Secure Text Messaging and Email Security for Healthcare



By Aaron Boatin

Most healthcare providers send text messages and emails throughout their day. Unfortunately many choose unsecured methods of transmission. This is bad news for protecting patient data and worse yet, a clear HIPAA violation.

Embracing technology to increase the speed of healthcare is a good thing, but only if it’s done right. This means encrypting protected health information (PHI), to ensure the privacy protection mandated by HIPAA and HITECH.

Managing Protected Health Information with Secure Text Messaging

Standard texting on cell phones and alpha/text pagers is not HIPAA compliant. However, implementing secure text messaging for providers is a painless process, and allows users to receive HIPAA-compliant, secure text messages using a smartphone.

Secure messaging apps allow medical practices to stay on top of their customer service, anywhere they may be, and remain HIPAA compliant. App capabilities vary, but look for one with powerful enterprise paging and messaging application built for Apple iOS and Android mobile phones and tablets. This can replace or supplement current paging technology and enables instant two-way communications.

It’s ideal for organizations where HIPAA compliance is a necessity or when sensitive data needs to be securely delivered to mobile devices. When the recipient receives a new message alert, the secure message can be viewed instantly using the secure messaging app. The secure messages are kept separate from email and text messages.

Many apps allow staff to acknowledge they’ve received the call without having to speak to a call center agent. This saves time, money, and improves response time to patients. Faster response can have a big impact on patient satisfaction scores.

Socket Layer (SSL) Technology

Call centers that serve the medical community should seek solutions that offer compliance, privacy, and sender/receiver authentication, using 256-bit encryption SSL technology. This exceeds compliance standards and is the same technology that protects sensitive information on major websites that offer secure online transactions.

Other ways that most secure messaging apps are useful to medical practices complying with HIPAA and increasing efficiency include:

  • Reporting with an audit trail of all messages with all message events.
  • Issuing persistent alerts to the recipient’s mobile device, helping ensure immediate action.
  • Allowing users to designate high priority messages, displayed at the top of the message list.
  • Providing encrypted message delivery and message read receipts, indicating that the device received the message or the recipient opened the message.
  • No need to add a text messaging plan; the app bypasses traditional SMS messaging.
  • Free secure messaging between devices; no text charges apply.
  • Ability to send secure broadcast messages to a group.

Management of Secure Text Messaging for Medical Practices

The management of secure text messaging users is easy. For some apps, the management of devices is done through a web portal so that staff can add, delete, or change user settings. If a device is lost or stolen, the data on the phone can be deleted using the remote wipe function.

Secure text messaging solutions work by hosting the encrypted PHI on hosted secure servers. The phones then access this secure data via the secure texting app. This is a great solution for medical practices where most providers use their own phones. It fits in perfectly with BYOD policies in place at large healthcare organizations.

The best apps mimic the ease of use of regular text messaging, making adoption easy and intuitive. They also bring several nice enhancements and integrations. For example, the ability to send and receive images (x-rays for example) and audio files saves an enormous amount of time.

Many medical practices that have implemented secure text messaging have seen boosts in productivity. Aside from HIPAA compliance, the speed of communications accelerates dramatically. This has a direct positive effect on patient care.

Encrypted Email

Standard email is not HIPAA compliant. Without email encryption, email sent from one user to another is vulnerable at any point along that transfer route. Using unencrypted email not only puts the content of the information at risk but also the identities of the sender and receiver.

To provide additional protection for email communication in transit and keep electronic communication from prying eyes, companies often apply encryption methodologies to their electronic communication. Encrypted email refers to the process of encoding email messages in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can.

There are two popular options for encrypting email. They are TLS and Secure/Multipurpose Internet Mail Extensions (S/MIME) encryption methods.

TLS Encryption: Transport Layer Security transcription (TLS) protocol prevents unauthorized access of emails while they are in transit. TLS is a protocol that encrypts and delivers email securely for inbound and outbound email.

It helps prevent eavesdropping between email servers. It’s worth noting that email messages are encrypted only if the sender and receiver both use email providers that support transport layer security.

Not all email providers use TLS. Not sure if an email server has TLS enabled? Use this online tool to test an email address.

S/MIME Secure Email: S/MIME (Secure/Multipurpose Internet Mail Extensions) is a widely accepted method for sending secure email messages. It allows users to encrypt emails and digitally sign them. It gives the recipient the peace of mind that the message they receive in their in box is the exact message that started with the sender.

It also ensures the person receiving the email knows it really did come from the person listed in the “From:” field. S/MIME provides for cryptographic security services such as authentication, message integrity, and digital signatures.

Conclusion

Putting it all together is a challenging endeavor, but doing nothing is risky for your organization and the patients’ PHI that is vulnerable for interception.

Aaron Boatin is president of Ambs Call Center, a virtual receptionist and telephone answering service provider, that specializes in medical answering services. His passion is helping clients’ businesses succeed. Melding high tech with high touch to provide the best customer service experience for clients is his core focus.