Best Practices for Successful Secure Texting


September 10, 2019
Group of people surrounding a laptop

You’ve been leading the charge toward HIPAA-compliant secure texting. But there is a long road between deciding to implement a solution and successfully rolling one out. No matter where you are in the process, there are 5 best practices to help you keep your momentum.

1. Identify Your Goals

There are many benefits to secure texting. But what are the main objectives for your organization? What factors are you trying to impact? For most organizations, goals include one or more of the following:


HIPAA regulations are certainly the primary reason organizations seek a secure texting solution. But it helps to document the specific risks you are looking to mitigate. For instance:

  • Shift staff & physicians who are communicating now by text/SMS onto a HIPAA-compliant messaging platform.
  • Streamline the HIPAA risk assessment process for mobile vendors by selecting a texting vendor.
  • Having a BAA with your texting vendor.


Successful communication is often a key factor in both reducing costs and improving patient outcomes. Documenting the details transforms this from a general goal into actionable (and measurable) objectives:

  • Who will use this solution (e.g., doctors, nurses, call centers, on-call providers, certain departments)?
  • What are the intended flows of communication (e.g., Doctor to Doctor, Nurse to Doctor, Call Center to Doctor)?
  • How will those intended workflows be improved by the solution and what specific forms will those improvements take?


Over the course of the implementation process, you will be asked more than once to define the ROI (return on investment) for the proposed solutions. Prepare for these conversations by outlining the direct and indirect costs that will be impacted:

  • Direct costs (or “hard costs). These are things you are currently spending money on now that you won’t have to spend as much on post-solution. An example would be replacing pagers or other organization-provided hardware with a BYOD (bring your own device) solution. Those hardware costs saved are direct costs.
  • Indirect costs (or “soft” costs). These savings are harder to document but also have impacts beyond pure cost reduction. For instance, reducing the number of phone calls/call backs needed to achieve a result will impact man-hours as well as prevent treatment delays and readmissions. Since these are hard to quantify, many organizations adopt a single parameter as their keystone for indirect costs, such as the number of hours saved per day.
  • Cost of non-compliance. $45,000 per provider up to $1,000,000 per incident for PHI security breach.

Once you have documented and detailed all your goals, it’s time to craft your “key message.” This is a short statement that clearly explains these goals (or the top priorities if there are many) in a conversational way. This will be your “go to” message or “pitch” as you talk to people about this project. Don’t forget to include the “why” — people are more likely to accept change when they understand the need for it.

2. Get Your Organization on Board

If you haven’t already done so, you need to run your secure texting service of choice through some checks and balances to make sure it will work for your entire organization. Bring together a small team of decision makers to validate the solutions from several perspectives, including:

  • IT & Security
  • Compliance & Legal
  • Clinical
  • Executive & Operations

It’s tempting to want to limit your conversations and meetings about your solution to get it off the ground more quickly (or so you think). But nothing delays an implementation longer than an unforeseen requirement or resistance from cross-functional teams. Taking the time at the start of your project to get the right people on board is actually the best way to ensure an on-time and successful rollout. This process can also help you lay the foundation of your implementation plan, by getting opinions on factors such as:

  • Will you need to restrict access to any specific users or groups?
  • Should the solution be purely mobile? Or mobile with a desktop interface as well?
  • Should it be rolled out in small groups or organization-wide?
  • Which group/team should be my test unit or pilot?

3. Communicate Your Policies

Your secure texting policy needs to cover things like:

  • If BYOD is allowed, what devices are approved or excluded? Is any operating system or additional security downloads required?
  • All messages on the secure platform are the property of the organization and as such can be accessed, read, deleted or otherwise used by the organization.
  • All messaging needs to be secure (text, images, files, etc. all need to be transmitted on the secure platform – no SMS texting for organization use).
  • The types of messages that are allowed/not allowed over the secure platform (e.g., medical orders can be texted, but must be verified verbally as well).
  • Whether your organization allows the use of personal devices (“bring your own device” or BYOD) or will supply devices to those who need it – and additional policies around that.
  • When and how should users report a lost or stolen device (so that remote lock & wipe can be activated)?
  • How long will messages be retained on devices and in the system? How should older messages be retrieved if needed?

4. Supercharge Your Implementation Plan

IT teams are often used to rolling out backend solutions or changes that few people will notice or care about. This is NOT one of those solutions. Texting is personal, it’s social and everyone will be talking about it. So make sure the rollout of secure texting is successful by super-charging your implementation plan.


What date you choose is not nearly as important as the fact that you pick one, communicate it and stick to it. You will need this information every step of the way because once people understand “what” and “why,” their next question will be “when.”

Of course, choosing a good date is also important. If 30% of your staff will be off for a holiday or one of your locations is in the middle of an EMR implementation, it’s probably best to plan your rollout around these factors.

Consider whether to roll out group-by-group or organization-wide. Either way, it’s best to first complete a “pilot” rollout to one small group as a learning experience. Then proceed with either a phased or organization-wide rollout.


Every organization has “super-users” – people who adopt new technology more quickly or use it more frequently or comprehensively than others. Figuring out how to tap into that natural resource can make your rollout more smooth and successful.

Your implementation plan should start with those “super-users.” Get them online first and use their feedback to improve your communication and training plan. Plus, enlist their help during rollout – either directly as trainers or indirectly as early adopters and influencers.


The single biggest mistake organizations make in rolling out their securing texting solution is starting the communication process too late. The earlier you let people in one your plans the better. And you don’t have to wait until you have the whole implementation plan buttoned up. Here are some tips for crafting the right message for each phase of your rollout:

  • Before – Messages should focus on what’s happening and why. Talk about the goals you have identified and explain how your secure messaging solution will help you reach those goals.
  • During – Focus on “how to” content to lessen any anxiety or frustration. This is a great time to talk about any successes or lessoned learned from the pilot rollout or super-user feedback.
  • After – Focus on supporting adoption and proper use. Remind people of ways they can use the solution in their workflows and highlight success stories or testimonials from your organization.

5. Connect with External Organizations

Chances are, you are not the only organization in town needing secure texting. Users from your organization probably need to communicate with people in those other practices, testing centers and hospitals. With qliqSOFT, your entire healthcare community can be connected. If those external organizations already use qliqSOFT, the two can be linked so that users of both organizations can message each other. Otherwise, you can easily invite these external groups and individuals to set up a qliqSOFT account and connect with you.

The messages are still secure, HIPAA compliant and adhere to the policies and procedures of the user’s own organizations. The ability to communicate across groups can enhance adoption rates for both organizations by allowing users to do more with their messaging solution.

The Author
Ben Henson

A lifelong communicator, this Tennessee native got his start in broadcast news before branching out into public media, corporate, communications, digital advertising, and integrated marketing. Prior to joining QliqSOFT as the company's first marketing team member, Ben shared his talents with organizations that include the University of Alabama, iHeartMedia, and The Kroger Company.

Related Content

Customer Success Story:

No items found.
Related Story:


Want our blogs in your inbox?
Subscribe for more!

Thank you!
Oops! Something went wrong while submitting the form.