Secure Messaging

Best Practices in Protecting PHI in the Cloud & Minimizing PHI Breaches

Krishna Kurapati
June 4, 2017

The recent HIPAA breach reports with CHS and Cedar Sinai are enough to keep healthcare CIOs and Security Officers awake at night.  Such events pushed healthcare organizations into reactive mode and concerned about their potential vulnerabilities.

Minimizing PHI Breaches in the Healthcare Realm

In today’s world of pervasive smartphone usage and cloud computing, it is important to identify some of the best practices in Minimizing PHI Breaches. When evaluating any cloud-based service, the healthcare organization must ask three important questions:

  1. Does the vendor need access to PHI? If the answer is no, the vendor should not store or access the PHI in the cloud.
  2. Is the encryption airtight?  Check for weak links in the path of encryption such as logs, backups, passwords. Vendor should not hold the PHI encryption keys
  3. Does the service store PHI in public cloud servers? Public clouds are like unencrypted laptops. It’s a huge risk.
minimizing phi data breaches through secure communication

Minimizing PHI Breach with qliqCONNECT

Following tenets of best security practices for minimizing PHI breach, we have designed qliqCONNECT, our flagship secure texting service, to ensure qliqSOFT has no access to your PHI and no PHI is stored in the Cloud.  This dramatically reduces your risk of a PHI breach.

Here’s how we do it with qliqCONNECT

  1. Cloud Pass-Thru Messaging -  No message content and PHI are stored in the Cloud
  2. Public-Private Key Encryption - qliqSOFT has no access to keys that decrypt messages
  3. Message Archive Behind Your Firewall - Your PHI remains in your control and qliqSOFT has no access
The Author
Krishna Kurapati

With over two decades of technology entrepreneurship background, Krishna Kurapati started QliqSOFT with the strong desire to solve clinical collaboration and workflow challenges in US Healthcare. During the late 90s, Krishna co-founded IPCell to build the first Cable IP Telephony switch, eventually selling the company to Cisco Systems. In 2003, he started Sipera (acquired by Avaya Systems) to solve security issues for Unified Communications' and raised over $30MM in venture funding. Additionally, he has been actively involved in the early-stage financing of startups in both the US and India.

Healthcare's Most Flexible Collaboration Platform

Engaging Patients and Connecting Care Teams Through Interactive Digital Conversations

Learn More