Qliq Secure Mobile Messaging
What is Qliq?
Qliq is a real-time HIPAA and HITECH compliant secure messaging platform for healthcare providers. It allows the secure exchange of Protected Health Information (PHI) via text messages on smartphones and tablets running iOS and Android, and desktop computers running Windows or Mac. Our cloud pass-thru model ensures that all messages stay encrypted in transit and are only stored on devices managed by an organization. With Qliq, users can securely send images, videos, audio files, PDFs, documents, spreadsheets and other files.
Who is using Qliq?
Over 700 hospitals, health systems, hospice, home health organizations, ancillary service providers as well as group practices are using qliqCONNECT.
What differentiates qliqSOFT from its competitors?
Security: Qliq’s Cloud Pass-Thru™ messaging architecture is substantially more secure than our competitors’“client/server” architecture because no Protected Health Information (PHI) is stored or decrypted on our servers. The client/server model of our competitors is less secure since it involves decrypting, re-encrypting, storing, and logging of all messages on a 3rd party server. Qliq is unique in that it uses an individual public/private key encryption model. Therefore it is virtually impossible for qliqSOFT or anyone else to access the server and decrypt the messages containing your PHI in transit or at rest. The peer-to-peer architecture ensures that all messages are encrypted/decrypted only on your mobile devices and computers where they are stored in an encrypted database. A database that cannot be decrypted even if someone were able to remove it from a user’s smartphone, tablet, or desktop. It is important to note that we have the highest level of encryption available (2048 bit RSA encryption for messages, and 256 bit AES bulk encryption for attachments)
Enterprise-Ready: We use SIP technology, which is the most widely-used and tested communication technology available. SIP is a proven, reliable, and secure form of communication that easily integrates with enterprise communication systems such as IP/PBX, nurse call systems, and tele-health systems. Furthermore, SIP supports a number of key modalities that allow for rapid deployment of new communication functionality, including screen sharing and teleconferencing. We have also incorporated an HL7 integration engine directly into our communication platform so that Qliq can be quickly interfaced via our qliqDIRECT integration engine to any existing PMS, EHR, Laboratory or other clinical system.
Functionality: Qliq is designed exclusively for healthcare professionals and their support staff. It includes the features required in a healthcare setting: customizable message notification and sound alerts, message delivery confirmation, manual message acknowledgement, custom lists of quick messages, the ability to send images/videos/files/voice messges, organization of users by groups/subgroups, inclusion of external users, centralized administration, remote lock and wipe, message archiving, EHR and directory integration, and much much more.
High Availability: The Qliq mobile application is always on, whether in the foreground or the background. This allows for realtime, high-availability communication whenever and wherever the users desire. Our solution is inclusive of all health care professionals, their support staff, ancillary service providers, caregivers, and patients. Since a mobile number is not required to route messages, realtime communication can occur from a desktop, smartphone, or tablet.
Expertise: Backed by two decades of network security experience and expertise, we designed Qliq to exceed the rigorous security standards required by the healthcare industry. We deliberately avoided using centralized storage of messages and Protected Health Information (PHI). We are mindful of the fact that the threat and impact of a potential breach is proportional to the amount of data stored. As such, we designed our system so that all PHI is 100% under your organization’s control and stored in a distributive manner on your devices. This works for both in both an organization issued device and BYOD (bring your own device) environment.
Is Qliq HIPAA compliant?
qliqCONNECT is HIPAA and HITECH compliant as it provides: authentication, peer-to-peer 2048 bit RSA encryption for messages and 256 bit AES bulk encryption for attachments, auditability, and administrative controls designed to ensure full HIPAA/HITECH compliance.
You can read more on our HIPAA Compliance and PHI Security Page and in our HIPAA Statement.
How do I send a text to another user who does not have the Qliq secure texting application?
If a user wants to send a secure message to someone who is not in their qliqNETWORK, they can easily invite them from their phone’s contact list or by sending an invitation using their email address or mobile phone number. Signing up is a simple process and it is absolutely free. Secure connections can be created in a matter of minutes.
Where can I find the Qliq application?
For those using the iPhone, iPad or iPod, the app is available at the Apple AppStore. For those using Android smartphones and tablets, the app is available at the Google Play Store. The Desktop app for Mac and Windows is located on our app download page. There is no fee to healthcare providers to download and use Qliq.
What devices can I use with the Qliq application?
