Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

The CIO’s Guide to HIPAA Compliant Text Messaging

Posted on January 15, 2014 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Yesterday I wrote a piece on EMR and EHR where I talk about why Secure Text Messaging is Better Than SMS. I think it makes a solid case for why every organization should be using some sort of secure text messaging solution. Plus, I do so without trying to use fear of HIPAA violations to make the case.

However, you can certainly make the case for a secure text messaging solution in healthcare based on HIPAA compliance. In fact, the people at Imprivata have essentially made that case really well in their CIO Guide to HIPAA Compliant Text Messaging. This is well worth a read if you’re in a healthcare organization that could be at risk for insecure texting (yes, that’s every organization).

They break down the path to compliance into 3 steps:

  1. Policy – Establish an organizational policy
  2. Product – Identify and appropriate text messaging solution
  3. Practice – Implement and actively managing the text messaging solution.

Texting is a reality in hospitals today and the best solution isn’t suppression, but enabling users with a secure solution. The checklists in the CIO Guide to HIPAA Compliant Text Messaging provide a great foundation for making sure your organization is enabling your users in a HIPAA compliant manner.

Hospital Aren’t Supporting Nursing Smartphones

Posted on December 11, 2012 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or

Here’s one more example of where Bring Your Own Device is causing security problems for hospitals. A new report by Spyglass Consulting Group suggests that while most nurse use personal smartphones on the job, few hospital IT departments support these devices.

According to Spyglass, 69 percent of hospitals said that their nurses use personal mobile devices, often to fill in gaps left by the technology the hospital provides for communication. This is no surprise. While there’s an armada of personal nursing devices which allow nurses to communicate with other staffers, smartphones do a better job, as they’re light, boast an easy to use interface and unlike VoWiFi devices, unaffected by local network ups and downs.

It’s worth noting that 25 percent of care providers interviewed by Spyglass weren’t happy with the quality and reliability of the wireless network within their facilities.  That’s further evidence that VoIP devices commonly used for nursing communication aren’t riding on a solid base.

So, nurses are driven to use the smartphones they bring in from home.  Those phones become the basis for mission-critical communications around day-to-day care. But at the risk of repeating myself — OK, I’ve already repeated myself often on this subject — these unsupported, vulnerable devices can be hacked or stolen quite easily. If a phone is left in a public area, not only are nurses deprived of a critical communications channel, the e-mail or texts or voicemails they’ve sent regarding patient care has just walked off as well, offering bunch of private data in the clear. Plus, there are free solutions to this communications, privacy and security problem like docBeat that are much much more functional than what’s on the nurses’ personal devices anyway.

According to the Spyglass researchers, who conducted 100+ interviews with nurses working in acute care, hospital IT personnel are concerned about the increasing dependence of clinicians on personal mobile devices.  But I note that at least in the report summary written up by Healthcare IT News, you don’t hear about a stampede of hospital IT departments rushing to establish support policies and deploy enterprise-class mobile management tools. I must say, I’m not sure what they’re waiting for.