Your artwork is not HIPAA compliant

Chicago art exhibit displays problems of pager use – Non HIPAA Compliant

At OnPage, we have long rallied against pagers, highlighting the problems they cause when used as a form of communication between doctors. In many blogs and whitepapers, we have described how:

  • pagers are not secure
  • pagers are easily hacked
  • pagers enable the leaking of protected patient information(PHI).

Our goal, in persistently extending this message is to encourage physicians and hospital staff to use secure, HIPAA compliant communications instead of pagers. But little that we write could be as powerful as the art instillation created by Brannon Dorsey called Holypager.

One man’s pager is another man’s art

We read about Dorsey’s exhibit in an article that was forwarded to us. His exhibit, Holypager is designed to intercept all POCSAG pager messages sent in the city of Chicago. Once intercepted, the messages are all anonymized and then printed out at the exhibit on one of three rolls of receipt paper. The display makes for a large paper pile-up for gallery visitors to view.

While this might not be everyone’s definition of art, Holypager does none-the-less seem to always elicit a reaction. People seem genuinely surprised that pagers’ messages are so easily hacked. Perhaps, they think, patient information should be held to a higher level of security.

An artist’s message of privacy

Perhaps as surprising as the ease with which the pages are hacked is the source of the messages. Almost all of the messages are sent between doctors and hospital staff. According to Brannon, messages almost all contain:

  • Patient’s first name
  • Patient’s last name
  • Patient’s date of birth
  • Patient diagnosis

I’m sure visitors to the exhibit expressed thoughts such as ‘Isn’t that sort of information supposed to be protected’? Shouldn’t there be some form of encryption on that information?

Yes, pieces of information like name and diagnosis are clearly PHI. Exchanging the information in a manner which is so easily hacked is a clear HIPAA violation. Doctors are violating HIPAA norms when they exchange this information over pagers rather than using HIPAA compliant messaging.

According to HIPAA Standard 164.306 “doctors must ensure the confidentiality of all electronic PHI they transmit and protect against any reasonably anticipated threats or hazards to the security or integrity of such information”.  As the Holypager exhibit demonstrates the standard of confidentiality is far from maintained.

According to Brannon,

Given the severity of the HIPPA Privacy Act, one would assume that appropriate measures would be taken to prevent this information from being publicly accessible to the general public.

The seemingly obvious answer to Brannon’s assumption is that appropriate measures are not being taken. Brannon hopes to show his results to the hospitals whose pages he has intercepted and let them know they need to embrace more secure messaging methods.

Conclusion

The artist believes that his project is meant to serve as a reminder that as the complexity of digital systems increases, humans don’t always develop a corresponding level of literacy about the systems.

Maybe.

But what I think is easy to get across here is that pagers are a technology whose ship has long ago sailed. Perhaps we’d all be much better off if we recognized the need for our physicians to use and maintain HIPAA compliant communications.

 

OnPage Corporation

Share
Published by
OnPage Corporation

Recent Posts

5 Reasons OnPage Tops the Best HIPAA Messaging Apps List

Choosing a HIPAA-compliant messaging app is rarely about security alone. Healthcare teams need messages that…

2 days ago

7 Secure Medical Messaging Apps Private Practices Trust in 2026

For private medical practices in 2026, secure and efficient communication is non-negotiable. Standard consumer messaging…

3 days ago

OnPage vs PagerDuty for MSPs: Which On-Call & Escalation Platform Wins?

Picking on-call software for a managed service provider is not the same as picking it…

1 week ago

How to Reduce On-Call Burnout in IT Teams

On-call duty is a high-stakes reality in modern IT and digital ops teams. While essential…

1 week ago

Top Mobile Incident Notification Systems for IT Teams 2026

Modern IT incidents don’t stick to a 9-to-5 schedule. System failures, security breaches, and performance…

1 week ago

Route Critical Alerts Evenly and Move Faster from Message to Phone Call

Round-Robin Alert Distribution and Tap-to-Phone Call help teams manage on-call, incident alerting and secure communication…

2 weeks ago