Common Questions on Secure Texting & Secure Messaging for Healthcare
How is the messaging all secure?
The most secure approach for texting is to have many layers of security that protect your health information.
Public-Private Key Encryption
One of the most important aspects of qliqCONNECT security is how we encrypt your messages. First, all network connections are encrypted with transport encryption called TLS. So all communication over the Internet is secure. Second and more importantly, qliqCONNECT encrypts the message content using Public-Private Key Encryption. With this approach, every user on qliqCONNECT has a unique encryption key and each message is encrypted for a single particular user. And only the message recipient has the decryption key to open the message. Not even qliqSOFT has the decryption keys, so we can’t decrypt your messages and have no access to your patient information. Public-Private Key Encryption is the foundation for a truly secure texting solution as it drastically reduces the risk of a PHI breach caused by your vendor.
qliqCONNECT enforces a secure password directly through the Admin Dashboard or Active Directory. The Admin can set requirements for length and upper case, numeric and special characters. A password expiration can be set as well.
Remote Lock and Wipe
For improved mobile security, especially on Bring Your Own Device (BYOD) devices, qliqCONNECT offers a remote lock and remote wipe function. If a phone is lost or an employee leaves the organization, the Admin can lock and wipe the qliqCONNECT app from the Admin Dashboard. This only locks and wipes qliqCONNECT, not the entire phone.
Inactivity Time Out
The qliqCONNECT apps lock after a period of inactivity to ensure no unauthorized access. Users need to re-authenticate with a password, PIN or Touch ID (on iPhones). Admins can adjust the inactivity time before the lock and find the right balance between security and user convenience.
Short Message Retention
All messages on qliqCONNECT have an expiration, and the Admin can select the appropriate expiration period (i.e., 7 days). When a message is expired, it is deleted and not accessible in the app. Long-term message retention is then available in the qliqSTOR archive.
If a user sends a message to the wrong qliqCONNECT user, he can recall it and it is no longer accessible to the incorrect recipient.
Invalid Password Lockout
If an unauthorized user attempts to guess a password and access qliqCONNECT, the app will lock after a few incorrect guesses preventing the unauthorized user from continuing to make login attempts. The Admin can adjust the number of password failures before a lockout. All these layers of security add up to an incredibly safe approach to secure messaging.
Where is my PHI?
Let’s start where it is not. With qliqCONNECT, your PHI is not stored in the Cloud. We use a messaging architecture called “Cloud Pass-Thru” where messages travel directly from one user to another. The messages pass through the qliqCONNECT servers in the Cloud on the way to the recipient but do not remain on the server very long. Your messages and PHI are in encrypted format inside the qliqCONNECT app for the short term. For the long term, the messages also reside in your qliqSTOR archive which is located in your control behind your firewall. So your PHI remains in your control and is not accessed or stored by us.
Does it integrate with Active Directory?
Yes, qliqCONNECT has excellent integration support with Active Directory for user management and user authentication. We provide an AD Connector application that links your Active Directory to the qliqCONNECT servers. Selected users and AD groups are synchronized to Qliq to allow for fast implementation and easy user management. The AD Connector has no license fee and is set up by the Admin in less than an hour.
How do I know that the recipient read my message?
As the sender, you always receives an automatic delivery receipt and read receipt for each message, and you always know the status of the communication. In addition, qliqCONNECT offers an optional “Request Acknowledgement” function when sending a message. When used, the send can request message acknowledgment and then the recipient can simply tap the message to provide an acknowledgment that the message is fully understood.