In busy healthcare environments, the convenience of texting can’t be denied, but how does one find a balance when leaving out identifying patients details yet still providing other providers with enough information?
The De-identification process claims that by removing up to 18 known specific pieces of patient data, it is impossible for non-authorized individuals to determine which patient is being discussed.
On one hand, this method, if practiced correctly, serves to protect PHI from being exploited if it’s accessed inappropriately, but this same lack of information can easily cause miscommunications between medical staff that can result in serious medical errors.
It’s also worth mentioning that de-identification is easily laden with subjectivity. Even with criteria set for this, different providers and caregivers may go about the process or interpret messages differently. There is no specific system set in place to prevent important medical information from being lost in translation. These gaps in communication can lead to many issues that affect organizational efficiency and both provider and patient safety.
According to the National Center for Health Statistics, in the US alone, 250,000 deaths are caused by medical error each year. Not to mention, a third of medical malpractice cases can be directly linked to a failure in communication, according to the Malpractice Risks In Communications report. These are some alarming statistics that point out the need for unaltered and open communication of patient details with authorized personnel, that of which must still remain HIPAA compliant.
Although attempting to safely share PHI via texting or consumer messaging apps, the De-identification method does not adhere to all HIPAA rules and regulations. Encrypted consumer apps such as iMessage are not safe for clinicians to use and lack the necessary controls to protect and document patient data to provide audit trails. Since the messages reside indefinitely in both the sender and receiver's device, they can be accessed by the wrong person. Apple also keeps a cached version of messages sent via iMessage, which can be accessed either by warrant or by a potential cyberattacks.
With alternate solutions available, there is no reason for the existence of cryptic messages that have been proven to lead to a high number of deaths and medical errors. It’s no surprise that health systems are seeking out secure messaging solutions that along with protecting PHI, also provide organizations with more benefits to their workflow. HIPAA messaging solutions are able to provide greater security at a relatively low cost, helping healthcare organizations fill in these gaps in communication without risking the unwanted exposure of PHI to cyberattacks.
Workarounds like the De-identification process on standard texting apps fall short in so many respects, it’s time for healthcare organizations to welcome more efficient solutions. Using technology to our advantage can help improve overall workflow, communication internally and with patients and lessen the chances of serious and costly errors.