DirectTrust Launches Effort for Secure Instant MessagingNew Initiative Focused on Developing IM Standard for Healthcare
DirectTrust, best known for creating and maintaining the Direct protocol-based security and trust framework for secure email messaging in healthcare, has kicked off a new initiative to develop industry standards for secure real-time instant messaging.
The goal of DirectTrust's Trusted Instant Messaging+, or TIM+ initiative, is to create a secure instant messaging standard for diverse healthcare providers to communicate with each other, as well as with patients, DirectTrust says in a statement on Tuesday.
A healthcare industry specific secure instant messaging standard "is critical to eliminating the risk of violating HIPAA and other privacy regulations, and for the storing and sharing of protected health information," says Scott Stuewe, DirectTrust president and CEO in the statement.
The latest move by DirectTrust - a non-profit, vendor-neutral industry alliance - to propel development of a healthcare industry standard around secure instant messaging comes as the federal government continues to push for advancements in nationwide secure, interoperable health data exchange (see What's in HHS' New Plan for Nationwide Health Data Exchange?).
Instant communication and electronic collaboration tools are increasingly critical means of information sharing within and among healthcare provider organizations.
However, coordinated care for patients often relies on real-time collaboration among individual healthcare providers across multiple institution that use diverse electronic health record systems and other communication technologies.
The TIM+ initiative aims to create "a standards-based secure and trusted instant communication network that can easily grow dynamically and at scale, both within and across organizational boundaries, and can overcome the security and privacy challenges of today's digital healthcare environment," said DirectTrust alliance member Greg Meyer, a director and engineer at health IT vendor Cerner Corp. in a statement.
The Direct messaging protocol today provides specifications for a secure, scalable, standards-based way to send encrypted health information directly to known, trusted recipients over the internet. However, the current version of the protocol facilitates the simplest form of health information exchange involving secure email.
In the effort to develop an instant messaging standard, DirectTrust says it is also issuing a call for participation in the "TIM+ Consensus Body," a group of healthcare industry stakeholders that will help finalize development of the TIM+ standard, policies regarding the standard's use, and assist with its ongoing maintenance.
DirectTrust says potential benefits of a TIM+ standard include "integrated workflow" so that participants using the instant messaging can continue working within their own health IT platforms, while also being able to communicate with users on diverse health IT platforms from other vendors.
Workflow is a concern in using instant messaging in healthcare settings, notes Phil Curran, chief information assurance and privacy officer at Cooper University Health Care in Camden, New Jersey.
"I see this type of [instant messaging] collaboration extremely valuable, especially in emergencies, research or underserved rural areas," he says. "My concern is for workflow so organizations will have to develop work plans prior to implementation."
Some commercial products today offer secure instant messaging, but aren't necessarily geared specifically for use in healthcare settings, some experts note.
For instance, Cooper's IT department has deployed Cisco Jabber for internal use at Cooper University Health, Curran notes.
"Jabber allows for secure phone, IM, video and WebEx collaboration wherever we are located on all our devices. Jabber has a softphone for laptops and apps for Android and iOS. I have been on conference calls with Jabber on my iPhone and could instantly go to a WebEx to share information or send an IM to someone to join the call," he says.
However, for widespread use of secure instant messaging across the healthcare sector, health industry standards are important, he notes. "If the technology is being used or going to be used, yes, we need standards."
Protecting Patient Information
Curt Kwak, CIO at Proliance Surgeons, a large surgical practice in Washington state, offers a similar perspective. "We have to constantly think about how we can protect our patient information communication better," he says.
"Having a very secure, but standard method of instant messaging - or any messaging - will help everyone do things more consistently and also work off a same standard to make things better as you go," he says.
"This in turn will help improve the trust and security of the information shared between a provider and his or her patient."
Fast and Easy, But Secure?
But not everyone is convinced that the increasing use of instant messaging in healthcare necessarily intensifies the need for specialized security standards.
"I don't see why security aspects of messaging protocols should be any different in healthcare - although features may be customized to the healthcare industry," says Kate Borten, president of privacy and security consulting firm The Marblehead Group. "But anything that raises the level of security in apps used by healthcare is good."
The use of texting among healthcare workers has become common due to its speed and ease, Borten adds.
"But as more and more secure messaging apps become available - some specifically aimed at the healthcare provider market - organizations should adopt one or more, and then explicitly ban use of any other messaging app for confidential communications, including but not limited to protected health information," she says.
"Today, there's no excuse for texting patient-related information in an unsecure way."