- iPhone, iPod Touch, iPad (iOS v. 7.0+)
- Android Phones and Tablets (v. 4.0+)
- Windows 7, 8, 10
- Mac OS X 10.9+
Are there any devices that are not compatible?
Blackberry, Windows Mobile, and proprietary handsets.
Do I need a Business Associate Agreement (BAA)?
qliqSOFT will sign a BAA with Covered Entities. However, keep in mind that qliqSOFT does not fit the definition of a Covered Entity or a Business Associate as no PHI is accessible by qliqSOFT due to the security architecture. When you partner with us, you are note required to have a Business Associate Agreement or invest in lengthy third-party validation procedures. We act merely as a conduit for the messages and cannot access them on even a random or infrequent basis, which exceeds the requirements described in the Federal Register, Vol. 75, No. 134, p. 40873.
Does Qliq work with non-smart phones (regular old cell phones)?
No, Qliq is only available on smartphones. qliqSOFT does offer a transition solution from pagers and standard cell phones by sending non-secure notifications to these non-secure devices.
How much does Qliq cost?
Are SMS (Texting) charges incurred by using Qliq?
There are no additional SMS (Texting) charges from using Qliq as all messages are sent securing over data service of your plan. This means that messages continue to be sent and received even if you only have wi-fi access. We have thousands of active users, sending thousands of messages a day, and none have reported any unexpected charges on their mobile bill.
Isn’t SMS texting secure? Why can’t I just use SMS?
SMS texting is not secure or HIPAA-compliant. It presents a number of physical and transmission vulnerabilities. Please refer to the diagram that explains each of these in detail.
How does qliqSOFT avoid these same security problems?
Qliq is designed with Cloud Pass-ThruTM messaging architecture and Public/Private Key security architecture that exceeds HIPAA and HITECH requirements for all healthcare communication. Please refer to our HIPAA Statement which illustrates Qliq’s security features in detail.
Is Qliq HIPAA compliant?
Qliq is HIPAA and HITECH compliant as it provides: authentication, peer-to-peer 2048 bit RSA encryption for messages and 256 bit AES bulk encryption for attachments, auditability, and administrative controls designed to ensure full HIPAA/HITECH compliance.
You can read more on our HIPAA Compliance and PHI Security Page and in our HIPAA Statement.
Does Qliq encrypt the text messages?
Qliq uses a public/private key encryption architecture to secure messages. Each Qliq user has a unique “key pair” for message encryption and therefore only the intended recipient can decrypt the message. With this public/private key security approach, not even our company, qliqSOFT, has the ability to decrypt the messages. Other secure messaging solutions use the same key to secure message communications for all users. They also decrypt all messages on the server and re-encrypt for storage. This greatly increases your exposure to a security incident caused by human error with a 3rd party messaging vendor.
What level of encryption does the qliqSOFT messaging platform use?
We use 2048 bit RSA encryption for all messages and 256 bit AES bulk encryption for attachments (images, audio files, videos, pdfs, and documents).
Where are text messages stored?
Qliq text messages and attachments are stored in an encrypted database on the user’s devices (mobile and desktop). The databases on the devices or desktop computer cannot be decrypted even if an individual were somehow able to download them since they would not have access to the private key required to decrypt them. If the qliqSTOR message archive is used, the message reside with in the qliqSTOR database that is hosted behind the firewall of the healthcare organization and in their direct control.
Does the end user have the ability to save a text message locally on the device?
Messages are stored locally in an encrypted database on the user smartphone, tablet, or desktop, but are automatically deleted according to the message expiration set by the administrator. A user has the option to delete messages and attachments sooner if desired.
Is there a limit as to how many messages are stored locally?
Currently, the application does not limit how many messages are stored locally. Modern smartphones and computers have the capacity to store several years’ worth of text messages. The default setting for message archival is 7 days. However, the user can increase or decrease that length of time if they have purchased Qliq for Business, which provides central administrative control over the devices.
What if a device is misplaced or lost?
Your information is protected if a device is misplaced or lost. Qliq will automatically lock itself after a pre-defined (administrator controlled) amount of inactivity or idle time. Additionally, both end-users and administrators can remotely lock and wipe the application data by logging into the administrative dashboard on qliqSOFT’s website.
What security measures are used to authenticate a user?
Each user must have a Username and Password with an optional PIN. The password strength requirements can be set by the account administrator
How long can messages be saved locally? Is the messaging evanescent?
