Getting the Message, Securely

June 13, 2013
Secure messaging is of critical interest to physicians in how they communicate with each other and with their patients. CIOs and other healthcare IT leaders speak about what they are hearing from their clinicians, and what they are doing to meet their requirements.

As healthcare IT leaders are grappling with the many changes taking place under healthcare reform, communications technology continues to charge ahead. And this is to the good, opening up new possibilities in the ways physicians can communicate with each other and with their patients, both inside and outside the hospital IT enterprise. Many of the innovations are tied to healthcare reform as well as broader consumer trends, in the form of, for example, the increasing availability of patient portals in hospitals and the ever-widening array of smartphones that are being embraced by many physicians.

Broad Drivers
Harry Greenspun, M.D., senior advisor for health transformation and technology at the Washington, D.C.-based Deloitte Center for Health Solutions, observes that secure messaging is a broad trend that encompasses consumer and physician preferences, as well as payment issues. “Messaging is used everywhere, in every industry,” he observes. Using the retail industry as an example, he says that consumers are interested in the model where instant messaging is really an adjunct to features such as links and photos that provide a more robust consumer experience.

Harry Greenspun, M.D.

He also notes that secure messaging is really in its nascent stages in healthcare, a situation he attributes to the current payment structure: after all, doctors can’t bill for an IM conversation, he says. That could change as the industry move forward on an accountable care model, where secure messaging can help increase patient satisfaction and reduce costs, he says.

He expects messaging to become more financially viable, especially in communication between physician and patient, but also sees plenty of potential in provider-to-provider communications. “With the move toward accountable care, there is a much bigger requirement for care coordination across providers and across care setting,” he says. The ability to use secure messaging and coordination of care among providers can provide a competitive advantage for those groups, he says.

Jason Taule, corporate information security and privacy officer in the Civil and Health Services Group at the Falls Church, Va.-based CSC, agrees. As consumers, patients want greater responses, more accurate data and more information about their own health, he says. “They want to be more involved in the process.” Secure messaging technology has allowed patients to play a bigger role in the patient-provider relationship, he says.

In his view, the game changer has been the availability of data that can be captured and provided in real time whenever it’s needed. That’s the paradigm in which secure messaging is the enabling technology in appropriate care settings, he says. “Most of us would agree that the emergency room is not where we should be providing primary care. As one possible alternative we can now consider home health solutions, given the availability of medical devices that capture information and report it back.”

Provider Organizations Weigh In
Experiences on the part of providers vary. Advocate Health Care, Oak Brook, Ill., is in the early stages of implementing a patient portal as a way for physicians to communicate with their patients, which went live in January of last year. The organization has been rolling out the portal gradually to its employed physician groups, and currently has 20 physician offices using it and about 50 physicians who are actively enrolled with some of their patients. Only about a dozen of those physicians are heavy users of the portal, according to Mike Delahanty, Advocate’s vice president of applications.

Delehanty says he has observed some reticence on the part of physicians to take advantage of the patient portal, because they suspect that it will take up too much of their time. “In fact, it’s probably more convenient to do it this way, because the physician can leave a secure message and the patient gets it when he wants; they don’t have to play phone tag.” Despite its relatively slow uptake, Delahanty sees potential for the patient portal. One of the hospital’s more immediate goals is to use the portal to schedule appoints and fill out forms. “We believe that making more information available to the patient is good for everybody,” he says.

The University of Rochester Health System, Rochester, N.Y., has embraced secure messaging among physicians and between physician and patient. In our institution, they are very different,” says CIO Jerry Powell. “We are really moving electronic communication through our patient portal,” he says. The hospital uses MyChart as the patient portal solution, which is a component of its electronic medical record (supplied by Epic Corp., Verona, Wis.).

The patient portal has been in use for about a year as part of outpatient Epic deployment in the hospital’s cancer center. Powell estimates that the portal is being used by about 28 percent of the patients there. Overall less than 20 percent of the patients are using it system-wide, although he expects a rapid uptick in the next 12 to 24 months, after it is deployed for all of the hospital’s outpatient services in May.

