How providers use mobile email on the go

The adoption of mobile devices in healthcare settings has surged dramatically over the past decade. A 2021 study found that 99% of surveyed doctors owned a smartphone, with proportions using them for clinical communication and decision support. This represents a substantial increase from 2012, when Sage Journals found that the percentage of health professionals (including physicians) using smartphones rose from 66% to 90%, indicating both the longevity and acceleration of this trend.

The reasons for this widespread adoption are that mobile devices offer healthcare professionals immediate access to information, communication capabilities, and clinical tools, all within a pocket-sized form factor that can move with them throughout their day.

Beyond email, providers use their devices for numerous clinical purposes: 

• Accessing medical reference apps
• Checking drug interactions
• Reviewing clinical guidelines
• Securely accessing electronic health records 

Many also use specialized secure messaging platforms like Paubox Texting, which is designed specifically for healthcare teams. However, email remains one of the most frequently used functions, serving as an important communication hub that connects providers with colleagues, administrators, and sometimes patients.

Read more: Introducing HIPAA compliant texting API by Paubox

How much are providers using their phones for messages?

In healthcare specifically, physicians increasingly use mobile devices to access clinical information and communicate with colleagues and patients. A survey from Boston’s Beth Israel Deaconess Medical Center found a rise in email traffic between patients and doctors over a decade, driven by patient portal adoption and physician responsiveness. This suggests that physicians frequently check and respond to emails on mobile devices, often through quick interactions that integrate smoothly into their workflow without causing major disruptions.

Furthermore, research from Cochrane Library shows that healthcare professionals use smartphones and tablets for a variety of clinical tasks, including communication with nurses and accessing drug and medical research information, proving the central role of mobile email and messaging in clinical practice. The above research reviewed 30 qualitative and mixed-methods studies from diverse healthcare settings and found that healthcare workers frequently use their personal mobile phones to communicate with colleagues, seek advice, and exchange patient-related information, often to bridge gaps in formal communication systems. This informal mobile use enhances flexibility, efficiency, and responsiveness while strengthening relationships among healthcare teams and with patients.

A 2024 study published in npj Digital Medicine analyzing over 1,700 ambulatory-care physicians in New York City found that physicians spend considerable time on “work-outside-work” (WOW), which includes managing patient messages in their electronic inboxes after standard work hours. The study showed that increased volumes of patient medical advice requests (PMARs) raise the amount of after-hours inbox work, with specialists spending more time outside work hours than primary care physicians. This reflects how mobile devices enable physicians to manage inbox overflow during off-hours, blurring boundaries between professional and personal time.

Benefits of mobile email for healthcare providers

Improved communication speed and coordination

In healthcare, timely communication can directly impact patient outcomes. Mobile email enables:

• Faster responses to colleagues, specialists, laboratories, and pharmacies, accelerating decision-making processes and reducing delays in care
• Enhanced care team collaboration, particularly valuable for providers working across different locations or shifts
• Quicker escalation of important issues to the appropriate team members
• Streamlined communication chains that bypass traditional delays
  
  

Accessibility and information on demand

Mobile email provides healthcare professionals with important information exactly when needed:

• Ability to receive and review urgent patient updates or test result notifications without being tethered to a workstation
• Access to emailed documents, clinical pathways, or treatment protocols while on rounds
• Immediate notification of important administrative announcements
• Capability to reference historical email threads during discussions or decision-making

Support for field-based providers

For clinicians who work outside traditional healthcare facilities, mobile email is not merely convenient, it's required:

• Home health nurses rely on mobile communications to coordinate care plans, report findings, and request physician input without returning to a central office
• Visiting physicians and temporary doctors use mobile email to maintain continuity with their various practice locations
• First responders and emergency medical personnel can receive updates and directives via email when other communication channels are overloaded
• Rural healthcare providers use mobile email to bridge geographical distances and consult with colleagues
  
  

Enhanced workflow efficiency

Mobile email access creates numerous workflow improvements:

• Reduction in communication bottlenecks that traditionally slow healthcare processes
• Ability to multitask, such as reviewing non-urgent emails during downtime between patient encounters
• More efficient management of high-volume communications that characterize modern healthcare
• Smoother handling of administrative tasks that can be addressed quickly
• Better workload distribution throughout the day, reducing end-of-day email backlogs

For many healthcare organizations, these efficiency gains translate into measurable improvements in provider satisfaction, administrative productivity, and ultimately, patient care.

