- Who is SureText messaging for? SureText is for healthcare professionals who provide or faciliate care for patients. These include doctors, nurses, pharmacists, paramedics, physiotherapists and so on, who use smartphone messaging to communicate quickly and conveniently to provide timely care for their patients.
- In Australia, why do healthcare professionals need a purpose-built messaging app? When exchanging health information, clinicians need to meet privacy and data handling requirements to comply with the Privacy Act 1988, applicable State and Territory Legislation and AHPRA’s Code of Conduct. SureText understands the legal obligations and the users’ context (i.e. how clinicians typically use messaging at work) to provide a robust solution.
- Why are end-to-end encrypted apps like WhatsApp or Signal not suitable for clinical purposes? To summarise, end-to-end encryption is not the only legal requirement when it comes to exchanging digital clinical information. Other requirements involve storing such information as part of a medical record, in specific ways and for specified durations.
- When clinicians message each other via generic apps (like iMessage) are they in breach of legislation? Most clinicians inadvertently breach relevant legislation when they use such apps while intending to provide timely and effective care. We believe the commonest breach is in health information (e.g. photograph of a wound or ECG or report) not becoming a part of the patient’s medical record, followed by accidental transmission of messages to the wrong recipient. We know smartphone messaging has for most part improved patient care. However, generic consumer apps introduce additional risk as they do not address the requirements of data storage and record keeping.
- What are the possible consequences of breaching laws governing health information? Under the Privacy Act, health information has additional protections as ‘sensitive information’. An individual found liable of privacy infringements could be fined up to $340,000. This fact is a surprise to most clinicians.
- How does SureText enable clinicians to practice safe and secure messaging?
- Proprietary end-to-end encryption in rest and transit
- Content is stored on Australian-only servers so that they are subject to Australian privacy laws
- All messages are deleted from user devices and servers after one week
- Photos are captured and stored temporarily only within the app to ensure separation from photos in other camera or photo apps. This prevents inadvertent sharing or uploading of clinical photos to generic cloud servers.
- Control access to the app with your iOS device passcode (e.g. Face ID)
- How does SureText enable clinicians to store health information they have sent and/or received? Users are required to register their work email address so that all messages can be archived there. SureText servers automatically send the messages to the user’s email account every day, using encryption in transit. Depending on the hospital’s or clinic's medical record system, these messages can be downloaded from email and filed electronically, or printed and filed as hard copy.
- What happens if a user does not register an email address with SureText? Without an email address, SureText cannot send messages for record-keeping or future reference. If a user happens to be the sender of a photograph for example, they may have a greater legal obligation to store that photo in a medical record. Automated email archiving has the benefit of future reference which can be critical in medico-legal contexts. As all messages are deleted from devices and servers at one week, email archiving is necessary for storing information. SureText is communication tool, not a medical record solution. Think of us as a secure courier service rather than a filing cabinet.
- Why does the ‘online/offline’ function feature prominently (It is a Home Screen Quick Action and is visible in-app on the Messages page)? Two reasons - We believe the convenience and ubiquity of messaging makes it difficult for clinicians to ‘switch off’. Clinicians need to be able to protect their personal time by going offline. Secondly, clinical messages need to be treated like ‘handovers’ or ‘referrals’ even if they aren’t always the case. Being able to go offline when one is unavailable ensures that messages are not left in limbo. This protects all parties (the sender, receiver and the patient in concern).
- Why does SureText only connect colleagues one-on-one and not as a group? SureText intends to replace the use of one-on-one text messaging of clinical information via generic messaging apps. The risk of group messaging is the lack of clear transfer of responsibility (think of handovers or clinical status updates). However, messages can be easily copied and forwarded to other colleagues for their information. For those interested in the underlying psychosocial theory, look up diffusion of responsibility.
- When a colleague is offline why can’t I draft and send a message for them to read when they return online? SureText assumes all clinical messages are time critical. If a colleague is offline they are indicating that they are unable to act on any message they receive. This ensures critical messages are not left unread and unresolved. In a way, this replicates a telephone system (without a message bank) - either a colleague can take a call or they can’t.
- Can SureText notifications be muted or hidden if a user does not want to be disturbed? If a user wishes to not be disturbed, they can easily go offline until they are ready to receive messages again. Being online indicates the availability to read clinical messages and the ability to act on them if necessary. Notifications cannot be muted when online as we assume all messages are time critical.
- Why does SureText need an internet connection to display messages? Our encryption technology requires an active internet connection to ensure that only the relevant verified user can access, decrypt, and display the content within their account (like a banking app).
- Why is SureText on iOS only? For purposes of security we have chosen to make an iOS-only app at the moment. We know this limits our user base and we will consider other operating systems as technology evolves to provide higher levels of security.
- Who are SureText and where are they based? SureText Pty Ltd was founded by Dr Alex Chaudhuri and is based in New Farm, Brisbane. The app was developed with the fine techies at Creative Intersection in Paddington, Brisbane; it is penetration tested by Red Cursor in Sydney and hosted on Microsoft Azure servers in Sydney.