Study Finds Majority of Healthcare Institutions Risk HIPAA Non-Compliance by Using Consumer Mobile Messaging Apps for Communication

Employees in the healthcare industry say their employers allow using consumer messaging apps, like iMessage, Skype, Facebook Messenger and WhatsApp, for communication with colleagues

A study released today by Infinite Convergence Solutions, Inc., finds only 8 percent of healthcare institutions prohibit consumer messaging apps for employee communication. What’s more, only 1 in 4 healthcare institutions who have an official mobile messaging platform are using an internal, company-authorized app. The rest are recommending or using consumer-facing messaging apps and services that do not provide the enterprise-grade security needed to comply with regulations, such as the Health Insurance Portability and Accountability Act (HIPAA).

“The global healthcare industry is under strict privacy and security regulations to protect patient information, but our study finds that the vast majority of healthcare institutions are not using mobile messaging services that are compliant with these regulations,” said Anurag Lal, CEO of Infinite Convergence Solutions. “Healthcare employees communicate inherently sensitive information, like patient prescriptions, medical information, etc., yet their employers do not have the proper mobile messaging security infrastructure in place to adhere to HIPAA or other regulatory requirements.”

Healthcare employee messaging habits vs. official messaging polices

The study also found that employees in the healthcare industry use mobile messaging more frequently than voice calling for their business communication, where they most frequently communicate with colleagues. The immediacy of the information employees need to communicate matters most when they are deciding whether to use phone, email or mobile messaging to reach someone.

However, 51 percent of healthcare employees say their company does not have an official mobile messaging platform, despite the fact that 92 percent of these employees would use a company-wide mobile messaging platform if their employer decided to implement one. Sixty-four percent said it would make communication at their job easier, as well.

“We are seeing a rapid adoption of mobile messaging in healthcare as the industry looks to work faster, improve patient care and reduce wasteful spending,” said Lal. “The problem is that many healthcare institutions are not aware that the messaging apps and services that are popular for daily personal use do not follow the administrative, physical and technical safeguards that HIPAA requires.”

Of the 49 percent of healthcare employees who say their employer has an official mobile messaging platform, 16 percent say that platform is GChat and 11 percent say it’s WhatsApp. What’s more, even without an official mobile messaging platform, healthcare institutions recommend employees use consumer mobile messaging apps, like iMessage or Skype. None of these messaging apps or services follow HIPAA guidelines for messaging security.

“We’ve found that 91 percent of healthcare employees use mobile messaging at least a few times per week for business communication,” said Lal. “Healthcare institutions need to get serious about meeting their employees’ needs and providing a secure, internal messaging platform that not only allows HIPAA compliance and also replaces outdated communication systems, like pagers, in order to increase productivity and serve patients faster.”

Infinite Convergence will be at mHealth Summit in Washington, DC on November 8-11 to discuss the findings from its survey. Visit booth #1416 for additional information and the complete mobile messaging study for healthcare results.

To download an infographic regarding these findings, click here.

For more information about the study, here is a PDF with the complete findings.