News / Most Physician Secure Messaging Apps Not HIPAA Compliant
By Sara Heath, Nov 09, 2015

Most physicians use platforms like GChat and WhatsApp to communicate, regardless of their lack of HIPAA compliance.

Despite the critical nature of secure messaging and mobile security, several physician practices do not necessarily use secure methods of communication. According to a recent study by Infinite Convergence Solutions, Inc., most healthcare organizations use secure messaging platforms that are not HIPAA compliant.

Researchers surveyed 500 industry professionals regarding their professional messaging habits to determine what kinds of platforms, messaging services, and security measures are taken into account when communicating between physicians at a healthcare practice.


A majority of respondents reported using email as their preferred channel of business communication, followed by mobile messaging and then voice calls. When asked why they do not prefer mobile messaging, respondents stated they would rather compose an email or make a phone call, they do not like that mobile messaging leaves no paper trail, they do not think it is as secure as email or phone calls, they say that it is too informal, or they say it is not allowed by the organization. Additionally, researchers found that security is the most prominent concern regarding mobile messaging.

When asked about different third-party messaging platforms, 52 percent of respondents said they use SMS/MMS text messages. Other popular messaging platforms included Facebook Messenger, GChat, and WhatsApp. A resounding majority of users stated they believe third-party messaging platforms are at least somewhat secure, while only 20 percent of respondents stated they don’t think these platforms are secure.

Healthcare organizations reinforce those attitudes. Approximately half of respondents reported that their organization has no official mobile messaging platform, and 83 percent of those respondents state that their organization does not suggest which third-party platform they should use.

However, those who do not have an official messaging platform would use one if provided, the researchers stated. Nearly 92 percent of respondents said they would use an official mobile messaging platform if directed, and 64 percent said an official platform would make business communication easier.

This shows a gap in the market for secure messaging apps that are HIPAA compliant. Because there is a physician demand for these kinds of apps, healthcare organizations need to start exploring their options for new mobile messaging platforms.

“Healthcare institutions need to get serious about meeting their employees' needs and providing a secure, internal messaging platform that not only allows HIPAA compliance, but also replaces outdated communication systems, like pagers, in order to increase productivity and serve patients faster,” Infinite Convergence Solutions CEO Anurag Lal said in a press release.

Of those organizations that do have an official mobile messaging platform, 24 percent use a company-developed app, 16 percent use GChat, and 11 percent use WhatsApp.

However, according to industry professionals, those mobile messaging platforms do not adhere to proper security guidelines.

“The global healthcare industry is under strict privacy and security regulations to protect patient information, but our study finds that the vast majority of healthcare institutions are not using mobile messaging services that are compliant with these regulations," said Lal.

When healthcare professionals message one another, it most often includes sensitive information. In a healthcare culture that strongly emphasizes care coordination, several physicians may be communicating with one another regarding a specific patient case. Therefore, the messaging platforms on which physicians are communicating need to be compliant to patient safety and patient privacy adherent.

"Healthcare employees communicate inherently sensitive information, like patient prescriptions, medical information, etc., yet their employers do not have the proper mobile messaging security infrastructure in place to adhere to HIPAA or other regulatory requirements,” Lal said.

According to Lal, healthcare employers need to educate themselves on proper secure messaging practices to ensure a completely safe and HIPAA compliant environment. By immersing themselves in the secure messaging market, healthcare organization executives can identify the best and most secure platform over which physicians may communicate.

“The problem is that many healthcare institutions are not aware that the messaging apps and services that are popular for daily personal use do not follow the administrative, physical and technical safeguards that HIPAA requires,” Lal said.

Read Full Article

Share this: