HIPAA Compliant Text Message Encryption
What is HIPAA Compliant Text Message Encryption
HIPAA compliant text message encryption varies depending on your secure texting vendor, but at its core, this technology is designed to guard PHI against unauthorized or unintended access over Wi-Fi or cellular networks. It ensures that such sensitive information is protected against interception by rendering it inaccessible and unreadable during transmission.
HIPAA regulations dictate that a high level of encryption be applied to all patient communication that is, will, or can be communicated via electronic platforms. Since so many healthcare organizations rely on personal mobile devices for daily activities, it is vital that any PHI communicated through such devices be encrypted in such a way that protects this information from being compromised.
Because too many different operating systems and devices exist in a work environment, ensuring consistent levels of encryption can be very difficult. This is even further complicated with the constant switch between internal Wi-Fi and external cell networks, not to mention the threat of devices being either lost or stolen.
Administrative, Technical, and Physical Safeguards
Since so many of the threats listed above are common, many providers have sought out and deployed secure messaging platforms for healthcare professionals. HIPAA compliant text message encryption solutions exist primarily on mobile devices but often have PC solutions as well to ensure cohesive and consistent communication between parties. That being said, text message encryption alone is not enough to meet the safeguard requirements established by HIPAA. These safeguards are defined under three categories: Administrative, Technical, and Physical. Below is a quick primer:
According to the U.S. Department of Health & Human Services, Administrative Safeguards are defined as ”administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.”
CMS defines physical safeguards as “physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.”
Finally, technical safeguards are the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.
How Do We Approach HIPAA Compliant Encryption for Text Messaging?
Every iteration of the Qliq Secure Texting app employs user authentication before messages can be sent or received. Users must log into the app using their authorized credentials. On mobile devices, this includes a convenient four-digit PIN. Administrators can set password strength requirements as well as expiry dates.
With Qliq Secure Texting, all data is encrypted end-to-end both in transit and at rest. This includes 2048-bit message encryption and 256-bit AES encryption for message attachments such as images, audio, and various document formats. Messages are encrypted by the sending device and then decrypted by the receiving device, using a combination of public and private keys. Only the intended recipient can decrypt the message. Our cloud-based servers then route messages, which are stored in encrypted format in the Qliq app.
QliqSOFT’s approach to text message encryption means that we do not store or access the information that flows through the Qliq network. Rather, storage of information is controlled by the end-users and their organizations. The message server routes message traffic and the information in the cloud only long enough to complete the message delivery. When delivery occurs, the information is deleted from the Qliq Servers.