While pagers may be seen as an effectively dead technology, there could still be issues arising from their use with protected health information (PHI). Though largely replaced by other messaging devices, some are wondering whether the use of pagers and paging is HIPAA compliant.
Are Pagers HIPAA Compliant?
The HIPAA Security and Privacy Rules require that physical, administrative, and technological safeguards be put in place to protect electronic communications that contain PHI. For use of a pager with PHI to be HIPAA compliant, any messages would need to be encrypted, communications would need to be able to be tracked and logged, and there would need to be a way to remotely delete any PHI from the device, should it be lost or stolen.
Other requirements under the Privacy and Security Rules are the need for user authorization and a time-out function that would log off an inactive user after a certain period of idleness. Pagers could really only be used by healthcare professionals if PHI is left out of all messages. The introduction of the necessary systems to bring pagers up to code could be problematic, and potentially not worth the effort given the ubiquity of smartphones and other, more modern, mobile devices.
Indeed, the shift to smartphones – while they have their own problems and their use must meet the same requirements – has opened up many more possibilities in terms of communicating PHI and increasing efficiency in the healthcare industry.
The Introduction of Secure Messaging Platforms
For those looking for alternatives to pagers and other non-secured and non-compliant methods of communication, the introduction of Secure Messaging Platforms and Applications may provide an answer. Available for download and for use with most desktop computers and mobile devices, these work in much the same way as conventional commonly used messaging tools, such as Facebook messenger or WhatsApp, but with the crucial difference that they can be configured for HIPAA compliant use.
These platforms include a number of features to address the elements we mentioned above that would be needed to make pagers HIPAA compliant and which also apply to other electronic message systems. These tools create an encrypted network that can be used privately within the healthcare organization; users must log in to the tool with a username and password given to them by the administrator; idle devices are automatically logged out; and network activity is tracked to allow for audits to take place. Information can be remotely deleted should a device be lost or stolen and there are protections to prevent data from being copied or shared to insecure areas.
Are Secure Messaging Platforms HIPAA Compliant?
Secure Messaging Platforms can help healthcare organizations and their employees to harness the efficiency and convenience of mobile devices and messaging tools while remaining HIPAA compliant. As we often caution, it must be noted that any technology or device is vulnerable to being misused by a person, even by a trained and authorized person. HIPAA compliance for software, smartphones, or other mobile devices ultimately depends on it being correctly configured and used in a HIPAA compliant way.