How to improve security with a HIPAA compliant messaging app

HIPAA compliant messaging app

Hackers are naturally drawn to healthcare because there’s great value in healthcare data. If a credit card has been compromised, the bank can put a stop on the card. The value is gone. But you can’t do that with a medical record.

Running in parallel with the trend of healthcare data theft is the fact that cybersecurity budgets and resource constraints are often cited as hindrances to improved data security. Statistics show that 95% of CIOs are concerned with inadequate budgets for security. Indeed, budget and resource constraints are the largest threat to patient data security and secure healthcare communications.

Given the prevalence of exchanging patient information via mobile methods, the security of devices must be nailed down and HIPAA compliant messaging apps installed. Depending on which figures you read, between 40%-50% (or more) of hospitals have no secure HIPAA compliant messaging app. Without a secure platform in place, exchanging of patient information via cellphone becomes another easy target.

The goal of this blog is to highlight how hospitals and clinics can use secure messaging technologies and methods to improve their security.

Encryption and the HIPAA compliance hiccup

Believe it or not, HIPAA doesn’t require encryption. Rather, HIPAA states that encryption is an “addressable” issue and only needs to be implemented if the covered entity has determined that encryption is a “reasonable and appropriate safeguard“  for managing risks to the confidentiality, integrity and availability of ePHI.

This means that a HIPAA compliant messaging app that exchanges patient information does not need to encrypt a patient’s information. However, a secure clinical communications platform that lacks encryption is essentially advertising your hospital’s patient information to cybercriminals.  A certified secure messaging app with encryption is needed to mitigate the risk to PHI.

By allowing physicians and nurses to communicate through an encrypted HIPAA compliant messaging app in real-time, a secure clinical communications platform improves productivity and keeps patient information safe from hackers. Practitioners and CIOs don’t need to worry about encryption if the platform has already considered this liability. Instead, practitioners can focus on improving patient outcomes.

HIPAA compliant messaging app and BYOD

Security is the fear that wags the mobile dog. CIOs worry that by enabling further BYOD use, they will expose their institutions to unknown risk. And this fear is not without validation as a significant source of intrusions are from lost or stolen devices. Companies that have implemented BYOD often struggle to protect against data loss and ensure that communications remain secure. As a result, many enterprises are scrambling for ways to combine secure texting technologies with BYOD policies.

An important part of effective BYOD management and secure messaging though is handling the potential risks that come from actual BYOD use and ensuring effective secure messaging. When hospital employees are beneficiaries of a BYOD policy, they can download secure messaging applications.

A secure clinical communications solution like OnPage gives care teams an efficient way to exchange patient information and discuss cases while still allowing IT to maintain control over the actual application. Patient data stays private and encrypted. Care teams stay productive. And IT holds the keys.

Remote wipe

Remote wipe means that the IT department of the hospital has access to the PHI on the phone. Consequently, IT can wipe the phone of patient data if the device should become lost or stolen.

Part of maintaining mobile security means that CIOs enable Mobile Device Management (MDM) policies that help ensure security of the HIPAA compliant messaging app. An important part of MDM is enabling that remote wipe is made available on any messaging application employees download.


Health care data commands a higher price on the black market than credit card information, social security information or bank account information. Protecting that information needs to be a priority to every hospital practitioner and CIO.

While there is no universal plan that can be implemented for every facility, organizations can take the steps above as a key primer in educating themselves on how to use proper security hygiene. Secure messaging and a HIPAA compliant messaging app are great places to start.

Schedule a demo to see how a HIPAA compliant messaging app can improve your security.