By default, messages will expire and be deleted from the end-user Qliq application. For Qliq for Professional users, the messages will automatically expire after 7 days. Qliq Business Administrators have the ability to select the message retention rate. Messages can be archived for a longer period by the organization using the qliqSTOR archive.
How are policies administered?
The policies are administered through the Qliq Business/Enterprise web console under the direction of the administrator.
Are policies universal or can they be applied differently to user groups?
Some policies (password requirements, length of message storage, etc) are implemented universally and some can be applied at a group level.
What level of message tracking is available?
All messages and their status are individually date/time stamped. If the intended recipient is offline, the status shows “Pending”. When the recipient receives the message, the status on the sender’s device changes to “Delivered” and when the message is viewed the status changes to “Read” In addition to message logging, Qliq allows senders to request an acknowledgement from the receiver. This functionality ensures that messages were received, read, and understood. The acknowledgement itself is also date/time stamped. By touching or right clicking a mouse over a message segment, an option appears to view message details, which include message id, the date/time it was created, sent, received, and read.
Does Qliq allow peer-to-peer texting?
The main feature of our applications is peer-to-peer messaging between healthcare professionals, ancillary service providers, administrative staff, caregivers, or patients. All users are identified by their email address and our cloud servers route the messages from one user to another. Peer-to-peer messaging does not depend on a mobile number and uses a combination of Public and Private Keys to ensure that all messages remain encrypted while in transit or at rest.
Does Qliq support group texting (one to many texting)?
Yes. It is possible to send a message to multiple individuals at the same time. Qliq supports both collaborative group chats as well as broadcast group messages.
Does Qliq support document or image sharing?
Yes, documents, spreadsheets, PDFs, images, video and audio files can be sent and received securely with Qliq. File attachments are encrypted using 256 bit bulk AES encryption.
Does the user have the ability to forward a text received to Qliq and non Qliq users?
No. You can only forward a message to users on Qliq. A non-Qliq user can receive an invitation to join your qliqNETWORK and then be able to receive secure messages in Qliq.
Are there acknowledgments that a text was received and read?
Yes, all messages have detailed deliver status that are individually date/time stamped. If the intended recipient is offline, the status shows “Pending”. When the recipient receives the message, the status on the sender’s device changes to “Delivered”. In addition to message logging, Qliq allows senders to request an acknowledgement from the receiver. This functionality ensures that messages were received, read, and understood. The acknowledgement itself is also date/time stamped. By touching or right clicking a mouse over a message segment, an option appears to view message details, which include message id, the date/time it was created, sent, received, and read.
Does qliqSOFT's secure messaging applications include message tracking?
Yes, all messages are tracked through their life-cycle and visible on both the sender and recipient devices. By touching or right clicking a mouse over a message segment, an option appears to view message details, which includes message id, the date/time it was created, sent, received, and read.
Additionally, if an organization uses the optional qliqSTOR archival server, all messages (including the message metadata – status, date/time stamps) are stored centrally on the healthcare organization’s datacenter/cloud and can be viewed and queried as required.
Does qliqSOFT's secure messaging application offer presence-awareness (on-line, available, busy, etc...)?
Yes. An end-user can set their status to Available, Away, or Do Not Disturb.
Describe the management console/ Web Portal and its features and functionality.
We provide web-based account for both individual and group accounts. Individuals can manage their personal profile and password. Group administrators can manage users, create and manage sub-groups (including access privileges), tailor the security settings, manage devices, review activity logs and assign multiple administrators. Additionally, group administrators can remotely lock and wipe data from an end-user’s device in the event the device is lost or stolen.
What types of reports are available?
We have a database driven user activity report. It is possible to create custom reports based on the organization’s requirements.
Can I invite other users, whether inside or outside of my organization, to join my qliqNETWORK?
Yes, with Qliq you can invite other users to your qliqNETWORK. All you need to do is to tap the Invite button and select contacts from your smartphone contact list, or enter their email addresses or mobile phone numbers. Your contacts will receive an informative invitation email or SMS text message from you. Once they have accepted the invitation, you will be able to communicate with them on Qliq.
How often do new releases become available?
Major releases will be available approximately every 3 months.
What infrastructure (servers, database, storage, gateways) is required to implement Qliq?
