A Deep Dive into Secure Messaging Technology

HIMSS Analytics

As laptops, smartphones and other personal devices become the norm in our hyper-connected world, it's no surprise that secure messaging has been gaining ground in the healthcare industry. Secure messaging technology enables healthcare staff to communicate via secure platforms to maintain compliance with HIPAA, HiTech Act and Joint Commission requirements.

Without a secure messaging solution in place, many providers may resort to texting about patient care via SMS or other unsecured channels, risking HIPAA violations, data breaches and fines. Considering the steadily-rising threat of hospital data breaches, the amount of protected patient health information going through these unsecured channels is an issue that needs to be addressed. Although adoption rates at U.S. hospitals are still fairly low — as of this year, adoption is just over 8 percent — secure messaging is a technology that will likely become an essential tool for coordinating patient care moving forward.

Technology Deep Dive: Secure Messaging

Low Adoption Rates Mean High Potential for Vendors

HIMSS Analytics began tracking secure messaging as one of our 200+ technologies in Logic in 2016, and we've seen adoption rates steadily rise. There's still a tremendous amount of greenspace in secure messaging right now, offering ample opportunity for vendors looking to break into this market. For vendors seeking growth opportunities, it's important to note that the secure messaging market share is led by Epic (35.96 percent), Imprivata (16.08 percent), Spok (14.33 percent) and Cerner Corporation (12.57 percent).


The question then shifts to which hospitals are really ready to buy?

Purchase Plans and High Prospective Buyer Score (PBS) Indicate a Growing Market

Eleven U.S. healthcare delivery organizations have indicated they have purchase plans to buy a secure messaging technologies, either for the first time or as a replacement for their existing solution, and many U.S. hospitals seem likely to buy in the near future. Currently, 123 hospitals have a Prospective Buyer Score of 4 or 5, the highest star-rankings organizations can have, indicating higher propensity to purchase according to the proprietary peer-comparative algorithms of HIMSS Analytics.  Vendors have immense potential in this market, one that is difficult to ignore.


In the past, EHR vendors have not integrated secure messaging very successfully. Now, vendors have the opportunity for matching their other solutions with secure messaging and offering it as a bolt-on solution to providers. Providers should be able to discern important, life-or-death alerts from ones that are merely informational. To prevent gaps in clinical communication, there shouldn't be much downtime in the implementation period either.

Secure Messaging Installation Led by Small, Not-for-Profit Hospitals

The vast majority of U.S. hospitals with installed or plans for secure messaging solutions are small, Not-for-Profit organizations. Just over 70 percent of the hospitals with installed or planned secure messaging technology have 250 beds or less, and only 16 of these 477 hospitals are For-Profit.



There could be several reasons. One of which may be that smaller hospitals are at the sweet spot for adopting new technology; in larger hospitals, it's more difficult to gain buy-in for new technology because most decisions are made by a committee. Smaller hospitals, on the other hand, tend to have fewer decision makers.

Additionally, there are differences between Not-for-Profit and For-Profit hospitals. For-Profit hospitals, for example, have to straddle the line between providing excellent patient care and turning a profit. They may not see secure messaging technology as a priority, because it doesn't have an obvious, immediate impact on the bottom line — but when the risk is being hit with a HIPAA fine and scarring the hospital's reputation due to a data breach, it may be cheaper to invest in secure messaging sooner rather than later.

The Security and Privacy of PHI is Everyone's Responsibility

Nothing's likely to change regarding people's propensity for using their personal devices at work. In this digital age, it's a fact of life. Regardless, providers can't make the mistake of texting protected health information without thinking about compliance; it's a dangerous, fineable offense.

The rise in data breaches is increasing the focus on securing patient data, and secure messaging technology is a key component of that. Along with secure messaging, Bring Your Own Device (BYOD) policies should be implemented to avoid further security risks. As communication technology becomes increasingly close and convenient, it becomes the responsibility of everyone involved — not just IT personnel — to take the privacy and security of patient data into mind.