Data published in the Health IT Data Brief shows that 92% of hospitals in the U.S. allowed patients to securely message with their providers in 2024. Since 2020, adoption of patient-facing digital tools has accelerated dramatically, and the channel through which patients access those tools has changed accordingly.

Another paper from the brief noted that more than two-thirds of people with a chronic condition accessed their patient portal or online medical records in the past year, as did more than three-quarters of people with a recent cancer diagnosis. A growing share of those interactions are likely to happen on smartphones, not desktop computers.

The volume of secure patient messages is also increasing. One large health system study in Applied Clinical Informatics tracked 948,428 patient-initiated messages from 82,159 unique users and 2,422,114 clinic visits over 3 years and showed that the proportion of outpatient interactions handled via messaging increased over that time.

With more messages comes greater need for attention to how they are delivered and accessed. A secure email experience designed for a laptop screen, small text, navigation flows optimized for mouse clicks, and authentication steps that assume a full keyboard create friction that patients are unlikely to tolerate for long.

 

Friction is more than a usability problem

The Paubox Healthcare Email Security Maturity Index 2026 found that when encrypted email workflows introduce friction, 43% of recipients do not create accounts or log in, 40% return to unsecured channels and 34% of clinical staff bypass encryption to avoid the workflow.

An unsecured message is not a better outcome than a secure message that remains unread because the authentication step was too hard on a small screen. Patient portal research supports that concern, as echoed in one Applied Clinical Informatics study, which found that 3% of clinical messages were unread after 21 days, 13% of sampled unread messages were associated with potential delays in care, and 50% of physician-initiated outreach messages were unread.

In a BMC Family Practice journal article researchers noted, “Patients identified challenges to using messaging, including technological barriers, worry about uncompensated physician time spent responding to messages, and confusion about what constitutes an appropriate ‘non-urgent’ message.” A badly designed mobile interface only adds to the confusion. On the provider side, the administrative and clinical costs mount if a patient struggles to read a secure message, to understand how to reply, or to negotiate an authentication step on a small screen.

 

What a mobile-friendly secure message center requires in practice

The technical requirement is simple enough to describe, but it requires deliberate attention to each step of the recipient's experience. The authentication flow must be responsive so that the input fields, buttons, and one-time code entry forms are rendered clearly and are tappable on small screens without the user having to zoom in. The message view experience should be able to scroll without horizontal scrolling. A well-wrapped message body on mobile with font sizes that do not require zooming allows the patient to actually read the clinical content they received.

The reply experience must work on a phone. A message recipient who has the ability to read a message but has trouble creating or sending a reply on the same device will either wait to respond or leave the thread. Both of these situations lead to operational costs and, in the clinical setting, possible patient safety concerns.

Research on secure messaging in hospitals found that smartphone-based secure messaging was viewed as “a potentially more convenient and efficient mobile alternative,” but the same study cautioned that “patchwork implementation” detracted from perceived effectiveness, supporting the point that secure messaging only delivers workflow benefits when it works consistently across users and access points.

 

The Paubox Secure Message Center update

The Paubox Secure Message Center is the fallback mechanism that activates when a recipient's email environment does not support TLS 1.2 or higher. Rather than delivering the message unencrypted or blocking delivery, Paubox routes the message through this center and notifies the recipient with a secure link.

Paubox has updated the Secure Message Center to be fully mobile-friendly. The changes cover three areas:

  • The multi-factor authentication flows now adapt to mobile screens. Regardless of which authentication option a covered entity has configured (Secure Link, two-factor authentication, or Secure Message Login), the interface renders correctly on small viewports.
  • The message viewing experience is responsive. Recipients on phones can read message content without zooming or horizontal scrolling, and the layout does not break across common mobile screen sizes.
  • The reply experience is functional on mobile. Recipients can compose and submit replies from a phone with the same ease they would expect from any well-designed mobile form.

It is not a new product; it is the Secure Message Center, updated to reflect where patients actually open their email.

 

FAQs

What is a secure message center?

A secure message center is a protected online environment where patients, providers, or other authorized users can send, receive, and access sensitive messages.

 

Are secure message centers HIPAA compliant?

A secure message center can support HIPAA compliance, but the platform itself must include appropriate administrative, technical, and physical safeguards.

 

Can patients reply through a secure message center?

Many secure message centers allow patients to reply securely within the platform. It helps keep the full conversation protected and can create a record of the communication.