Welcome!

Blog Feed Post

Encryption and Healthcare Mobile Messaging

encryption healthcare mobile messaging

What’s so hard about the encryption of healthcare mobile messaging?

Last week, I came across an interesting article on encryption and healthcare mobile messaging. The article pointed out that pointed out the need for mobile device security when practitioners exchange PHI. Apparently, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) issued an important reminder to healthcare on the need to mitigate risks surrounding the use of mobile devices.  According to the article, OCR stresses that:

mobile devices should be included in an organization’s enterprise-wide risk analysis and that organizations implement security measures to reduce identified risks to a reasonable and appropriate level, as required by the Health Insurance Portability and Accountability Act (HIPAA) rules.

While it is obviously the OCR’s purview to issue statements on encryption in healthcare and mobile messaging, the issue remains that many physicians will continue to struggle with achieving this goal. Why is this the case? The reason for the struggle is that practitioners use non-secure, non-encrypted messaging platforms in healthcare to exchange information. As such, exchanging ePHI on non-secure platforms quickly follows. For secure exchange of ePHI, hospitals and clinics must embrace secure messaging platforms. One cannot exist without the other.

Why healthcare secure messaging is challenging

In part, secure messaging is challenging for healthcare professionals because practitioners often prefer to use a mixture of pagers, SMS, Facebook, GChat or WhatsApp to communicate with one another.  Additionally, even though WhatsApp now has end-to-end encryption, it still lacks access control that is needed to make it truly appropriate for healthcare. Without access control, anyone with the smartphone password can access information on the application.

Additionally, even if practitioners try to increase security by not naming patient names in exchanges, they still run the risk of violating HIPAA. For example, in one well publicized case, nurses began using Facebook to provide shift change updates to their coworkers. They did not use patient names, but they did post enough specifics about patients so that incoming nurses could prepare for their shift.

Disclosures were made with the best of intentions, but obviously violated HIPAA constraints. Omitting a patient’s name does not guarantee that the person cannot be identified. The conclusion that arises here is that under no circumstances should practitioners exchange PHI through non-secure methods of communication.

Another issue that makes secure messaging challenging through traditional smartphone applications is that the information cannot be wiped. In healthcare, users often face the risk of loss and theft of their device. The stolen information is then often sold on the black market where it is very valuable.

Secure messaging applications – a modest proposal   

Healthcare should not think that the solution to insecure messaging is the banning of smartphones. Indeed, doctors and nurses have their devices almost surgically attached. Banning would only be counterproductive and decrease productivity. Instead, the first critical step in switching healthcare’s mindset is to encourage adequate training.

Training needs to start at the top of the healthcare facility food chain. Physicians aren’t the only ones who need training. Directors and administrators need training as well. In this training, employees should learn about appropriate clinical secure messaging applications they can use.  OnPage, for example, provides a smartphone application which allows practitioners and administrators to exchange attachments, ePHI and text messages in a secure manner that keeps individuals HIPAA compliant.

Additionally, all users of secure messaging applications need to learn the steps of what they should do if they lose their smartphones. Individuals need to feel guilt-free about reporting this to appropriate administrators so they can have their app wiped, thus inhibiting the theft of any patient information stored on the messaging app.

Additionally, healthcare facilities need to impress upon practitioners that facilities can face significant financial and regulatory repercussions if hospitals violate HIPAA regulations by not adequately protecting patient information. Patients have been shown to be wary of visiting hospitals that have experienced HIPAA violations.

Finally, institutions need to make the switch to a secure clinical communications platform seamless and easy. Transitioning to a secure messaging application should require minimal effort. As such, sign on and sign off should be easy. Security should be on the onus of the app. Patient privacy should be easily maintained through message encryption.

Conclusion

It is fascinating to see how healthcare regulating agencies see the issue of mobile device security and PHI. Clearly, they see it as an important issue but one that is nowhere close to being solved.  What we can conclude from the article is that healthcare institutions need to continue their vigilance in protecting patient information. Secure messaging solutions and increased training are the best place to start.

 

The post Encryption and Healthcare Mobile Messaging appeared first on OnPage.

Read the original blog entry...

More Stories By OnPage Blog

OnPage is a disruptive technology and application that leverages today's technology and smartphone capabilities for priority mobile messaging. With a top notch history of ensuring uninterrupted communication for businesses and critical response organizations, OnPage is once again poised to pioneer new mobile communications methodology for business and organizational use.

Latest Stories
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
"We're focused on how to get some of the attributes that you would expect from an Amazon, Azure, Google, and doing that on-prem. We believe today that you can actually get those types of things done with certain architectures available in the market today," explained Steve Conner, VP of Sales at Cloudistics, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Sanjeev Sharma Joins November 11-13, 2018 @DevOpsSummit at @CloudEXPO New York Faculty. Sanjeev Sharma is an internationally known DevOps and Cloud Transformation thought leader, technology executive, and author. Sanjeev's industry experience includes tenures as CTO, Technical Sales leader, and Cloud Architect leader. As an IBM Distinguished Engineer, Sanjeev is recognized at the highest levels of IBM's core of technical leaders.
As Cybric's Chief Technology Officer, Mike D. Kail is responsible for the strategic vision and technical direction of the platform. Prior to founding Cybric, Mike was Yahoo's CIO and SVP of Infrastructure, where he led the IT and Data Center functions for the company. He has more than 24 years of IT Operations experience with a focus on highly-scalable architectures.
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get...
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
DXWorldEXPO LLC announced today that Dez Blanchfield joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Dez is a strategic leader in business and digital transformation with 25 years of experience in the IT and telecommunications industries developing strategies and implementing business initiatives. He has a breadth of expertise spanning technologies such as cloud computing, big data and analytics, cognitive computing, m...
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud ...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory?
In past @ThingsExpo presentations, Joseph di Paolantonio has explored how various Internet of Things (IoT) and data management and analytics (DMA) solution spaces will come together as sensor analytics ecosystems. This year, in his session at @ThingsExpo, Joseph di Paolantonio from DataArchon, added the numerous Transportation areas, from autonomous vehicles to “Uber for containers.” While IoT data in any one area of Transportation will have a huge impact in that area, combining sensor analytic...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...