Secure messaging and archiving may not be the words we most identify with the medical industry, but perhaps they should be. The medical industry was hit hard in May of this year with a string of ransomware attacks, alongside a culture of doctors who use private messaging to send patient information to colleagues. These attacks, and the lack of awareness on the part of medical personnel when it comes to safe communications, highlights the need for industry-wide secure communications solutions to ensure the safety of patient information being shared between colleages, to create secure backup systems that allow for continued workflow in the case of attacks, and to stay up to date with HIPAA regulations in general.
One of the problems facing the medical industry today is balancing a secure system that protects sensitive patient information with the need for doctors and other healthcare professionals to interact with each other and consult on cases in a quick and efficient manner.
In the UK, for example, many doctors have resorted to sharing patients’ scans over popular messaging apps such as WhatsApp and Snapchat, both tools many of us are familiar with and feel comfortable using for personal communications. While the purposes of sharing are often noble – getting a second opinion from an expert in the field or trying to move treatment along as quickly as possible to ensure a fast patient recovery – sharing images over these apps is careless and, sometimes, even dangerous to the patient.
Messaging apps such as those mentioned above are not password protected, which means that when a doctor’s phone is forgotten at a restaurant or stolen from her pocket, the person opening the phone has complete access to the messages sent via these messaging apps. There is no way to remotely delete the messages or scrub them clean (doctor pun intended). And while WhatsApp now offers end-to-end encryption on messages sent through the app, not all messaging apps offer this protection.
Moreover, some doctors have pointed out that images sent over these messaging devices can be sent at lower quality than the original picture, resulting in less than optimal viewing of scans which could lead to missing important details. And since these messages are beings sent on messaging apps external to the hospital system, there is no one ensuring that identifying details, such as a patient’s name or contact information, is hidden in the images being sent.
The fact is that communication via messaging can help improve productivity in the medical industry but the messaging platform must be HIPAA compliant and ensure that all the information sent to colleagues is protected in every way. Moreover, all regulated industries including healthcare, finance, government, energy and more, should evaluate the electronic communications platforms used within their organization and determine whether such platforms are both secure, and more important, compliant with the regulatory bodies’ requirements that oversee them.