A Whitepaper by Amtelco

miSecure Messages:

A Secure approach

To Healthcare Messaging

miSecureMessages: A Secure Approach To Healthcare MessagingWhitepaper

immediately recognized and responded to. If a user is unavailable, they can turn the app off in order to stop receipt of new notifications; their “off” status is indicated to anyone attempting to send them a message.

Viewing the message automatically creates a read receipt, which is returned to the MSM Web service. That means in many cases, physicians don’t have to respond to the message if it isn’t urgent. Once the message is read, recipients can then select from a list of predefined reply messages or can enter a custom reply. The replies are also sent securely.

miSecureMessages is integrated with

both AMTELCO’s Infinity automated call distribution and unified messaging system and the company’s Intelligent Series software and modules (including their cloud-based application). Secure messages can be sent and received from one or both of these innovative methods. Messages sent from app users are processed by the MSM Web Service, which is installed on a web server. Messages sent from Infinity and IS are processed by the MSM Service installed on the applications’ server and passed to the MSM Notification Service on the Web server.

The solution works on both cellular data and Wi-Fi-based wireless networks, and provides an unlimited alphanumeric character display for messages, as well as an unlimited number of messages per user. Users can message colleagues directly (device to device), and even send messages to entire care teams.

The solution is protected using encryption. The application can require a passcode to open the app. If a mobile device is lost or stolen, a network administrator can deactivate the individual miSecureMessages license remotely. This protects patient data without requiring a complete remote wipe of the mobile device. This way, once the device is recovered, users still have access to all of their personal data and contacts and can begin using the secure messaging solution again.

rotecting electronic patient health information (e-PHI) has become even more critical as the healthcare industry slowly transitions away from paper-based

processes and into a more connected, electronic delivery model. Patient privacy and security is front and center in the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH).

That includes the transmission of patient information commonly shared via email, text messages, and pagers at hospitals, clinics, and physician practices. Traditional approaches to messaging among healthcare providers often fail to meet the requirements of the current laws, leaving patient data vulnerable and providers liable for potential HIPAA violations. Healthcare providers need a messaging solution that is secure, reliable, and immediate to ensure compliance and to improve patient satisfaction.

The HIPAA Privacy Rule and HIPAA Security Rule address the technical and nontechnical safeguards that providers (Covered Entities) must have in place to secure e-PHI, including the administrative, technical, and physical security procedures for ensuring the confidentiality, integrity, and availability of the data.

HITECH, which was passed in 2009 as part of the American Recovery and Reinvestment Act, contains specific incentives for information technology to be used in healthcare, widens the scope of privacy and security protections available under HIPAA, and increases the potential legal liability for noncompliance. Covered Entities and their Business Associates must comply with both sets of regulations and ensure that e-PHI is protected in transit and at rest. Providers are expected to protect against reasonably anticipated threats to security and impermissible

uses and disclosures. They also must ensure compliance with these procedures by their workforce. Failure to protect e-PHI can result in extremely costly fines levied by the Office of Civil Rights (OCR). The OCR performs random audits of healthcare organizations and their business associates, and breaches can also be reported to them. A recent study found that over the past two years the average economic impact of a healthcare organization’s data breach was $2.4 million. (Ponemon Institute)

Currently, many healthcare providers still rely on paging systems to send messages to staff members. But pagers are a 1950s technology that is quickly being phased out and rendered obsolete by smart device technology. That’s why some hospitals have transitioned to SMS text messaging and email, which staff members access on their mobile devices.

None of these communications methods is intrinsically secure. Pagers and mobile devices can be lost or left unattended, allowing unauthorized parties to access messages or emails. Even a doctor handing his phone to his son to play a game can potentially create a HIPAA violation if a patient-specific text is accessible on the device.

