Pagers Putting Hospitals (and Patients) at Risk

With the Kansas City Star article making waves across the nation, there is no excuse for thinking that pagers are still an acceptable option for sending patient health information (PHI). And no one can deny that healthcare workers routinely include PHI in their pages. According to 2017 study by the Journal of Hospital Medicine, nearly 79 percent of 620 hospital-based clinicians said they are provided pagers for communications, while 49 percent said they receive patient care–related communication through pagers.

As the IT worker in the Kansas City Star article demonstrated, anyone with $20 and TV antenna can now easily stumble over or intentionally access PHI. Awareness of the security risk posed by sending PHI via pager has increased nationwide.

What is being done about it?

Red flags should be flying. Not the kind with the white cross in the middle but the kind that indicate “Danger ahead. Stop, or proceed with extreme caution and at great risk!” Using pagers to send patient health information, as practiced today in most healthcare organizations, is unsecure, puts a system at risk for significant HIPAA violations and compliance fines and creates additional vulnerabilities for the patients themselves.

To further emphasize the importance and urgency of action, just last week an administrative law judge ruled that the MD Anderson Cancer Center in Houston must pay $4.3 million in fines over a stolen laptop and two lost USB drives; an amount that cannot be easily ignored.

So the question has shifted from “can we use pagers for sending patient health information?” to “how quickly can we move to an encrypted method of communication?”. Now, more than ever, speed of deployment is of great importance but training, reliability, accuracy, and patient safety cannot be short-changed. Traditionally, changing communication tools, workflows, processes and expectations in a hospital has been more like moving a barge than racing a speedboat. Speed was definitely not a top consideration option. Several high profile incidents have changed this. Speed is now required.

Finding a Balance

So how do you quickly provide a compliant system without jeopardizing patient care?

First, every system must immediately educate employees and providers on acceptable pager use and explicitly prohibit patient health information. Actions must be taken to monitor accountability to the policy. Informal polling often finds that there continues to be confusion over what information is considered PHI and if there are certain situations where it is still “OK” to use the pager for PHI.

Second, an encrypted method of communication must be made available to all providers. This method needs to be a simple solution for quick deployment, but also a robust system that can support increased usage and complex workflows in later implementation stages. The simplest solution will be a download and go mobile communication app, which encrypts in rest and in transit.

Finally, the chosen encrypted method of communication must be easily monitored and provide tools for accountability. Monitoring will need to include real time alerts, escalations and read times analysis in order to ensure the smooth and quick flow of patient care information.

There are many more questions to be asked and issues to be addressed in the months after initial implementation such as questions involving system integrations with call schedule and EHR systems, access points, and adoption by the referral community. These questions may need to work their way through hospitals at a more “normal” speed and will benefit from the deliberate and collaborative ways that change has been traditionally implemented in large systems. Finding that balance is key.

Let us know if you would like to learn more about secure communication alternatives that are designed for physician adoption, to support health system integration and to deliver immediate value.


RapidConnect Helps Hospital Regain Key Cardiac Accreditation

WakeMed takes great pride in delivering world-class cardiovascular care, and has been recognized for doing just that over the years. Its Raleigh campus was the first hospital in the nation to achieve the American College of Cardiology Heart Failure Accreditation’s highest level of heart failure accreditation. In 2015, the hospital was also one of only 319 hospitals nationwide to receive the American College of Cardiology’s NCDR ACTION Registry–GWTG Platinum Performance Achievement Award.

However, in 2016 WakeMed was at risk of losing its American College of Cardiology (ACC) Heart Failure Accreditation after not meeting the ACC’s goal of having 75% of heart failure patients scheduled for a follow up visit within 7 days of a hospital discharge. Initially, WakeMed trained Advance Practice Providers (APPs) to use Epic’s Cadence module to schedule those appointments, but fell short of the 75% target. The biggest gap seemed to come with patients admitted to non-cardiology services and for patients discharged after hours and on weekends. Those patients were leaving the hospital before a follow-up appointment could be scheduled and/or added to their discharge papers.

They consulted with MD Interconnect after learning of the platform’s integration with Epic. Thanks to that collaboration, an automatic message is now sent through RapidConnect when heart failure discharge orders are created in Epic. That message is routed, in real-time, to someone who can schedule a follow-up appointment before the patient is discharged. The average RapidConnect read time for these discharge order messages is now 13 minutes. The heart failure follow-up appointment is quickly scheduled and that information is included on the patient’s discharge summary.

This new RapidConnect order discharge workflow went live in November of 2017. For the first time ever, WakeMed exceeded the ACC goal with a 85.9% appointment follow-up rate by the end of that month. With help from RapidConnect, they regained their accreditation and received a Silver Plus AHA award for that year.

To learn more about how RapidConnect is helping WakeMed increase the number of cardiac follow-up visits, see the complete use case here.

To learn more about how RapidConnect can help you, contact us.


What role does your secure communication solution play in the hospital call center?

With the increased focus on patient satisfaction and its direct link to revenue and reimbursement, it is no surprise that call centers play an increasingly important role for hospitals. The question is, what role should your secure communication solution play in your hospital call center?

