OnPage app helps prevent HIPAA violations and ransomware attacks

OnPage helps thwarts HIPAA violations

Avoiding HIPAA violations and combating potential ransomware attacks are top of mind for many healthcare institutions. In theory, avoiding HIPAA violations should be straight forward as HIPAA requirements are very specific in what they do and don’t allow hospitals to do during communications with their staff physicians. HIPAA legislation clearly prohibits the use of devices that do not have:

• user authentication
• data encryption
• remote wipe capabilities
• delivery and read receipts
• date and time stamps
• customized messaging retention time frames
• specified contact lists

And yet in spite of these specific requirements meant to help ensure patient privacy, hospitals are the biggest target of ransomware attacks. According to one article, 88 percent of all ransomware attacks target hospitals. Hospitals become vulnerable to ransomware because events as basic as a lost or stolen iPhone expose strategic information.

The issue is best summarized by the following paragraph in a recent article from Becker Hospital Review:

“Even a minor mishap, such as a lost or stolen employee device, can compromise privacy and security for hundreds to thousands of patients. And with the increasing exposure to data and applications from many different locations, the potential risks are only growing.” Still with each mishap, we are stunned that a breach has happened yet again.

For example, the Catholic Health Care Services for the Archdiocese of Philadelphia (CHCS) found itself in violation of HIPAA regulations when an employee’s iPhone was stolen in July, compromising the public health records (PHI) of more than 400 patients. The fine assessed to Catholic Health for this violation was $650,000.

Yet for smartphones, at least, the ability to achieve HIPAA compliance is relatively straightforward. Information relating to patient records needs to follow the dictates stated at the top of this article such as user authentication, encryption, etc. One straightforward app that enables HIPAA compliance for the smartphone and works as a pager alternative is OnPage. OnPage’s smartphone application ensures HIPAA compliance while facilitating alerts and exchange of information.

This security is of even more significance since doctors often conduct communications on their smartphones rather than pagers since pagers limit the detail that can be exchanged. Doctors will receive a page and then follow up with a phone call. If the doctors use OnPage, any messages sent via cellphone – text, images, voice messages – will be secured and encrypted. That would be a huge first step towards meeting HIPAA compliance. And if a smartphone is lost or stolen, it can be wiped.

Just imagine if the doctor with CHCS had a HIPAA-compliant iPhone. At least 400 patients wouldn’t have had their PHI stolen and CHCS would be $650,000 richer. Imagine that.