Secure Messaging in the Healthcare Setting

Secure Messaging in the Healthcare Setting

Attention: open in a new window. PDF | Print | E-mail

Direct Secure Messaging:

Hospitals, physicians, laboratories, pharmacies, long-term care facilities and other institutions are successfully using direct secure messaging (DSM) to exchange patient information electronically in a secure manner. Soon, DSM will replace insecure methods such as fax, courier and mail services for healthcare communication and information sharing between parties. But what exactly is direct secure messaging? How does it work, and how can it help my healthcare practice?

DSM Defined

In 2010, the Direct Project launched as part of the Nationwide Health Information Network to establish technical standards for the secure exchange of health information electronically. EHR and PHR vendors, medical organizations, integrators and other IT providers have participated in the project since its inception, and continue to update and improve the standards. The goal of this federal project is to create a secure, scalable and standards-based method for the exchange of Protected Health Information (PHI).

Unlike standard email messaging, DSM uses specific message and file encryption protocols set in place by the U.S. government for transmission in a healthcare setting. Thus DSM has an added layer of security and identity verification as compared to regular email communication. DSM uses separate sender and recipient addresses to send via a virtual DSM network.

Direct messaging services are provided by a Health Information Service Provider (HISP). HISPs are organizations that serve as secure trust agents – helping health care providers manage the security and transport functions for the message on behalf of the sending and receiving parties. HISPs must complete specific accreditation and be compliant with criteria objectives in order to serve as trust agents on behalf of their clients. HISPs use back-end technology to provide secure and reliable transport of communications to a direct recipient using required digital certificates, encryption, verification and other standards that help to ensure authenticity and confidentiality.

Why is DSM important?

DSM has become a crucial way for healthcare providers and staff to better support patient care. It enables them to:

  • Securely send and receive patient records electronically with another provider
  • Handle referrals, summaries and transitions of care electronically with ease
  • Order or communicate lab and test results and reports electronically
  • Participate in per-to-peer discussion and collaboration in a secure environment

More importantly, direct secure messaging:

  • Allows for the safe transmission and protection of patient health information
  • Addresses gaps in transitions of care
  • Reduces manual and other workflow costs within the practice
  • Eliminates reliance on mail-based and fax communication
  • Reduces errors and duplications related to patient records
  • Helps providers fulfill meaningful use requirements for transitions of care

DSM and Meaningful Use

Aside from the secure transmission and communication, many providers want to know how DSM can help them meet important meaningful use Stage 2 requirements for transitions of care, and thus help them qualify for incentive payments under these criteria. According to Measure 1 of CMS guidelines, eligible professionals must provide a summary of care record for 50 percent of patient transitions and referrals of care, and must use secure electronic messaging to transmit it for more than 10 percent of such transactions.

Using DSM may be one way for providers to take advantage of the incentives that CMS offers hospitals and other eligible providers.

Setting up DSM Services

Direct Secure Messaging can be set up on the institution’s side using many different IT interfaces, depending on the health care institution’s current system. These can include email, mobile applications, cloud-based applications, portals, EHRs and HIEs. A healthcare IT consultant and integrator like CoreTech could help a provider get HISP technology in place and integrated into the organization’s daily workflow. Part of this process could include:

  • Mapping and analyzing current workflow and determine needs for DSM
  • Evaluating options for HISPs and determine options needed
  • Managing server and installing necessary software
  • Modifying daily workflow within the organization
  • Training staff on the use of the DSM services

If a healthcare organization has the need for DSM to communicate with external parties but lacks the technology to coordinate with a HISP, a consultant like CoreTech could act as a middleman to link two parties for enabling secure communication.

DSM and Practice Workflow

Integrating direct secure messaging into your current workflow doesn’t have to be intimidating, and can actually improve your office’s efficiency tremendously. In the pre-DSM world, a provider handled a patient referral by writing a script on a notepad for the patient in order to set up an appointment. The doctor or staff would then manually send information via mail or fax to the referring doctor. Once DSM is added into the workflow, patient and referral notes are added into the system before the patient arrives, and this information is sent securely electronically, so there is no need to worry about whether or not the information was received in time.

Adding DSM into your workflow can be as simple as working it into the current process. With the help of an IT consultant like CoreTech, the once-manual process can be converted to an electronic one, and integrated into your EHR or other system, with little impact on your existing technologies and workflow. Once you have identified and mapped the areas of your workflow that will require or become impacted by DSM, you can train your staff to incorporate a modified version of that process that works easily with your current system.

Once you start using direct secure messaging in your practice, you’ll begin to see the benefits of having a reliable and secure way to communicate with colleagues regarding patient health information, and realize the efficiencies and benefits gained from your improved workflow.