Powell adds that the main motivation for the hospital to implement the patient portal is better patient care and patient satisfaction from being more involved in their care. “We’ve seen a lot of interest in this area, and we think expectations are going to grow in this area of patient-provider communication,” he says.

David A. Krusch, M.D., the hospital’s CMIO, says the primary focus of the patient portal has been patients with cancer and chronic diseases such as asthma, high blood pressure, and diabetes. “People who are followed for continuity of care purposes tend to be very vigilant about keeping up with results,” he says. He adds that from his personal perspective as a physician, the patient portal has been “tremendous,” because it takes a process that would have been synchronous and makes it asynchronous. “Based on how well it fits into my workflow or my nurse practitioner’s workflow or my partner’s workflow, I can review the information and, if I feel comfortable with it, push it out to the patient. I do that when it works for me, and the patient does it when it works for him,” he says

As far as physician-to-physician communication, Powell says the health system’s 1,000 internal physicians communicate either through the hospital’s EMR or through a secured email system that is separate from the hospital’s wider email network. The secured email is available to providers and other health systems in the wider community.

Powell adds that the hospital system does permit physicians to bring in mobile devices, but requires that the devices be registered with the hospital’s IT department and encrypted. As new technologies and new devices become available, the hospital reviews them to apply existing policies or develop new policies to maintain data security, Krusch adds. Mike McClure, the hospital’s chief information security officer, notes that many of the new devices have inherent features that allow the hospital’s IT department to implement necessary security measures.

Charles E. Christian is CIO of Good Samaritan Hospital in Vincennes, Ind. He describes an ongoing project there—which is still a work-in-progress—known as Unified Communication, which will expedite the process in which caregivers can contact one another. He envisions a notification system that will alert clinicians that a lab report is ready for review, and will provide a way for the recipient to acknowledge that he received the notification, or to forward the notification to another specialist. If there is no response to a message within minutes, it will resend the message to a back-up recipient.

Charles E. Christian

As a fail-safe, someone will be responsible for making sure that the proper notifications take place. “We can’t 100 percent depend on technology, because there are too many places where technology can break down,” he says. He adds that the same communications platform can be used for a variety of purposes, including meeting notifications or disaster notifications.

Clinicians’ View
Timothy Burdick, M.D., is a family medicine physician employed by Fletcher Allen Health Care, Burlington, Vt. As a practicing physician, Burdick says secure messaging has been helpful in improving transitions of care. “The advent of electronic health records that are enterprise-wide has made the issue much less of a problem,” he says. At Fletcher Allen, the messaging to the physicians takes place through PRISM, which is the hospital’s name for the EHR system (supplied by Epic Corp.), which has been live for about three years. Fletcher Allen went live with PRISM on the inpatient side in January 2009, and ambulatory clinics went live over the course of 2010, according to Burdick.

As the primary physician, he receives an automated message when the patient is discharged from the ED or from the hospital. If that patient requires a care team of specialists, those clinicians receive the message as well. “That lets us see the medication list and see the discharge summary. It gives us the knowledge that this patient has had some event in their medical treatment recently that we need to pay attention to. It’s been a huge advantage,” he says.

Physicians who are not employed by the hospital but who are on the medical staff of the hospital also have access to the EHR, Burdick says. In addition, physicians who are not on the medical staff have secure read-only access to the EHR; that third piece extends to physicians in Fletcher Allen’s catchment area, which includes across northern New York, Vermont, New Hampshire and Massachusetts.

The system has been particularly helpful for patients with chronic illnesses, which typically are the heaviest users of the healthcare system, from the ED to the hospital and various ancillary services.  Having all of that information in one place “prevents miscommunication that would lead to worse clinical situations for those patients,” Burdick says.