We took that question to Lisa Forte, who manages the Call Center at WakeMed Health & Hospitals. With responsibility for three full-service hospitals, more than 900 patient beds and 1,100 staff, Forte’s team fields an average of 75,000 calls per month.

Forte expected to see value from a WakeMed’s new secure communication solution, RapidConnect but was surprised by what it really delivered. By facilitating direct physician-to-physician communication, she hoped the solution would help decrease the number of calls coming through her call center. While she has indeed experienced a 50% decrease in physician-to-physician calls, there are a number of other benefits she and her team have experienced with the help of RapidConnect.

“One of the biggest benefits, is the impact it has had on our communication with the physicians. Historically, call center operators end up being the middlemen between the referring physician and the staff physician. Some physicians simply don’t like to provide the information we need to effectively facilitate that communication, so the operator has to go back and forth between the two. That is not an efficient use of time or resources, is a frustrating experience for everyone involved and can lead to unnecessary delays in patient care,” Forte explained.

“RapidConnect ensures that the right information is sent to the right providers, and also ensures that physicians receive the information in the manner they prefer. That allows the physician to immediately move forward and address the patient’s care, without losing time on time-consuming and frustrating back-and-forth communication,” she said.

Forte is also grateful that RapidConnect has helped the hospital establish one set of guidelines for secure communication. This ensures that everyone follow the same process, that messages are automatically sent to the right people at the right time, and eliminates frustration and confusion about the who, when and how of provider communication.

In the end, Forte believes that RapidConnect has helped her team and WakeMed by:

  • Reducing physician-to-physician call volume
  • Reducing the amount of time it takes to manage each call
  • Improving call center (and other hospital staff) employee satisfaction
  • Expediting patient care
  • Improving patient satisfaction

Has your secure communication solution done the same for you? To learn more, check out the WakeMed case study, request a RapidConnect demo or register for our upcoming webinar featuring Lisa Forte.


Hospital compliance officers must think beyond “security” when it comes to text messaging

Today, hospitals know that they need to find HIPAA compliant communication solutions, but often to struggle to identify the right solution and/or to identify (or agree on) who is actually responsible for finding the right solution.

They are starting to realize that finding the right secure communication solution is more than just a technology decision. With ultimate responsibility for adherence to health care regulatory enforcement and compliance activities, more and more compliance officers are now finding themselves playing a key role in that decision-making process. In that new role, they typically work closely with hospital administrators, IT and physician leaders to choose a solution.

We recently spoke with compliance expert John Finley about this topic. His 15-year career has spanned a number of compliance and regulatory roles at WakeMed Health & Hospitals, CHRISTUS Health, Aetna and the FDA.

Finley says that while there may be some confusion around The Joint Commission’s recommendations, there is no official ruling that prohibits hospitals from using secure texting. He knows that texting is a reality of life, and that it has become a regular practice for physicians. He says that he and probably 90% of his peers support the use of texting, if it’s done in a secure manner and doesn’t result in a breach.

“The bottom line is that physicians are already doing it, and it can help deliver better care to patients. We just need to figure out the best way to support that, while minimizing a hospital’s risk and exposure,” Finley explains.

At a minimum, a secure texting solution should meet a checklist of basic security requirements including:

  • Encrypted at rest and in motion
  • Cloud based – nothing stored on phone
  • Secure messages pincode protected (not just phone code)
  • Ability to remotely wipe if lost/stolen

But, Finley emphasized that he and his compliance counterparts need to focus on more than just security and compliance, when thinking about text messaging technology.

We agree. While checking off a list of standard security requirements is a good starting point, choosing a solution can’t stop there. Hospitals still need to balance compliance and security with overriding business goals such as:

  • Improving care
  • Reducing costs
  • Increasing growth

To support these goals, hospitals should look for a solution that offers a number of other benefits including:

  • Inpatient/outpatient integration
  • EPIC integration – particularly for consult requests
  • Designed to stay compliant with all stark/anti-kickback regulations
  • Flat license fee with ability to broadly distribute
  • Implementation process that actively engages users to promote adoption
  • Offers a solution for physicians in the OR/procedure rooms
  • Message preference routing (includes residents, fellows, mid-level providers)
  • Integrates with nurse duty phones
  • Addresses call center and ED volume issues

Finley also emphasized that technology is only one part of a true secure messaging “solution”, and that hospitals need to implement policies and practices that support the use of these technologies. They are increasingly looking to vendors to help provide these “guardrails for proper texting” and to help them think through a number of “what if scenarios” to ensure ongoing compliance and usage.

It’s also important for hospitals to think about communication outside their own four walls. Implementing a secure communication solution becomes more complicated when it has to be managed across a wider care continuum. Today, hospitals must collaborate with multiple providers and rely heavily on physician referrals. As a result, they need to communicate and share patient information across numerous organizations.

A solution that supports in-hospital communication only or in-hospital workflows only, won’t truly address their communication or compliance needs, and won’t truly improve overall patient care. The right secure communication solution should support communication, collaboration and care coordination across the entire patient care continuum.

If you would like to learn more about how MD Interconnect does just that, or to learn how WakeMed addresses the need for HIPAA-compliant messaging, let us know. You can also read the WakeMed case study here.