Popular messaging systems such as text messaging and instant messaging that consumers routinely use to communicate with others also are in wide use among healthcare professionals. But new research finds that employees of healthcare providers, such as hospitals or physician group practices, are often sending potentially sensitive patient information through these systems in violation of federal law, finds a new survey from Infinite Convergence Solutions Inc.

Infinite, a Chicago-based service provider of secured messaging services, surveyed 500 healthcare companies in September and October and found that one in four healthcare organizations used a certified encrypted messaging system or mobile app  to exchange information. The problem with using unsecured mobile messaging is that the information exchanged could violate provisions of the Health Insurance Portability and Accountability Act of 1996, or HIPPA, which ensure patient confidentiality to medical records.

“The global healthcare industry is under strict privacy and security regulations to protect patient information, but our study finds that the vast majority of healthcare institutions are not using mobile messaging services that are compliant with these regulations,” says Infinite CEO Anurag Lal. “Healthcare employees communicate inherently sensitive information, like patient prescriptions or medical information, yet their employers do not have the proper mobile messaging security infrastructure in place to adhere to HIPAA or other regulatory requirements.”

Healthcare professionals are big users of mobile messaging while on the job and for doing their job, according to the Infinite survey. 91% of survey respondents use mobile messaging at least a few times a week on the job and just more than one-third—35%—use it daily. But 51% of healthcare employees also say their company does not have an official mobile messaging platform, despite the fact that 92% of these employees would use a company-wide mobile messaging platform if their employer decided to implement one. “We are seeing a rapid adoption of mobile messaging in healthcare as the industry looks to work faster, improve patient care and reduce wasteful spending,” Lal says. “The problem is that many healthcare institutions are not aware that the messaging apps and services that are popular for daily personal use do not follow the administrative, physical and technical safeguards that HIPAA requires.”

The U.S. Department of Health and Human Services, which enforces HIPAA compliance, doesn’t have formal provisions that pertain to mobile messaging. But HIPAA does have formal guidelines that state messages containing electronic protected health information including texting and other forms of mobile messaging must be encrypted, which enhances the security of a message or file by scrambling the contents so that it can be read only by someone who has the right encryption key to unscramble it.


Healthcare professionals have been dealing with electronic medical records and HIPAA compliance for nearly 20 years, Lal says. But mobile messaging is only now becoming a bigger patient privacy worry for healthcare administrators, especially chief information officers, in the last two years, Lal says. “I know one healthcare CIO that took the survey that’s freaked out over the potential for problems,” he says.

Sign up for a free subscription to Mobile Strategies 360, a newsletter reporting on how businesses in all industries use mobile technologies to communicate with and market and sell to their consumers. Mobile Strategies 360 is published by Vertical Web Media LLC, which also publishes Internet Retailer, a business publication on e-retailing.