For physician-to-patient communication, Fletcher Allen offers MyHealth Online, which went live in June 2011. Burdick says Fletcher Allen has been gradually rolling out the system, and estimates that Fletcher Allen has about 10,000 patients signed up so far. Most patients use the system to review information such as their medical history, medication list, and immunization history, he says.

Burdick says he is somewhat selective in whom he offers MyHealth Online. “I ask about three-quarters of the patients I see and about three-quarters of those have an interest in signing up,” he says. Of the patients who are given an access code, about 80 percent create an account within the next two months.

In Burdick’s view, all of this bodes well for team-based care that is the concept of the patient centered medical home. “If we can get all of the providers across the care team on the same platform, then not only can we share the medical records, progress notes and medication lists, but there is also a messaging tool embedded in most EHRs,” he says. “It’s getting direct patient feedback to the patient portal. We can track the responses over time in a graphical flow sheet to see the trend in the EHR. It allows the patient to receive the right care from the right person on the treatment in the right timeframe. That’s the epitome of the patient centered medical home,” he says.

There are some interesting secure messaging developments outside the enterprise as well. Eric M. Hoenicke, M.D., is a cardiothoracic surgeon with a physician practice in Austin,Texas. He has been using a HIPAA-compliant mobile messaging platform (from Austin-based DocBookMD) to share medical information with his clinician colleagues for about three years, soon after it was first developed. The application is offered free to physician members of county and state medical societies.

Hoenicke says he initially used the app as a directory of his colleagues and now uses it for HIPAA-compliant messaging of text and images. One typical way he has been using it: “If a cardiologist sends me a consult about someone who needs a bypass procedure, I can go into DocBookMD and say I looked at his patient and here are my thoughts,” Hoenicke says. In his view, the power of the DocBookMD tool is that it can be used to send text messages as well as images in a HIPAA-compliant fashion, in which both the text message and the image stays on the DocBookMD platform.

In his specialty, Hoenicke says he has used the platform to share X-rays or CAT scan images of cardiac catheterizations and echocardiograms. While he says the images are helpful in deciding how to approach a patient early on, Hoenicke acknowledges that not every hospital has the capability to make images viewable from remote locations. He has shared images on his iPhone, and says the quality of the images is quite good. “I see this as a useful tool for sharing multimedia,” he says. So far, he adds, the widespread use of the app has been somewhat limited, but if everyone gets involved and uses it, the program works very well.”

How Secure?
All of the CIOs interviewed for this article say security is a top concern. Charles Christian of Good Samaritan Hospital says, “The number one thing we have to be aware of is the security piece.”  The hospital employs Microsoft Office Communicator that allows text messaging in a secure fashion. Within the enterprise, physicians also communicate with each other through secure email. The hospital uses a solution that scans emails for certain types of information and will encrypt messages that may contain protected health information.

Jerry Powell, CIO of the University of Rochester Health System, says the organization is moving toward the use of virtual desktops, “where we are becoming agnostic to the actual device being used but still protect the environment.” He adds that if messaging itself is not secure, there needs to be a different way to provide that information. One possibility is providing a notification that the information is available, and requiring the recipient to log in to the EMR to access it.

Sponsored Recommendations

Data: The Bedrock of Digital Engagement

Join us on March 21st to discover how data serves as the cornerstone of digital engagement in healthcare. Learn from Frederick Health's transformative journey and gain practical...

Northeast Georgia Health System: Scaling Digital Transformation in a Competitive Market

Find out how Northeast Georgia Health System (NGHS) enabled digital access to achieve new patient acquisition goals in Georgia's highly competitive healthcare market.

2023 Care Access Benchmark Report for Healthcare Organizations

To manage growing consumer expectations and shrinking staff resources, forward-thinking healthcare organizations have adopted digital strategies, but recent research shows that...

Increase ROI Through AI: Unlocking Scarce Capacity & Staffing

Unlock the potential of AI to optimize capacity and staffing in healthcare. Join us on February 27th to discover how innovative AI-driven solutions can revolutionize operations...