Skip to content Skip to navigation

Study: Majority of Healthcare Orgs Risk HIPAA Non-Compliance with Consumer Messaging Apps

November 10, 2015
by Rajiv Leventhal
| Reprints
Just 8 percent of healthcare institutions prohibit consumer messaging apps for employee communication, according to a recent study from Chicago-based Infinite Convergence Solutions, Inc. 
What's more, only one in four healthcare institutions who have an official mobile messaging platform are using an internal, company-authorized app. The rest are recommending or using consumer-facing messaging apps and services that do not provide the enterprise-grade security needed to comply with regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), the research found. 
The study, which surveyed 500 professionals across multiple sectors, also found that employees in the healthcare industry use mobile messaging more frequently than voice calling for their business communication, where they most frequently communicate with colleagues. The immediacy of the information employees need to communicate matters most when they are deciding whether to use phone, email or mobile messaging to reach someone.
However, 51 percent of healthcare employees say their company does not have an official mobile messaging platform, despite the fact that 92 percent of these employees would use a company-wide mobile messaging platform if their employer decided to implement one. Sixty-four percent said it would make communication at their job easier, as well.
Of the 49 percent of healthcare employees who say their employer has an official mobile messaging platform, 16 percent say that platform is GChat and 11 percent say it's WhatsApp. What's more, even without an official mobile messaging platform, healthcare institutions recommend employees use consumer mobile messaging apps. None of these messaging apps or services typically follow HIPAA guidelines for messaging security.
"The global healthcare industry is under strict privacy and security regulations to protect patient information, but our study finds that the vast majority of healthcare institutions are not using mobile messaging services that are compliant with these regulations," Anurag Lal, CEO of Infinite Convergence Solutions, said in a press release statement. "Healthcare employees communicate inherently sensitive information, like patient prescriptions, medical information, etc., yet their employers do not have the proper mobile messaging security infrastructure in place to adhere to HIPAA or other regulatory requirements." 


McKesson Unveils New Paragon Electronic Health Record Platform

McKesson Enterprise Information Solutions (EIS) announced the latest release of Paragon, its electronic health record (EHR) solution.

Catholic Health Initiatives and Dignity Health are in Merger Talks

Englewood, Colorado-based health system Catholic Health Initiatives is in merger talks with San Francisco-based Dignity Health to potentially create one of the largest nonprofit health systems by revenue in the country.

OSU Wexner Medical Center Receives AHIMA Grace Award

The Ohio State University Wexner Medical Center (OSUWMC) received the American Health Information Management Association (AHIMA) annual Grace Award in recognition of its leadership in health information management.

Kansas Health Information Network Expands its Network across State Lines

The Kansas Health Information Network (KHIN) has announced that it is expanding its horizons, and is now connected to Health Information Exchange Texas (HIETexas).

CMS Selects Vendor to Modernize Critical Identity Infrastructure

The Centers for Medicare & Medicaid Services (CMS) last week announced it had selected San Francisco-based vendor Okta to enhance the security of its information systems.

Mayo Clinic, ASU Partner for Medical Education, Healthcare Innovation

The Mayo Clinic and Arizona State University have announced a partnership centered on transforming medical education and healthcare in the U.S. through a variety of innovation efforts.