5 Ways to Secure Texting for Physicians

When healthcare security executives were asked what issues keep them awake at night, survey respondents in a Forrester Research study most often cited the misuse of personally identifiable patient information (86 percent). This fear makes sense given that most hospitals still rely on pagers and insecure communication formats like Facebook and GChat. These formats do not provide secure texting for physicians and healthcare professionals.

Despite evidence highlighting the problems with pagers, practitioners continue to use these unsecured methods because of their low costs and ease of use. But, use of these formats by practitioners leaves their communications vulnerable to being intercepted or their patients’ data vulnerable to exposure.

Administrators could easily say that best way is to bring on secure communications is simply to avoid these forms of communication and adopt secure communications. But there is more to HIPAA-compliant messaging than simply providing secure messaging. Despite what might be popular lore, secure messaging is not HIPAA compliant. And, more to the point, straight secure messaging does not provide the necessary components to ensure communications are not compromised.

The goal of this blog is to highlight a few of the areas which physician and practitioner communications should encompass to ensure they are truly secure.

#1 Messaging vs. HIPAA-compliant secure texting for physicians

Simply using secure messaging does not ensure HIPAA compliance and provide secure texting for physicians. While encryption is a necessary part of secure messaging, it is not sufficient for HIPAA compliant messaging. HIPAA secure messaging refers to several additional protocols which go above and beyond encryption.

HIPAA violations and PHI breaches can be extremely costly. As such, providers of HIPAA compliant messaging need to ensure that the following protocols are implemented to ensure encryption and HIPAA compliance:

• Ensure that the content of all messages is encrypted in transit and at rest
• Identify and protect against reasonably anticipated threats to the security or integrity of the information
• Provide secure hosting for messages
• Ensure messages can be authenticated so that the recipient is identified
• Make sure all messages are archived
• Enable remote wipe so that if the mobile device is lost or stolen, patient information can be deleted from the device.

These are some of the main tenets of ensuring HIPAA compliant communications. Admins need to ensure that physicians and other practitioners are not falling into the trap of believing that the messaging they can access through Gchat or Facebook or native texting applications is sufficient.

#2 Ensure administrators are managing device access and password protection

If a physician resigns from the hospital, they will still have the hospital’s HIPAA secure messages on their mobile device. One part of HIPAA compliance is the requirement that messages can be remotely wiped off of a mobile device. If the employee leaves the organization or if an employee’s device is lost, the ultimate defense against a security breach is to remotely delete all data on the device.

Additionally, administrators need to ensure devices themselves are password protected so that if someone picks up the device, this individual is unable to access the messages on the device.

A third point administrators need to ensure is that passwords are strong. Using a password like ‘123456’ is not acceptable. Password rules need to ensure that the password uses a combination of upper and lower case as well as characters and symbols.

#3: Ensure secure attachments for secure texting for physicians

In addition to ensuring messages are secure, secure texting for physicians also requires consideration for the security of the attachments they send along with the messages.

Often practitioners send images, documents or voice recordings along with a message. By using simple email or social media, there is no assurance that these attachments are encrypted. However, these attachments are also governed by HIPAA requirements and are just as vulnerable to interception and cyberattack as straight messages.

By providing for the encryption of X rays or medical records, administrators are able to further ensure the security of healthcare communications.

Conclusion

What hospitals need to adopt to secure their institution against easy-to-avoid cyber-intrusions is a robust, HIPAA-compliant messaging application that ensures protections mentioned above.

To learn more about how physicians can secure their communications, download our e-book:  Five Ways to Secure Physician Communications