Blog Feed Post

5 Ways to Secure Texting for Physicians

secure texting for physicians

When healthcare security executives were asked what issues keep them awake at night, survey respondents in a Forrester Research study most often cited the misuse of personally identifiable patient information (86 percent). This fear makes sense given that most hospitals still rely on pagers and insecure communication formats like Facebook and GChat.  These formats do not provide secure texting for physicians.

Despite evidence highlighting the problems with pagers, practitioners continue to use these unsecured methods because of their low costs and ease of use. But, use of these formats by practitioners leaves their communications vulnerable to being intercepted or their patients’ data vulnerable to exposure.

Administrators could easily say that best way is to bring on secure communications is simply to avoid these forms of communication and adopt secure communications. But there is more to HIPAA-compliant messaging than simply providing secure messaging. Despite what might be popular lore, secure messaging is not HIPAA compliant. And, more to the point, straight secure messaging does not provide the necessary components to ensure communications are not compromised.

The goal of this blog is to highlight a few of the areas which physician and practitioner communications should encompass to ensure they are truly secure.

#1 Messaging vs. HIPAA-compliant secure texting for physicians

Simply using secure messaging does not ensure HIPAA compliance and provide secure texting for physicians. While encryption is necessary part of secure messaging, it is not sufficient for HIPAA compliant messaging. HIPAA secure messaging refers to several additional protocols which go above and beyond encryption.

HIPAA violations and PHI breaches can be extremely costly. As such, providers of HIPAA compliant messaging need to ensure that the following protocols are implemented to ensure encryption and HIPAA compliance:

  • Ensure that the content of all messages are encrypted in transit and at rest
  • Identify and protect against reasonably anticipated threats to the security or integrity of the information
  • Provide secure hosting for messages
  • Ensure messages can be authenticated so that the recipient is identified
  • Make sure all messages are archived
  • Enable remote wipe so that if the mobile device is lost or stolen, patient information can be deleted from the device. These are some of the main tenets of ensuring HIPAA compliant communications. Admins need to ensure that physicians and other practitioners are not falling into the trap of believing that the messaging they can access through Gchat or Facebook or native texting applications is sufficient.

#2 Ensure administrators are managing device access and password protection

If a physician resigns from the hospital, they will still have the hospital’s HIPAA secure messages on their mobile device. One part of HIPAA compliance is the requirement that messages can be remotely wiped off of a mobile device. If the employee leaves the organization or if an employee’s device is lost, the ultimate defense against a security breach is to remotely delete all data on the device.

Additionally, administrators need to ensure devices themselves are password protected so that if someone picks up the device, this individual is unable to access the messages on the device.

A third point administrators need to ensure is that passwords are strong. Using a password like ‘123456’ is not acceptable. Password rules need to ensure that the password uses a combination of upper and lower case as well as characters and symbols.

#3: Ensure secure attachments for secure texting for physicians

In addition to ensuring messages are secure, secure texting for physicians also requires consideration for the security of the attachments they send along with the messages.

Often practitioners send images, documents or voice recordings along with a message. By using simple email or social media, there is no assurance that these attachments are encrypted. However, these attachments are also governed by HIPAA requirements and are just as vulnerable to interception and cyberattack as straight messages.

By providing for the encryption of X rays or medical records, administrators are able to further ensure the security of healthcare communications.


What hospitals need to adopt to secure their institution against easy-to-avoid cyber-intrusions is a robust, HIPAA compliant messaging application that ensures protections mentioned above.

To learn more about how physicians can secure their communications, download our e-book:  Five Ways to Secure Physician Communications

The post 5 Ways to Secure Texting for Physicians appeared first on OnPage.

Read the original blog entry...

More Stories By OnPage Blog

OnPage is a disruptive technology and application that leverages today's technology and smartphone capabilities for priority mobile messaging. With a top notch history of ensuring uninterrupted communication for businesses and critical response organizations, OnPage is once again poised to pioneer new mobile communications methodology for business and organizational use.

Latest Stories
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection between Coke and its customers. Digital signs pair software with high-resolution displays so that a message can be changed instantly based on what the operator wants to communicate or sell. In their Day 3 Keynote at 21st Cloud Expo, Greg Chambers, Global Group Director, Digital Innovation, Coca-Cola, and Vidya Nagarajan, a Senior Product Manager at Google, will discuss how from store operations...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
SYS-CON Events announced today that Ryobi Systems will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ryobi Systems Co., Ltd., as an information service company, specialized in business support for local governments and medical industry. We are challenging to achive the precision farming with AI. For more information, visit http:...
As you move to the cloud, your network should be efficient, secure, and easy to manage. An enterprise adopting a hybrid or public cloud needs systems and tools that provide: Agility: ability to deliver applications and services faster, even in complex hybrid environments Easier manageability: enable reliable connectivity with complete oversight as the data center network evolves Greater efficiency: eliminate wasted effort while reducing errors and optimize asset utilization Security: imple...
High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them to try out major feature releases and redesigns within smaller groups before making them broadly available. In his session at 21st Cloud Expo, Brian Lucas, Senior Staff Engineer at Optimizely, will discuss how by using...
Transforming cloud-based data into a reportable format can be a very expensive, time-intensive and complex operation. As a SaaS platform with more than 30 million global users, Cornerstone OnDemand’s challenge was to create a scalable solution that would improve the time it took customers to access their user data. Our Real-Time Data Warehouse (RTDW) process vastly reduced data time-to-availability from 24 hours to just 10 minutes. In his session at 21st Cloud Expo, Mark Goldin, Chief Technolo...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lead...
SYS-CON Events announced today that CAST Software will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CAST was founded more than 25 years ago to make the invisible visible. Built around the idea that even the best analytics on the market still leave blind spots for technical teams looking to deliver better software and prevent outages, CAST provides the software intelligence that matter ...
SYS-CON Events announced today that Daiya Industry will exhibit at the Japanese Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ruby Development Inc. builds new services in short period of time and provides a continuous support of those services based on Ruby on Rails. For more information, please visit https://github.com/RubyDevInc.
When it comes to cloud computing, the ability to turn massive amounts of compute cores on and off on demand sounds attractive to IT staff, who need to manage peaks and valleys in user activity. With cloud bursting, the majority of the data can stay on premises while tapping into compute from public cloud providers, reducing risk and minimizing need to move large files. In his session at 18th Cloud Expo, Scott Jeschonek, Director of Product Management at Avere Systems, discussed the IT and busine...
Is advanced scheduling in Kubernetes achievable? Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, will answer these questions and demonstrate techniques for implementing advanced scheduling. For example, using spot instances ...
As businesses evolve, they need technology that is simple to help them succeed today and flexible enough to help them build for tomorrow. Chrome is fit for the workplace of the future — providing a secure, consistent user experience across a range of devices that can be used anywhere. In her session at 21st Cloud Expo, Vidya Nagarajan, a Senior Product Manager at Google, will take a look at various options as to how ChromeOS can be leveraged to interact with people on the devices, and formats th...
First generation hyperconverged solutions have taken the data center by storm, rapidly proliferating in pockets everywhere to provide further consolidation of floor space and workloads. These first generation solutions are not without challenges, however. In his session at 21st Cloud Expo, Wes Talbert, a Principal Architect and results-driven enterprise sales leader at NetApp, will discuss how the HCI solution of tomorrow will integrate with the public cloud to deliver a quality hybrid cloud e...
SYS-CON Events announced today that Yuasa System will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Yuasa System is introducing a multi-purpose endurance testing system for flexible displays, OLED devices, flexible substrates, flat cables, and films in smartphones, wearables, automobiles, and healthcare.