Security and HIPAA compliance risks

Despite its clear benefits, mobile email in healthcare presents security and compliance challenges. When not using a secure platform like Paubox, every email containing protected health information (PHI) accessed on a mobile device represents potential risk exposure.

Healthcare providers face numerous security vulnerabilities when using mobile email.

• Lost or stolen devices: A stolen Blackberry device without password protection or encryption at Children’s Medical Center resulted in the loss of 3,800 patients’ PHI. The center faced penalties due to inadequate device security and failure to enforce encryption policies. This case shows the risk posed by lost or stolen mobile devices containing sensitive email access or PHI.
• Unsecured networks: Many providers check email on public Wi-Fi networks in cafes, airports, or other public spaces. Without proper security measures like Paubox, these connections can expose sensitive information to interception.
• Malware and phishing: A Solara Medical Supplies phishing attack compromised the email accounts of 8 employees, exposing the ePHI of over 114,000 patients. 
• Accidental disclosure: Due to another breach, Solara Medical Supplies sent breach notification letters to incorrect addresses relating to the phishing incident above, resulting in the disclosure of the PHI consisting of demographic information of 1,531 individuals. The organization was fined $3 million for multiple HIPAA violations including failure to conduct risk analysis and manage email security risks.
• BYOD challenges: Personal devices used for work email ("Bring Your Own Device" or BYOD) often lack consistent security controls. A survey by Healthcare Information and Management Systems Society (HIMSS) found that while 81% of healthcare organizations permit BYOD in some form, only 46% have formal security policies governing such use.

Learn more: Making Wi-Fi HIPAA compliant

Enforcing multi-factor authentication (MFA) as best practice 

MFA reduces the risk of unauthorized access if credentials are compromised. As healthcare organizations increasingly rely on mobile email access, implementing strong MFA becomes a major defense layer. "As with any new or evolving attack technique, the first step is awareness. Security practitioners need to work with their colleagues across IT to educate them on how MFA bypass kits work and what gaps may exist in their security infrastructure," explains Amy Larson DeCarlo, Principal Analyst for Security and Data Center Services at GlobalData. Healthcare organizations should require MFA for all email accounts accessible via mobile devices and extend this protection to any system containing PHI that can be accessed remotely. The implementation should leverage multiple authentication factors, including biometric options like fingerprint or facial recognition where available, alongside traditional authentication tokens or one-time passwords.

DeCarlo further advises that "all organizations should move away from easily exploited factors, including passwords, one-time passcodes, security questions, and push notifications. Instead, they should implement digital signatures or passkeys." This guidance has become particularly relevant as sophisticated MFA bypass kits have become readily available to threat actors. "Phishing-as-a-Service has gotten more sophisticated, and the kits made available through them difficult for a targeted organization to detect," warns DeCarlo. "The danger for HIPAA-compliant organizations is that cybercriminals can use these kits to capture credentials and session tokens, which in turn can be used to gain access to Personally Identifiable Information of patients and employees."

David Chou, Founder of Chou Group Healthcare Technology Advisory Services, emphasizes the urgency of this protection by stating that "Recent HIPAA updates signal an urgent need to modernize outdated communication systems and fortify cybersecurity defenses. The challenge lies in upgrading 24/7 operational systems without disruption, making it critical for leaders to prioritize multi factor authentication and proactive incident response planning." Modern approaches include using trusted platform modules in devices to support the safe manufacture and ongoing use of public passkeys. As DeCarlo notes, "The private key that authenticates the user is stored on the hardware of an end user's device. It isn't shared so threat actors can't access it. This provides strong protection against phishing and credential theft in general."

FAQs

What is multi-factor authentication (MFA)?

MFA is a security process that requires users to provide two or more verification factors to gain access to an account or system. For healthcare providers using mobile email, this includes something you know (password), something you have (mobile device), and sometimes something you are (biometric verification like fingerprint or facial recognition).

What does BYOD mean in healthcare?

BYOD (Bring Your Own Device) refers to the practice of healthcare providers using their personal smartphones, tablets, or laptops for work purposes, including accessing work email.

What is encryption?

Encryption is the process of converting information into a code to prevent unauthorized access. For healthcare providers using mobile email, encryption protects PHI both in transit (while being sent) and at rest (stored on the device).