Providers are moving to consolidate devices and provide a single, consistent messaging platform that doesn’t use outdated technology. AMTELCO’s 1Call Division has developed a HIPAA-compliant messaging solution, miSecureMessages (MSM), which enables healthcare professionals to send fully encrypted messages to any smart device, ensuring security and privacy while leveraging technology that most physicians and staff members are already using. This technology can reduce costs, improve

service to patients, and improve messaging efficiency in the process.

miSecureMessages: A Better ApproachAMTELCO has more than 38 years of experience developing safe and reliable communication solutions, and its 1Call Division is devoted strictly to developing healthcare-specific applications that are in use at hundreds of hospitals, clinics, and physician practices. In addition to miSecureMessages, 1Call offers a full suite of solutions, including on-call scheduling, appointment scheduling and reminders, call center and switchboard services, call logging and recording, and physician answering service systems.

miSecureMessages is a secure notification application, available in both on-site and cloud-based configurations, that sends encrypted messages to Android, Apple, Windows, and BlackBerry-based smart phones and tablets. This allows physicians and other staff members to access, read, and respond to messages quickly using a secure transmission method.

Message dispatchers access AMTELCO’s base solution, select the MSM contact method icon next to the recipient’s name, type a message, and then send it. When a message is sent, the MSM Notification Service sends a notification through the Android Cloud to Device Messaging (C2DM) service, Apple Push Notification Service, Windows Push Notification Services, BlackBerry Enterprise Server (BES), or BlackBerry Internet Service (BIS) to the appropriate device.

Recipients are notified about incoming messages via customizable visual and audio alerts, and they can view the messages through the miSecureMessages app via encryption — the messages themselves are never actually downloaded onto the smart device.

The MSM application issues a specific and persistent alert until the message is read. The secure messages can override the device’s settings with custom visual and audio alerts so important messages are

Unlike traditional phone-based messaging solutions, the system does not send SMS text messages. The messages do not pass through a third-party cellular provider (which is the case with SMS texts), and there are no associated messaging fees. The solution simply pushes out notifications that messages have been received. The messages themselves live only on the server and never pass onto the device.

The solution can be installed behind the corporate firewall, an option that is appealing to those organizations that want to maintain more control over data transmission and storage. It also can be deployed as a 100 percent cloud-based solution. The latter option can save time, cost, and labor hours that would otherwise be dedicated to deployment and support of the solution and its associated server.

In addition, AMTELCO provides 24-hour support along with a large network of service providers to ensure the reliability of the solution, providing a prompt response for any outage or other service issue. Extensive documentation is available on how to install and use the application.

The company has a team of dedicated developers for each mobile platform so that the application is optimized for use on Android, Apple, Windows, and BlackBerry devices. These same developers also work to make continuous improvements to the product so that end users receive the most benefit from the solution.

Because AMTELCO offers a full line of communications products for the healthcare industry, miSecureMessages can be easily integrated with a number of other tools, including the Infinity Call Center & Switchboard application and the Intelligent Series (IS) suite. The IS suite includes a number of modules, including directories, on-call scheduling, call scripts, reporting, dispatching, and intelligent messaging.

Secure Messaging, Reduced CostsUsing miSecureMessages can ensure

compliance with HIPAA and HiITECH security and privacy requirements by providing a unique user ID for each staff member and maintaining data integrity and privacy via end-to-end SSL encryption. All messages can be password protected at the device and app levels, access to the application can be remotely disabled, and no patient data is stored on the smart devices.

The solution makes it easier to establish that patient data remains secure, while also providing a fully auditable record of all messages, as required by the Joint Commission (JCAHO).

Hospitals lose on average $8.3 billion each year due to using pagers and other outdated technologies (Ponemon Institute). MSM can reduce the cost of hospital communications. First, staffers can get rid of their pagers and use their smart phones and tablets (devices they likely already carry) to manage work-related communications, which further reduces the cost of IT and administrative support for multiple devices. The average cost of a wide-area pager is approximately $9/month per user, and if an organization is using a two-way paging system, the cost is even higher. Compare that to the lower cost of miSecureMessages, which not only provides two-way messaging as part of the base solution but also allows users to message more than 100 recipients simultaneously.