There is no infrastructure or specific device requirements to implement Qliq as it is a SaaS messaging service. Everything is cloud based except the message archival server, qliqSTOR, which is housed on the customer’s premises. qliqSTOR is a Windows service that runs on any modern Windows server or Windows virtual machine.
Describe Qliq architecture.
We have a distributive architecture where data is stored on the customer’s devices and servers. qliqSOFT uses a cloud-based SIP server for realtime message routing and delivery. All messages are end-to-end encrypted so only the sender can encrypt the message and the intended recipient can decrypt the message. Our peer-to-peer architecture uses a combination of Public and Private Keys. All messages are deleted from our server immediately upon delivery so no Protected Health Information (PHI) is stored or encrypted/decrypted in the cloud (cloud pass-thru). Encrypted messages are only transiently stored on our server if a recipient is offline. In this case, we use a push notification service to ensure a high reliability of message delivery. This prevents the need for both the sender and receiver to be online simultaneously to send/receive messages. There are no changes required to an organization’s existing firewalls and the application runs as a service on the user’s mobile devices or desktops for constant availability. The sender can initiate messages even if a network connection is unavailable. The messages are automatically delivered when the sender goes online. The desktop and mobile applications are thick clients and the installation of the application does not require administrative privileges on the computer.
Can qliqSOFT's secure messaging application accept interfaces from other applications?
Yes, Qliq includes a interface hub application for integration. It uses SIP for nurse call systems and HL7 for EMR/EHR as well as other clinical systems. This includes event notification as well.
How many interfaces can the system simultaneously support?
There are no limits to the number of interfaces our system can handle.
Does your solution work with Active Directory?
Yes, Qliq supports Active Directory integration. Different integration approaches are available based upon the Active Directory specifications.
Can locally saved contacts be imported into qliqCONNECT?
We currently support the batch importing of contacts via a CSV file and the user can invite others from their device to join their qliqNETWORK.
What is qliqSTOR?
qliqSTOR is the archive application for QLIQ for use by healthcare organizations. It is installed behind an organization’s firewalL so they have 100% control over its data. qliqSTOR receives a copy of all messages sent between the organization’s users. All messages, attachments, and delivery status time stamps are stored within qliqSTOR and they can only be accessed by the group administrator or other authorized individual for auditing or e-discovery purposes.
Are there any limitations as to which operating system can be used with Qliq?
We are constantly improving the functionality of Qliq so it is important that you use the latest iOS, Android, or Desktop versions of our application, which will be optimized for the latest operating systems. The minimum iOS version is 6.0+, for Android v. 2.3.5+, and on Windows 7/8 and Mac OS X.
Does Qliq secure mobile messaging application interface with EHRs?
Yes. We are able to directly integrate with EHRs and other clinical systems through our interface engine qliqDIRECT which uses HL7 2.x standards and above to interconnect Qliq with the system. Another way to integrate would be to use our API.
How do I register for a qliqSOFT account?
Any healthcare provider, group, or organization can register for a qliqSOFT account at www.qliqsoft.com. The person submitting the group registration is by default the group administrator. To successfully create a qliqSOFT account, you need to have a valid email address, phone number, and web address.
The following steps are required to complete your registration and activate your account:
- The admin receives an initial email after submitting the registration form.
qliqSOFT then verifies that the practice, organization, or health system registering is legitimate.
- Based on the results of the verification, qliqSOFT can accept, deny, or hold the registration.
- Once the registration verification is complete, the admin receives an email with the activation instructions.
- A simple three step process helps the admin quickly implement realtime secure communication.
How long does the verification process take?
At qliqSOFT, we take security and integrity seriously. To ensure all of our users are legitimate members of the health care team, we implement a verification process that is typically completed within 2 hours. As part of our process, you may receive a direct call from one of our representatives. It is not necessary for an organization to have a website in order to use Qliq.
What training is available for users?
What training is available for administrators?
We provide direct, live training to Qliq administrators. In addition, we have a QuickStart Guide, video tutorials (screencasts), a FAQ Help web page, a subscription-based direct training and support. We also include various in-app assistance techniques. In addition, we will provide routine webinars and web-based tutorials.
What support is available?
What are the recommended settings for my device?
Recommended settings include:
- For iOS, Push Notifications should be on and approved for Qliq.
- For Android devices, the screen alert must be turned on otherwise message notifications will not be received.
- If battery consumption is a concern, Qliq battery saving mode can be turned on by going to Settings, then selecting General, then turn on Battery Save Mode.