What To Ask Before Choosing a Secure Messaging Vendor

Presently, over 100 vendors are already competing in the fast-growing secure messaging healthcare space, and every year, new entrants emerge. Therefore, it’s important to determine which solution meets the most strategic and operational needs of your organization.

To identify the best possible fit, define your secure messaging organizational priorities and outline several uses cases which can also be utilized for on-site demonstrations from each vendor you’re interested in. Many vendors are also willing to provide free pilot periods to test their products and services. Once you’ve narrowed it down to a few vendors, it’s important to speak with each to get an idea of whether their solution can meet your needs.

On the left is a chart illustrating some of the current market leaders, which include TigerText, Imprivata, Vocera, Voalte, Spok, and others.

Of course, each organization is going to have a different set of needs, making it critical that leaders properly vet them.

To identify the right secure messaging vendor for your organization, try asking these questions:

1. Is the solution HIPAA Compliant? Ensure the solutions meets all the needs of administrative, physical, and technical safeguards that have to be in place to ensure the integrity of PHI in transit.
2. Does the solution have persistent alerts to guarantee recipient does not miss the message? Does the solution have priority messages with unique tones and alerts, to provide context?
3. Does the solution provide delivery confirmation and a read receipt?
4. Does the solution have group care team functionality and alerts? Can it truly integrate across the entire lifecycle of an entire care team (front desk, lab, radiology, RN, MD, NP, pharmacy etc.)?
5. Does the solution have integration capabilities with leading EHR-EMR vendors? To what capacity can they integrate? Will it integrate with patient monitoring equipment, such as ventilators and heart monitors, to help clinicians monitor patient vitals while mobile?
6. Does the vendor also provide a desktop version of a secure messaging solution? The ability to securely message from a desktop or laptop to a phone and back, might be a critical use case to consider?
7. Provide an overview and demo of all administrative tools and functions. Does it provide access to enterprise directories for messaging?
8. What audit logs and date-time stamps are provided for review?
9. Will messages automatically delete after a set period of time? Having long term PHI information stored on the device can pose a large risk.
10. Can you send attachments, up to what size and type of files (audio, images, videos)?
11. How long are audit logs retained? Are they retained within a separate or shared audit log with other customers? For legal or compliance audits, how quickly can these records be accessed for review? Does remote message wipe exist?
12. What are the administrative functions for the solution to onboard individuals and groups to the secure messaging platform?
13. If it’s a cloud-based vendor, it should show proof of being housed in a top tier data center. Where all data is physically secured with safeguards such as biometric measures, electric power storage and cooling systems? Is the vendor’s data center is SAS-70 Type II certified?
14. Key policy and procedure updates are recommended prior to launching a new secure messaging solution. Can the vendor provide sample policies from other clients?
15. Also ask for key technology infrastructure requirements or recommendations prior to launching a secure messaging solution. For example, wireless infrastructure recommendations throughout the entire organization or in certain areas.

Secure messaging solutions will become one of the most sought after applications in healthcare. However, not all solutions are created equal, and cultural issues remain a real barrier to widespread adoption. The right secure messaging solution will provide more than just a pager-alternative and HIPAA compliance. It will also improve workflow and ensure providers never miss critical alerts and can enhance overall care team communications to better care for the patients being served.