Important Considerations for your Mobile Health Program
Mobile Health (mHealth) is a general term used for the use of mobile phones and other wireless technology in medical care. Common uses are:
- Health promotion and disease management promoting healthy behaviors
- Treatment compliance, such as appointment reminders
- Emergency response and disaster management
- Data collection
- Point-of-care support
The most successful form of mHealth communication is text messaging; however, it’s important to consider the language, age, and literacy of your target population. An ideal mHealth program will incorporate both SMS text and phone messaging seamlessly delivered according to the recipient’s language (calls to languages with a low written literacy) or by device type (calls to landlines, texts to cell phones).
An in-depth study on mHealth was conducted by King County Public Health in Seattle, WA.
This study identified four different available options:
- Use a fully hosted vendor solution.
- Commercial Off-the-Shelf (COTS) solution. Your agency houses the physical infrastructure needed to support the COTS application.
- Develop an in-house SMS application. You would contract with an aggregator (SMS Gateway) to transport messages to the carriers.
- Develop your own application and operate as the SMS Gateway.
In summary, the King County study found that options 2 and 3 cost approximately 20% more than the first option and require available IT staff. Option 4 is not feasible, due to excessive cost (in excess of $4 million over five years).
Choosing an mHealth Vendor
Since a fully hosted vendor solution is the recommended option for an affordable mHealth program, you need to be careful when selecting a vendor.
The following is taken from 6 must-read tips on SMS Broadcasts and how to pick the right vendor for your business.
When it comes to choosing your SMS broadcast provider, don’t let the dollars drive the decision-making. Here, we share tips on what to look for to ensure your SMS messages are not only delivered, but deliver the results you want.
Cheaper providers might provide you with the means to deliver budget SMS communications, but unfortunately that’s where the good news ends. When it comes to SMS providers, the less you pay, the more you compromise on reliability, speed of delivery, customer support, and issue resolution times.
- Reliability
Reliability is a top priority for SMS broadcasts, so the first factor you should consider when weighing providers is how reliable, scalable, and secure the platform is. Look for an uptime guarantee.
- Message delivery
With any communications, you want your messages to get through with minimal hurdles and delays. So when you pay for an SMS delivery service, at the very least you should expect your messages to be delivered at the right time to the right people. However, the less you pay for your service, the less chance there is of this happening the way you want.
Look for a provider with direct connection to all US carriers, as this will provide faster delivery speeds. The better the provider, the higher the percentage of delivered messages will be.
- Scalability
While you might start out only sending a couple of thousand messages per month, as you realize the success rate of SMS communications and as your business grows, your messaging needs will increase. Look for a provider whose platform handles large messaging volumes and can support your future requirements.
- Support
An established provider will give you access to a responsive support team, preferably with round-the-clock support. This means you can expect any issues to be resolved quickly and properly, letting you focus on what you do best.
- Account management
Going hand-in-hand with customer support is the provision of dedicated account management. When choosing your provider, look at the additional services they offer beyond just a platform, like expert advice and account management.
- Industry expertise
If the provider ticks all the above boxes for your business, check if they have the industry experience and expertise you need. Some research will quickly tell you how many customers they have, how long they have been delivering Broadcast SMS in the industry, and the status of their reputation. This is just as valuable as the technical capabilities outlined above and will ensure you choose the right mobile messaging provider for your business.
Message Size and Phone Number for Display
Many agencies have a lot of information they wish to deliver to the text recipient, particularly when delivering important “what to bring” information to WIC recipients. The TCPA Declaratory Ruling of July 2015 clearly states the messages must be concise (for calls, generally one minute or less, and for texts, 160 characters or less). This makes it important to select a vendor with a lengthy history of working with WIC to draft text messages which fit the character limitations. Non-English texts, such as Spanish, use more words to deliver the same message and many languages use Non-Western characters, which use two spaces for every character.
Dynamic Caller ID is a desirable feature for your call deliveries but this is not allowed for broadcast SMS. Broadcast SMS from an Applications Provider to a person is called A2P. In the US, A2P messages are required to use a 5- or 6-digit Short Message Code versus the 10-digit Long Code.
Legality of Sending Text Messages
WIC is exempt from HIPAA, which means you are not required to collect written permissions before transferring PHI to a third party according to the HIPAA Omnibus ruling. The TCPA has also determined that calls and texts to cell phones from Public Health are not considered an “annoyance” and are not subject to written authorization. A method to opt-out of messaging is required. For most local and state agencies, this means you are legally allowed to deliver treatment compliance–related messaging, such as appointment reminders and nutritional outreach messaging to promote healthy behavior. As an added security layer, most choose to carefully script messages so they do not contain PHI, as nobody can ensure the security of the SMS message once delivered to the recipient.
State law will supersede the ruling if it is more restrictive. Some WIC agencies are part of entities subject to HIPAA. In these cases, you will need to work with a vendor who is capable of managing your state’s required method of authorization, i.e. written or electronic. If your agency is part of a HIPAA non-exempt entity, a Business Associate Agreement would then be required between your agency and the vendor. Written consent would be required if PHI will be transferred to the vendor. In all cases, the vendor needs to maintain a high level of security to protect the client data.
Security
Beware of vendors who simply state they are HIPAA Compliant. Compliance not only encompasses the physical security of the PHI transmitted to the vendor, but also the PHI included in the messages drafted by you as part of a covered entity. It is your responsibility to be collecting/documenting the proper written authorizations when required and to not send PHI through mHealth channels when not authorized. The vendor’s (Business Associate’s) responsibility involves the physical security of the PHI after transmission and a requirement to properly respond to a breach. “Guidelines for a Compliant Business Associate” states: “Under the regulation, a breach occurs only when PHI is unsecured. For this reason, CEs (Covered Entities) may consider requiring that the BA (Business Associate) employ technologies that render PHI unusable, unreadable, or indecipherable to unauthorized individuals that are consistent with guidance from the National Institute of Standards and Technology (NIST) and OCR.”
NIST Compliance Benefits
The initial benefit of NIST compliance is that it helps to ensure an organization’s infrastructure is secure. NIST also lays the foundational protocol for companies to follow when achieving compliance with specific regulations such as HIPAA or FISMA.
It is very beneficial to ensure your chosen vendor’s security is modeled after NIST standards. For more on what to look for in a vendor’s security, please see Data Security, HIPAA and Cloud-Based Automated Messaging.