In a conducted last summer regarding the economic impact of ineffective communication in professional health services, findings show that the primary intra-office communication issues listed by healthcare professionals were twofold: the inefficiency of pagers and the forbiddance of text messaging. In terms of security, text messaging historically has not been a viable option for professionals to communicate due to the risk of potentially exposing protected health information (PHI) to security threats. (For instance, most texting platforms are unencrypted.) That said, further show that 80% of providers surveyed are still using their personal mobile devices to access, and often text, PHI insecurely. While that statistic is undeniably jaw dropping, it also is indicative that there is certainly opportunity in the market for secure messaging services— and sure enough, some firms are up to the task.
Late last year, WhatsApp announced the incorporation of end-to-end encryption within their messaging service. The implications of such a move are vast: most significantly, it’s free. There are many HIPAA-compliant messaging services available, such as TigerText or Imprivata’s Cortext, but WhatsApp signals the first cross-platform messaging service that arguably rivals the security measures in place by its competition, but also keeps the price at zero. It’s important to note, however, that WhatsApp’s recent adjustments are, as of yet, only available for Android devices and do not yet include multimedia or group messages. The works to encrypt MMS, group, and iOS messages are still underway.
Apple’s iMessage also offers a certain level of security, but its shortcomings are easily spotted. Due to the ubiquity of the iPhone in the United States, it is easy to overlook the fact that iMessage is an application that only functions between Apple devices. This means that iMessage security is only applicable when messages are sent between iPhone users who have turned on their iPhone’s iMessage capabilities. Additionally, there are certain concerns regarding how secure iMessage actually is in its own right. In an published in Wired, the author elaborates on other security concerns, saying:
“iMessage doesn’t track which devices’ cryptographic keys are associated with a certain user, so Apple could simply create a new key the user wasn’t aware of to start intercepting his or her messages. Additionally, many users unwittingly back up their stored iMessages to Apple’s iCloud, which renders any end-to-end encryption moot.”
Essentially, iMessage is only encrypted end-to-end in the broadest sense (i.e., as the article says, they don’t recognize individual cryptographic keys), thus giving Apple the ability to undermine their security measures internally. Hence, while Apple’s messaging system maintains a level of inherent security, providers and other professionals need to be aware of its potential threats in communicating via the iMessage platform.
To sum up, there is a significant need for secure text messaging in healthcare, and it is encouraging to see firms proactively addressing the field’s need. Education and intentionality, however, remain absolutely paramount—it is the professional’s prerogative to ensure that he or she is accessing or communicating PHI in a format that is HIPAA-compliant in order to mitigate the risk of a breach and to reinforce the commitment to responsibly handling patients’ private health information.