HIPAA-Compliant Messaging

Interview with President of TigerConnect, Itamar Kandel

HealthIT & mHealth: Can you give me some background information about tigertext?

Itamar Kandel: We started tigertext almost six years ago; we identified a problem with the market where doctors and clinicians were adopting smartphones at a much higher rate than almost any other segment of the population. They would bring their cellphones to the hospitals and use them as one of their main channels of communication. Instant messaging was such an easier form of communication than emailing, faxing, paging, or communicating through the EHR systems. SMS fit into exactly with what providers wanted to do. There is a much higher likelihood to get ahold of a doctor if you have their SMS phone number. We identified two key elements that providers have cellphones and they are bringing them to workplace, using them as a communication channel. To add to that, the SMS method of communication was completely not HIPAA compliant. Meaning, it is not authenticated, it is not encrypted and it lived forever on the cellphone network. That was a huge liability for the hospital. The origin of the company was really let’s try and solve that problem. The way we solved it was that we created our own HIPAA compliant and encrypted messenger that was very similar to WhatsApp, iMessage and other chat clients. Tigertext messages do not live forever on the server, messages self-destruct within a certain period of time.

That is version one of the company, creating the messenger with all the current healthcare regulations supported. So far it has been a successful product; today we are the biggest vendor in the market. We are in about five-thousand facilities around the country. Four to five of the largest healthcare systems in the country are our customers including: CHS, UHS, Barnabus, Geisinger, Multicare and Tenet. For those facilities, we basically come in and install the closed-network communication system that allows clinicians, technicians and nurses to communicate in a very easy, but HIPAA compliant secure way.

HealthIT & mHealth: Do the hospitals typically need custom setups for messaging?

Kandel: Yes and no. The system itself is so simple, it is a messenger, everyone knows how to use a messenger. We are a cloud-based company so there is almost no hardware at the clinic or hospital. The configurations are also very straight-forward. That said, that leads me to the next iteration of our company. We have opened our APIs and started working with other systems like EHRs and EMRs such as: Epic, Cerner, Allscripts and Meditech. We have also done integration with scheduling and lab systems. Here’s an example of how the integration with the Cerner EMR works. A physician orders a blood test for a diabetic patient to test their glucose levels. The lab technician conducts the test, then enters the results into the Cerner EMR and the EMR immediately triggers a notification because the results are abnormal. This notification is then securely sent to the physician’s cell phone via TigerText containing the actual lab results along with any other pertinent patient information. Without this integration, the long lag time between the blood test and the physician seeing the results could be potentially life threatening, but with the tigertext integration, it’s almost instantaneous – about 13 seconds on average.

HealthIT & mHealth: How do you integrate with the EHRs? Is it by HL7, XML, CCD ect?

Kandel: Every vendor has a slightly different integration structure. For example, with Cerner we integrated right on the SMTP pipe. Cerner had sent emails that way previously and now they can send text messages utilizing the SMTP pipeline. With Orion’s HIE product, we integrated directly with their Rhapsody Integration Engine. An ACO, Scottsdale Health, a client of Orion, created specific workflows with tigertext to lower readmission rates. The new workflow enhanced discharge procedures, which translated into an incredibly low readmission rate.

HealthIT & mHealth: Do the devices that run tigertext need to be encrypted?

Kandel: We work well with BYOD devices because the app is self-contained, so no information is ever saved on the phone and lives on the HIPAA compliant server. Therefore, the issue of phone encryption is not as important. The messages are encrypted in transit from the server to the app, a full end-to-end encryption. The hospitals have the ability to remotely wipe all the information in the app on the phone and perform forced log outs. In addition, there is a PIN lock on the app to for security.

Leave a Comment

Your email address will not be published. Required fields are marked *