HIPAA Compliant Text Messaging Security
Qliq provides a fully HIPAA-compliant secure texting solution to healthcare organizations and other covered entities. It allows users to easily and securely send messages and file attachments to one another while adhering to all of the regulations of the HIPAA Privacy and Security Rules. Moreover, Qliq exceeds the security requirements of HIPAA and provides security advantages not found in other secure messaging solutions.
- QliqSTOR is a message archiving solution developed exclusively for users of the Qliq app.
- The archive resides behind your firewall and is in your control.
- Real-time copies of each message sent are stored along with timestamps and attachments.
- QliqSTOR’s archived message log is completely searchable and provides administrators with documentable evidence for auditing and e-discovery.
- Qliq uses a public/private key encryption architecture to secure messages.
- Each Qliq user has a unique “key pair” for message encryption that can only be decrypted and read by the intended user.
- Other services use the same key for all users as well as decrypt message on the server before re-encrypting for storage.
- Qliq’s public/private key encryption decreases your exposure to a security incident caused by human error with a 3rd party messaging vendor.
- Rather than storing your messages in a cloud server, Qliq’s “Cloud Pass-Thru architecture sends messages directly from one Qliq user to another.
- Unlike other healthcare communication solutions, no PHI is stored or decrypt on our server.
- These client/server models are less secure and involve many unnecessary steps that do not adequately protect PHI.
- Qliq drastically reduces the possibility of a data breach stemming from human error.
- Required authentication with ID and password
- Extensive control over Qliq security settings
- Easily view Access Logs to monitor use of Qliq and conduct HIPAA-mandated security risk assessments.
- Easily view all devices connected to the service.
- Qliq on missing phones and computers can be easily locked and wiped remotely.
- Quickly address potential security incidents due to lost phones and document that no security breach has occurred.
- Allows for the roll-out of an enterprise-wide, HIPAA-compliant “bring your own device’ policy.
- When requested, qliqSOFT can provide a Business Associate Agreement to customers as peace of mind in maintaining HIPAA compliance.
Frequently Asked Questions about HIPAA Compliance & Encryption Requirements
Where is my PHI?
Let’s start where it is not. With qliqCONNECT, your Protected Health Information or PHI is not stored in the Cloud. We use a messaging architecture called “Cloud Pass-Thru” where messages travel directly from one user to another. The messages pass through the qliqCONNECT servers in the Cloud on the way to the recipient but do not remain on the server very long. Your messages and PHI are in encrypted format inside the qliqCONNECT app for the short term. For the long term, the messages also reside in your qliqSTOR archive which is located in your control behind your firewall. So your PHI remains in your control and is not accessed or stored by us.
What happens if someone loses a smartphone?
Your information is Qliq is well protected and can be deleted remotely.
First, the Qliq app will automatically lock after a short period of inactivity (set by Admin) and will require a PIN or password to re-enter. Then, with a limited password failure attempts, the Qliq app will prevent an unauthorized user from repeatedly trying to guess the password or PIN. Lastly, all messages and documents in the Qliq app are fully encrypted inside the app database.
With Qliq’s Remote Lock & Wipe function, Admins (and users) can remotely lock the Qliq app as well as delete all the messages. This does not lock and wipe the whole phone, but just the Qliq app.
With several layers of security, Qliq can safely be used on smartphones including BYOD devices.
How is the message archive protected?
With Qliq, the message archive resides on your server and in your control. The QliqSTOR archive application is installed on your Windows Server which follows your security protocols for restricting access, encrypting data and activity monitoring. QliqSOFT has no access to your message archive or its data, and you are not dependent on QliqSOFT to access your archive data. This approach reduces vendor risk caused by storing archive in the Cloud.
Does QliqSOFT have access to my PHI?
QliqSOFT has no access to your PHI. With Qliq, Public/Private Key Encryption is used to protect the message content. Each Qliq user has a unique encryption key pair and each message is encrypted for a specific user. QliqSOFT does not have the decryption keys (or Private Keys) and cannot decrypt any messages that pass through the servers.
Most secure messaging vendors do not use Public/Private Key encryption and only TLS or SSL network encryption. This limited security exposes PHI on the vendor server creating a significant data breach risk. For healthcare organizations, Public/Private Key Encryption is essential for protecting PHI in email or text messages.