Because detailed information is available in the secure messages, hospitals can even reduce the amount of overhead paging in the care environment, reducing

PA Whitepaper by Amtelco

miSecureMessages: A Secure Approach To Healthcare MessagingWhitepaper

About AMTELCOAs a leading provider of innovative communication applications for more than 38 years, AMTELCO has its roots in the early 1950s when its founder, William J. Curtin, invented and patented solutions for his call center. With AMTELCO systems currently in operation in all 50 of the United States, and in more than 20 foreign countries, AMTELCO customers process millions of calls each month. AMTELCO is well-known in various industries for continually developing innovative solutions designed to streamline communications, all backed by AMTELCO’s superior 5-star service and support.

The 1Call Division of AMTELCO is recognized as the leader in development and implementation of applications designedfor the specific needs of the healthcare marketplace. 1Callfeatures a complete line of modular solutions specifically

designed to streamline enterprise-wide communications, conserve an organization’s limited resources, and make them tremendously efficient, helping them bring wellness to their members and their bottom line.

For more information on AMTELCO’s miSecureMessages Apps, contact AMTELCO at (800)356-9148, email info@amtelco.com, or visit https://www.misecuremessages.com.

“noise pollution” levels and improving conditions for both patients and staff.

The solution also improves messaging response times. One customer pilot study found that with traditional paging, it took an average of 2.5 minutes to send a message and obtain a response from the recipient. Using MSM, the same process took just 34 seconds. If a typical hospital sends out 2,000 pages per day, that would be nearly 67 staff hours per day in saved time, or more than 24,000 hours per year. At an average hospital wage of $20/hour, that could lead to nearly $0.5 million dollars per year in labor savings. That total increases to over $1 million of savings annually when the result of reduced patient discharge times is also factored in.

Faster responses also mean that patient-related issues are handled more efficiently, without the need for time-consuming phone calls and note taking. Doctors can spend more time with their patients and reduce patient discharge time by 50 minutes (Ponemon Institute). All the information physicians need is available

directly in the messaging solution so that they can respond quickly and completely from the application on their devices. If devices are

lost or stolen, providers can avoid HIPAA violations and their monetary penalties by simply deauthorizing the app, and hospital liability is reduced because caregivers are less likely to miss their messages or fail to respond to messages.

If the solution is integrated with existing database solutions, providers can even improve access to EMR, decision support tools, and medical references using the mobile app.

MSM can enable improved operations across the hospital. For example, Capital Health in Halifax, Nova Scotia, is using the solution to enable a porter services application that has improved the efficiency of the hospital porters. Before, porters carried pagers. If someone needed a porter, they would call a central dispatch number to place an order. The dispatcher would write down the details and send a message to the pager. The porter would then call in to get those details.

Using miSecureMessages, all of the details of the order can be sent directly to smart devices that have been issued to the porters. Those placing orders can enter their own notes, which has made the dispatch process more efficient. Porters can better organize their calls since they

can see all the details of each order at once. The porters also are leveraging their devices to send messages to each other to better coordinate their activities. They are even using the built-in cameras to take photos of broken equipment.

ConclusionThe adoption of new healthcare technology is only going to accelerate, and ensuring that e-PHI is secure and private will be an increasingly important and challenging task. Hospitals and other healthcare providers that want to move away from outdated and costly paging solutions have had limited alternative options. Many rely on SMS text messaging or email solutions that are unencrypted, vulnerable to data breaches, and don’t really provide any efficiency or operational improvements over the paging systems they are replacing.

miSecureMessages not only provides a secure, fully encrypted replacement for traditional paging, it also enables new functionality that can improve patient care, streamline messaging procedures, improve productivity, and reduce costs. And it accomplishes all of that via mobile devices that most staff members already carry.

A Whitepaper by Amtelco