Healthcare leaders are increasingly concerned about the security of clinical communications in their organizations. The enhanced HIPAA enforcement environment, a number of well-publicized breaches and settlements and a simultaneous increase in the use of asynchronous electronic communication in the clinical environment — specifically text messaging — have made the issue top-of-mind for many leaders. They are concerned about the potential dangers of the transmission of protected health information (PHI) without adequate safeguards; the risk of privacy and security breaches that may result in adverse legal and financial consequences; and the loss of patient trust and reputation in the marketplace.
The recent uptick in the use of text messaging for clinical communications has resulted in a greater focus on the security of text messages sent via mobile devices. While secure text messaging is an important aspect of clinical communications security, simply addressing the security of text messaging leaves organizations vulnerable to breaches in other modes of communication, such as voice messages and texts sent from mobile carrier websites, Web-based paging applications, call centers, answering services and hospital switchboards.
PerfectServe is a communications system that stores data on a secure server, rather than on individual devices, thus maintaining the security of messages sent via the system, no matter which mode of communication is used. This success story describes how two healthcare organizations have implemented PerfectServe to address their need for a secure, comprehensive communications system.
St. John Providence Health System
According to Mike Burke, HIPAA privacy officer for the health system, the need to address the security of clinical communications recently became increasingly clear. “It became apparent over the past two years that more physicians wanted to communicate with other caregivers by electronic means,” he says. Physicians were finding the communications process inefficient and cumbersome when they needed to contact another physician after a consultation or after test results were posted to the electronic medical record — for example, when a consultant wanted to report their findings quickly to a primary care physician. According to Burke, “The physicians were specifically asking about text messaging from their mobile phones.”
A loss highlights security needs
In 2010, the health system experienced the loss of a portable device. Since the loss, the organization has solidified its security processes, including the training of physicians and other staff about the need to ensure that PHI is communicated in an encrypted manner across secure networks. Because of this attention, physicians were cognizant of the security requirements but were struggling to communicate clinical information in a manner that was both secure and efficient. “Our physicians were aware of the need to send encrypted messages and were looking for a way to do this safely.”
The organization had implemented PerfectServe in 2007 to facilitate communication between the system’s staff and individual physicians. In September 2013, the health system added a PerfectServe module to ensure secure direct communication between physicians. The calling physician can access PerfectServe via a smartphone or by dialing a toll-free number, which allows him or her to bypass answering services, front office staff and switchboards to quickly contact colleagues for real-time discussions of patient care issues. If the receiving physician is unavailable, the calling physician can leave a secure, HIPAA-compliant voice message, which the recipient will receive immediately or at a predefined future time.
According to Burke, the implementation process went smoothly: “Once the physicians realized how easy it was to use PerfectServe, they began signing up to access the application. To date, about 1,000 physicians have signed on for the voluntary service. Adoption at all five hospitals has been more rapid than expected. Physician leaders at our hospitals have been happy with PerfectServe and have been really helpful in getting the message out to other physicians.”
Reduced frustration and a market advantage
Since implementation of PerfectServe, Burke has seen a reduction in the frustration level of physicians regarding clinical communication. He has also found that implementation has reduced a major area of personal concern for him. “My goal is to make patient information as secure as possible. What keeps me up at night is portable devices — they are prevalent, and it’s really difficult to make sure that all devices on our campus are secure. PerfectServe helps address this worry.”
Burke also believes that implementing PerfectServe has provided the organization with a market advantage. “We want to make practicing at our organization as easy as possible. Having a common communication system between all five of our hospitals makes it more convenient for physicians to care for their patients at the hospitals within our organization.”
KishHealth System is a community-owned health system in the DeKalb, Illinois area that includes 98-bed Kishwaukee Hospital, an acute care facility, and 25-bed Valley West Hospital, a critical access hospital. In addition, the health system provides hospice, home health, behavioral health and cancer care services and serves the local community with almost 39,000 ED visits and about 8,300 admissions each year.
An inefficient system for communicating patient-specific information
According to Michael Kulisz, Jr., DO,chief medical officer of the health system, physicians were finding it difficult to efficiently and securely communicate patient-related information. For example, when a physician requested a consult from a specialist via the computerized physician order entry (CPOE) system, he or she might also text the consultant with a specific question. In order to comply with HIPAA privacy regulations, however, both physicians had to exclude specific patient information. This process, and any follow-up discussions after the consultation, often required one or more telephone calls to communicate patient-specific information — which frequently resulted in callbacks and phone tag. In addition to the lack of direct information exchange, the process was frustrating for physicians and slowed patient flow through the hospital. Health system leaders realized that the organization needed a platform for securely communicating PHI between physicians.
In June 2013, the health system implemented PerfectServe at both hospitals. According to Kulisz, the implementation process was relatively painless. “There is a learning curve, but once physicians are trained, they really like the system. Uptake and use have been more rapid than we had expected.”
A secure platform plusa streamlined process for direct conversations
In addition to providing a secure platform for clinical communications that includes PHI, PerfectServe has decreased the number of calls required by a physician trying to track down a colleague for a direct conversation. Utilization has grown over time as a greater number of physicians exchange more specific information than they could communicate safely on an unsecure network. Kulisz believes that having a secure platform is an essential ingredient for success. “With so many devices and modes of communicating, it’s easy to misstep. It’s important to have a strong information structure to alleviate that risk.”
Compliance with HIPAA privacy and security regulations has become a priority for healthcare organizations. The use of text messaging highlights the importance of a secure platform for all modes of clinical communications.
St. John Providence Health System in Detroit and KishHealth System in DeKalb have implemented PerfectServe to successfully streamline communication between physicians and ensure a secure environment for the efficient exchange of PHI and other clinical information.