Search form

Become a Member Today Sign Up



Department of Otolaryngology – Head and Neck Surgery, Western University, London, Canada: It’s 3:30AM. The tired surgical resident is working a late shift in the Emergency Room, where the endless consultations have piled up all night. “Just one last patient to review”, she thinks to herself. “If only my attending replies back to me,” she says. “Then I can get some sleep.” Rubbing her eyes with one hand, and impatiently drumming her fingers on the table with her other, she stares blearily at the phone, waiting for it to ring.  She had paged her staff seven minutes ago, or was it seventeen…at this point she’s lost count. It feels like forever. If only she could just show her boss the patient’s X-ray and be done with it. She glances at her watch, looks at the phone - still no call back. Why does it take so long to answer the pager?  

“Well forget this,” she thinks. Reaching into her pocket, she pulls out her swank smartphone. With one tap and a few keystrokes she has taken a picture of the patient’s X-ray, typed out the patient’s details, and sent them as a text to her boss. Within seconds the reply arrives. After a few short minutes of typed conversation (using a social media messaging platform), they go over the patient’s condition and proposed management, make a plan, and admit the patient. The surgical resident can finally rest. “A good night’s work is done,” they both say to themselves.
Unfortunately, as they head to bed, they are unaware of the illegalities of their actions. They have just exposed each other, and their hospital, to privacy breach risk as they conducted unsecure communication about confidential health information.  
Pagers are one of the traditional images associated with medical care, and for good reason. For decades, pagers have been clipped to the belts of healthcare professionals, whether they are doctors, nurses, trainees, or others. Yet, this technology is now tremendously antiquated. Alphanumeric pagers are information-poor, cannot share images or videos, and cannot communicate with other devices in real time. Importantly, pages require a sending and receiving phone to work, typically a landline to dial and a second line to answer, leading to the inescapable delay between the two. 
When smartphone technology exploded onto the scene several years ago, the promises of technological advancement were nearly limitless. Texting has rapidly eclipsed phone calls in convenience, speed, and media sharing. It was no surprise that this type of modern communication would make its way into the healthcare world. Offering healthcare professionals unprecedented rich information exchange, including photos and videos, messaging and texting services have largely replaced pagers as the most efficient, and likely the most effective, way for healthcare providers to remotely communicate with one another. 
When providers within the Circle of Care speak in person, and document their notes in a secure manner, the integrity of personal healthcare information is maintained, and the providers remain safe data custodians. This is not the case however when providers communicate remotely, and with the advent of mobile communication technology, has come a double-edged sword. The convenience of smartphone technology, be it for texting, messaging, or recording of other personal healthcare information such as videos or photos, is the very issue that opens providers to severe breaches of privacy.
Patients’ rights to secure handling of their private healthcare information are enshrined in Supreme Court legislation. Standards for the handling of private healthcare information vary somewhat across Canada. They generally follow similar approaches; elements of patient care where sensitive or personal information are documented need to uphold rights to privacy of this information and generally be considered part of the medial record with only those individuals within the Circle of Care having access to it.[i]
Frequently, healthcare providers, as custodians of confidential health information, assume that their patients have given implied consent to share their confidential information with other providers in the interests of receiving necessary care; however, it is unlikely patients are genuinely aware of how this information is being shared. With most hospitals having now adopted policies of allowing providers to use their own smartphones, and mobile technology being used more than ever to share confidential health information, hospital administrators and policy makers need to be better informed as to what technology is actually being used, and in what manner.
Routine texting is unsecure a priori, however, bigger challenges are when social media messaging platforms are used for healthcare information sharing. Several large social media companies have developed apps purported to be secure, and some are even encrypted, but none of these apps meet the standards expected by privacy regulations, including Ontario’s Personal Health Information Protection Act (PHIPA). PHIPA contains clear guidelines with regards to security and data handling of confidential health information, stating that the medical professional must take reasonable steps to ensure that patient health information is protected against theft, loss and unauthorized use or disclosure.[ii]
“Hospitals need to face the reality that providers are using smartphones to communicate sensitive patient information, and that pagers represent outdated technology for all but the most critical types of communication.”
Neither texting nor social media messaging provide the necessary level of security to meet PHIPA standards. In particular, social media messaging is a conundrum. The apps in question (even those from very large companies) were not originally intended to be used for confidential data transmission; rather they have been retrofitted with coding designed to try and keep data secure. Social media messaging apps generally transmit their information through servers outside of Canada (meaning patient information leaves the country), collect information on app users, keep photos or videos active and visible on smartphones, and do not auto-delete. The information flowed through social media messaging services can all too easily be shared with providers or people outside the Circle of Care, including on social networks, and can also be accessed in the event a phone is stolen, lost, or hacked into. All these examples would constitute breaches of privacy under PHIPA, with resulting fines and/or litigation, to say nothing of the ethical issues associated with inadvertent disclosures.
