Unsecure Text Messaging Still Rampant in Healthcare Organizations

By November 9, 2016blog
doctor-texting-300x200

The words “healthcare” and “unsecure messaging” should not be in the same sentence.

Yet according to a new survey, 83 percent of healthcare providers surveyed said they’ve sent or received patient information via a non-secure app despite knowing that health information sent by text message is insecure. Furthermore, 70 percent of those healthcare providers surveyed said they knowingly use a non-secure app.

Of the 1,800 healthcare professionals surveyed:

  • Half of respondents said their organization has a text messaging policy in place, 21% were unsure, and 31% said there was nothing official…percentages that are alarming.
  • Only 11% of respondents use a secure messaging app, and 60% of those same users also use a non-secure app on the same device in parallel.

Why continue using “dangerous” technology when there are “safe” alternatives out there?

The answer is a lack of culture of security through appropriate training and education. According to the survey, half of those surveyed said they were moderately or very confident that health information sent or received via text message is secure. At the same time, 80 percent rated their knowledge of HIPAA compliance as “very good”. Furthermore, 56 percent of those surveyed said their organization could do more to educate employees on HIPAA guidance, yet 98 percent rated their own knowledge of HIPAA as average to very good. The data contradicts each other.

Such responses points to a health system in which both administrators and employees do not understand security risks as much as they should.

So what are some steps healthcare organizations can take to ensure privacy and security?

  1. Put a ban on all text messaging until a secure messaging platform is implemented.
  2. Encrypt all devices.
  3. Create and distribute a text messaging security policy.
  4. Educate, educate, educate.
  5. Require all employees to sign a statement confirming their understanding of said security policy.

 

 

 

5