A new initiative currently being trialed aims to enhance and improve communication between healthcare professionals. Medigram is an app of sorts whose aim is to provide HIPAA compliant secure text messaging between healthcare professionals.
Currently, the primary method of contacting a physician is via a pager which is generally only one way communication.
Furthermore, there are often issues such as trying to find a phone which means that the current system is relatively inefficient.
Having recognized this, the team at Medigram have designed a mobile app which they hope will revolutionize communication.
The free app brings HIPAA compliant group text messaging between doctors who are signed up to the service. Medigram is currently in closed beta with physicians at Stanford Hospital, Lucille Packard Children’s Hospital and the Palo Alto VA Hospital.
The system is designed to be accessible from a range of devices including iPhones, laptops and Android. The central feature of Medigram is the HIPPA compliance which means that patient data can be safely discussed over text. This is similar to the fact that FaceTime is also HIPAA compliant.
Medigram note their vision whereby no patient is harmed by a missed phone call or a lost page. They aim to make medical information quickly and easily transmissible from one health care provider to another whilst enabling patient data to be available anytime, anywhere. Furthermore Medigram want to provide the platform that allows health care teams to stay connected and thus improve patient care.
Medigram’s security policy notes:
Medigram strives to provide the highest level of information privacy and security. Our technology and policies are fully compliant with the HIPAA security and privacy rules as well as Subtitle D of the ARRA HITECH Act. We follow all industry best practices for security and privacy including using SSL connections between our mobile application and our servers to provide industry leading security. In addition we use NIST approved 256-bit AES encryption to secure all chat data. This ensures that your PHI and PII remains secure and private.
Not so sure how FaceTime is hipaa complaint.
Hipaa compliance involves more than just encrypting data.
A lot of it is process oriented.
If you’re using FaceTime in a closed/secure hospital network between providers, then you’re definitely falling within the realms of security. You’re right about the process: “iPad supports WPA2 Enterprise to provide authenticated access to your enterprise wireless network. WPA2 Enterprise uses 128-bit AES encryption, giving users the highest level of assurance that their data will remain protected when they send and receive communications over a Wi-Fi network connection.”
If you’re trying to FaceTime with someone on an unsecured network then I suspect that this may not fly.
Does anyone from the hospital side have any thoughts on FaceTime or messaging? Would love to hear how the institution side feels about this?
I’d be a little concerned about using FaceTime for any PHI. As you say, it’s possible to secure it, but there are a lot of ways that could fail if not used properly. I don’t expect FaceTime to implement proper controls for it either. HIPAA is not and won’t be their focus.
I love secure text messaging though since a text message can be so valuable to physicians. I prefer http://www.docbeatapp.com/ to the one mentioned in this article because it is a full communication suite including advanced call routing, transcribed voicemails, and eventually could include various clinical messaging.
We’re still just at the start of the secure mobile health messaging revolution that will take place. It’s going to happen though.
I see nothing in the details of this app that would lead me to believe this is “HIPAA compliant”.
Where do these text messages live?
Who has access to them within the commercial company?
What logging is done and reported so I know who accessed my text messages?
Where are these text messages backed up?
What is the data retention policy for these text messages?
How long are they saved?
What is the deletion policy?
Under what circumstances can these text messages be released to third parties?
The concerns you raise are procedural and not really technical – but then again that’s really what HIPAA is.
I’m sure most companies that call themselves HIPAA compliant or secure have these policies in place (EMR’s, etc.), they are not that hard to figure out.
Medigram itself is currently in private beta, so we will see when it’s fully released.
We looked at several ‘HIPPA compliant’ text and email apps for smartphones and tablets due to our hospital administrator catching several doctors texting patient info. We ruled our Medigram and a couple others that use FaceTime since we felt they fail HIPPA compliance. We also looked are large MDM systems like Entrapoid and Aruba, since they were expensive, hard to implement and the doctors didn’t like the intrusiveness of them. In the end we did find a closed network secure texting app that is truly HIPPA compliant (Tigertext) and have been using it for 3 months now. Private beta is a little scary, since it is not much of a proven record, and what Entrapoid and Tigertext have are 100′s of installations and a good performance history which is critical for making for IT decisions.