In its guidance to providers regarding the use of social media to communicate about patient care, the Canadian Medical Protective Association explicitly states that physicians should avoid the use of social media for one-on-one discussions about patient care because of the risk of confidentiality breach. Nonetheless, some of the social media messaging services are so ubiquitous, and so easily used that they continue to be routinely chosen by providers to send messages to colleagues about patients. Not only is this unsafe physician practice, but this rampant use of social media puts both patients and hospitals at risk. Hospitals must more stringently enforce bans on social media messaging for communicating about patient care.
Keeping the above in mind, the tremendous benefits of smart phone technology for healthcare professionals cannot be ignored. Studies have indicated that smartphones allow for rapid communication, decision support, and better doctor/patient remote interface.[iii] With respect to tech-savvy individuals, use of smartphones is nearly ubiquitous, and despite regulations to the contrary, changing behaviour is very difficult. Traditional pagers are seen as antiquated technology and insufficient for the demanding needs and time constraints of modern health care. If a way cannot be found for providers to continue to use their smartphones, then the risk of privacy and PHIPA breaches will remain high. Developing apps to accommodate for this evolution in healthcare communication is a costly process, a requirement that hospitals have not shown any interest in pursuing.
An additional factor to consider in this discussion is the cost of maintaining a pager network. Pagers can be expensive, on the order of $10-15.00/month/user.  In the era of stringent financing that our Canadian healthcare system currently faces, these substantial costs can easily mount into thousands of dollars for many organizations, money they either don’t have or can better be spent in other areas. Although a means of contact is considered necessary for healthcare professionals, hospitals now find themselves looking for ways that are cost effective, reliable and secure. Smartphone texting or messaging is the obvious answer, especially for non-critical communications (which account for >95 percent of all pages). Texting or messaging services are either free or very cheap, and over time would aggregate into significant cost savings for cash strapped institutions. If only they were intended for healthcare use, instead of socializing.
Recently a new app has been designed and developed specifically for healthcare and hospital use. PageMe is an app created by Citruvio Communications that is PHIPA compliant. The app meets privacy legislation requirements, keeps all data within Canada on a secure Canadian server, auto-deletes all messages, does not store photos or videos to the user’s phone, and bans screenshots. Messages are secure-socket-link (SSL) encrypted, and require a multi-digit PIN to access. Most importantly, PageMe is not part of social media, and collects no user or content data. This app represents a fundamental change in how providers can communicate with each other, and is starting to replace pagers in Ontario. PageMe allows users to continue the messaging behaviour they are most likely already doing, but allows them to do it in a safe and secure manner that does not compromise their professionalism or put hospitals or patients at risk.
Hospitals need to face the reality that providers are using smartphones to communicate sensitive patient information, and that pagers represent outdated technology for all but the most critical types of communication. Healthcare providers in turn must be aware of their responsibilities as custodians of patient information, to keep it within the Circle of Care, and to avoid use social media messaging platforms to share patient information. Policy is now intersecting with reality when it comes to health information exchange, and it behooves all parties involved to maintain professionalism and follow the law, using services designed for this purpose (such as the PageMe app). Only through such efforts can patient data integrity be maintained while allowing the healthcare sector to reap the benefits of smartphone technology.
Want more information on PageMe? Visit
DR. BRIAN ROTENBERG, MD MPH FRCSC, is an Associate Professor of Otolaryngology – Head and Neck Surgery at Western University (London, Canada), Chief of Division of Rhinology, Residency Program Director, and Director of the Sleep Surgery Program. Dr. Rotenberg is the Chief Medical Officer for Citruvio Communications. His research interests include establishing evidence-based perioperative outcomes assessments for sleep apnea and sinus disease, and facilitating technology use in the modern healthcare environment. Dr. Rotenberg can be reached at bwrotenberg [at] gmail [dot] com.

[i] Personal Health Information Protection Act,  (2004).
[ii] Personal Health Information Protection Act,  (2004).
[iii] Gordon, C. R., Rezzadeh, K. S., Li, A., Vardanian, A., Zelken, J., Shores, J. T., . . . Jarrahy, R. (2015). Digital mobile technology facilitates HIPAA-sensitive perioperative messaging, improves physician-patient communication, and streamlines patient care. Patient safety in surgery, 9(1), 21. doi:10.1186/s13037-015-0070-9.
Kamel Boulous, M., Giustini, D. M., & Wheeler, S. (2016). Instagram and WhatsApp in Health and Healthcare: An Overview. Future Interent, 8(3), 37.
Prgomet, M., Georgiou, A., & Westbrook, J. I. (2009). The Impact of Mobile Handheld Technology on Hospital Physicians' Work Practices and Patient Care: A Systematic Review. Journal of the American Medical Informatics Association, 16(6), 792.