Securing Different Forms of Internal Clinical Communication

Author Name Patrick Ouellette, HealthIT Security

Much like the need for interoperability among EHR systems, it would help a healthcare organization in the long run to have security products in place that are able to communicate with each other. For example, there are more short messaging service (SMS) offerings out there than healthcare providers can count, but most focus on the fact that they specialize in SMS and nothing else. For a large medical group or healthcare organization, securing only SMS may not be enough for the volume and variety of communication between clinical staff.

Seth Crouch, Director of Ambulatory Services at Covenant HealthCare, knows that from a clinical perspective, having one product across different forms of communication makes it an easier sell to physicians. Covenant Medical Group is a 182-physician group, part of Covenant Health and included within the St. Joseph Health System that serves the region through five inpatient and 64 outpatient facilities. Crouch said that before the issue of secure communication was posed to the IT steering committee at Covenant Medical Group, he didn’t recognize that sending protected health information (PHI) had to be regulated and secured.

At first, I didn’t know texting with PHI was considered unsecure and didn’t realize how many physicians were actually texting data back and forth. I think a lot of them didn’t realize that either until it was brought to their attention and we realized we had to do something about it. No one realized any laws were broken, so we had to bring it to everyone’s attention that there were people getting fined for HIPAA violations. It’s hard to break a bad habit and you can’t tell them what to do either, so we have to give them something they’re used to.

The ability to see names of everyone physicians are working within the organization such as specialists or primary care providers and coordinate care in a secure way helped sell Covenant on the PerfectServe secure communication platform, said Crouch. “From a PHI standpoint, it does exactly what we want it to do and it’s a mini care-coordinating document that’s texted from provider to provider or nurse or billing staff,” he said. “We have been using it for two weeks now and received a report that shows who’s been using the platform and how often.”

PerfectServe offers three core services: Clinician-To-Clinician, DocLink Service and Perfect Serve Practice. Data is encrypted at rest and in transit in all three services and the clinician has to authenticate to the platform with a user name and password to access messages with PHI. The goal is to help an organization secure all communications that are directed to its clinicians, not just text messaging.

Clinician-To-Clinician services allow systems to standardize and streamline all communications directed to physicians and their extenders as well as distinguish PHI from non-PHI on the platform in messages.  DocLink Service, which Crouch and Covenant use, provides a mix of real-time and secure messaging between physicians and other providers on an internal care team. DocLink is meant to be a tool that allows healthcare organizations to create networks of physicians so they can talk to each other in real time or secure text.

PerfectServe obviously isn’t the only secure SMS or communications product out there, so what made it stand out to Covenant? According to Crouch, the fact that it offered a host of other solutions that they can tap into was the biggest selling point. Covenant would like to move away from their other answering service (into PerfectServe Practice) to have it all-inclusive. Everything else they looked at only had one solution.

Many have secure apps, which is great, but if you can incorporate them into other solutions, then there’s the synergistic effect. Because our organization is so huge and has in-patient and out-patient systems, it’ll serve our needs going forward.

Though PerfectServe may not be a great fit for every organization, the idea of standardizing secure communication methods within a healthcare organization remains an interesting one.