

The value of texting in healthcare stems from its simplicity.

The app was created to address a pervasive problem in healthcare: the inefficiencies around communications. With OhMD, patients can contact doctors and practices more efficiently with a simple, HIPAA secure text message, while also giving doctors a way to securely text with other doctors and colleagues. 

The platform was created by healthcare industry veterans for healthcare professionals and is being used across specialties by healthcare professionals of all types. Phone tag, high phone traffic and voicemails are soon to be a thing of the past, and texting in healthcare is the future.