SYS-CON MEDIA Authors: Liz McMillan, Carmen Gonzalez, Pat Romanski, Elizabeth White, Yeshim Deniz

Blog Feed Post

Encryption and Healthcare Mobile Messaging

encryption healthcare mobile messaging

What’s so hard about the encryption of healthcare mobile messaging?

Last week, I came across an interesting article on encryption and healthcare mobile messaging. The article pointed out that pointed out the need for mobile device security when practitioners exchange PHI. Apparently, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) issued an important reminder to healthcare on the need to mitigate risks surrounding the use of mobile devices.  According to the article, OCR stresses that:

mobile devices should be included in an organization’s enterprise-wide risk analysis and that organizations implement security measures to reduce identified risks to a reasonable and appropriate level, as required by the Health Insurance Portability and Accountability Act (HIPAA) rules.

While it is obviously the OCR’s purview to issue statements on encryption in healthcare and mobile messaging, the issue remains that many physicians will continue to struggle with achieving this goal. Why is this the case? The reason for the struggle is that practitioners use non-secure, non-encrypted messaging platforms in healthcare to exchange information. As such, exchanging ePHI on non-secure platforms quickly follows. For secure exchange of ePHI, hospitals and clinics must embrace secure messaging platforms. One cannot exist without the other.

Why healthcare secure messaging is challenging

In part, secure messaging is challenging for healthcare professionals because practitioners often prefer to use a mixture of pagers, SMS, Facebook, GChat or WhatsApp to communicate with one another.  Additionally, even though WhatsApp now has end-to-end encryption, it still lacks access control that is needed to make it truly appropriate for healthcare. Without access control, anyone with the smartphone password can access information on the application.

Additionally, even if practitioners try to increase security by not naming patient names in exchanges, they still run the risk of violating HIPAA. For example, in one well publicized case, nurses began using Facebook to provide shift change updates to their coworkers. They did not use patient names, but they did post enough specifics about patients so that incoming nurses could prepare for their shift.

Disclosures were made with the best of intentions, but obviously violated HIPAA constraints. Omitting a patient’s name does not guarantee that the person cannot be identified. The conclusion that arises here is that under no circumstances should practitioners exchange PHI through non-secure methods of communication.

Another issue that makes secure messaging challenging through traditional smartphone applications is that the information cannot be wiped. In healthcare, users often face the risk of loss and theft of their device. The stolen information is then often sold on the black market where it is very valuable.

Secure messaging applications – a modest proposal   

Healthcare should not think that the solution to insecure messaging is the banning of smartphones. Indeed, doctors and nurses have their devices almost surgically attached. Banning would only be counterproductive and decrease productivity. Instead, the first critical step in switching healthcare’s mindset is to encourage adequate training.

Training needs to start at the top of the healthcare facility food chain. Physicians aren’t the only ones who need training. Directors and administrators need training as well. In this training, employees should learn about appropriate clinical secure messaging applications they can use.  OnPage, for example, provides a smartphone application which allows practitioners and administrators to exchange attachments, ePHI and text messages in a secure manner that keeps individuals HIPAA compliant.

Additionally, all users of secure messaging applications need to learn the steps of what they should do if they lose their smartphones. Individuals need to feel guilt-free about reporting this to appropriate administrators so they can have their app wiped, thus inhibiting the theft of any patient information stored on the messaging app.

Additionally, healthcare facilities need to impress upon practitioners that facilities can face significant financial and regulatory repercussions if hospitals violate HIPAA regulations by not adequately protecting patient information. Patients have been shown to be wary of visiting hospitals that have experienced HIPAA violations.

Finally, institutions need to make the switch to a secure clinical communications platform seamless and easy. Transitioning to a secure messaging application should require minimal effort. As such, sign on and sign off should be easy. Security should be on the onus of the app. Patient privacy should be easily maintained through message encryption.


It is fascinating to see how healthcare regulating agencies see the issue of mobile device security and PHI. Clearly, they see it as an important issue but one that is nowhere close to being solved.  What we can conclude from the article is that healthcare institutions need to continue their vigilance in protecting patient information. Secure messaging solutions and increased training are the best place to start.


The post Encryption and Healthcare Mobile Messaging appeared first on OnPage.

Read the original blog entry...

More Stories By OnPage Blog

OnPage is a disruptive technology and application that leverages today's technology and smartphone capabilities for priority mobile messaging. With a top notch history of ensuring uninterrupted communication for businesses and critical response organizations, OnPage is once again poised to pioneer new mobile communications methodology for business and organizational use.

Latest Stories
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the competition, or worse, just keep up. Each new opportunity, whether embracing machine learning, IoT, or a cloud migration, seems to bring new development, deployment, and management models. The results are more diverse and federated computing models than any time in our history.
Andrew Keys is co-founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereum.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science" is responsible for guiding the technology strategy within Hitachi Vantara for IoT and Analytics. Bill brings a balanced business-technology approach that focuses on business outcomes to drive data, analytics and technology decisions that underpin an organization's digital transformation strategy. Bill has a very impressive background which includes ...
On-premise or off, you have powerful tools available to maximize the value of your infrastructure and you demand more visibility and operational control. Fortunately, data center management tools keep a vigil on memory contestation, power, thermal consumption, server health, and utilization, allowing better control no matter your cloud's shape. In this session, learn how Intel software tools enable real-time monitoring and precise management to lower operational costs and optimize infrastructure...
Most organizations are awash today in data and IT systems, yet they're still struggling mightily to use these invaluable assets to meet the rising demand for new digital solutions and customer experiences that drive innovation and growth. What's lacking are potent and effective ways to rapidly combine together on-premises IT and the numerous commercial clouds that the average organization has in place today into effective new business solutions. New research shows that delivering on multicloud e...
While a hybrid cloud can ease that transition, designing and deploy that hybrid cloud still offers challenges for organizations concerned about lack of available cloud skillsets within their organization. Managed service providers offer a unique opportunity to fill those gaps and get organizations of all sizes on a hybrid cloud that meets their comfort level, while delivering enhanced benefits for cost, efficiency, agility, mobility, and elasticity.
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
Data center, on-premise, public-cloud, private-cloud, multi-cloud, hybrid-cloud, IoT, AI, edge, SaaS, PaaS... it's an availability, security, performance and integration nightmare even for the best of the best IT experts. Organizations realize the tremendous benefits of everything the digital transformation has to offer. Cloud adoption rates are increasing significantly, and IT budgets are morphing to follow suit. But distributing applications and infrastructure around increases risk, introdu...
DevOps has long focused on reinventing the SDLC (e.g. with CI/CD, ARA, pipeline automation etc.), while reinvention of IT Ops has lagged. However, new approaches like Site Reliability Engineering, Observability, Containerization, Operations Analytics, and ML/AI are driving a resurgence of IT Ops. In this session our expert panel will focus on how these new ideas are [putting the Ops back in DevOps orbringing modern IT Ops to DevOps].
Isomorphic Software is the global leader in high-end, web-based business applications. We develop, market, and support the SmartClient & Smart GWT HTML5/Ajax platform, combining the productivity and performance of traditional desktop software with the simplicity and reach of the open web. With staff in 10 timezones, Isomorphic provides a global network of services related to our technology, with offerings ranging from turnkey application development to SLA-backed enterprise support. Leadin...
Cloud is the motor for innovation and digital transformation. CIOs will run 25% of total application workloads in the cloud by the end of 2018, based on recent Morgan Stanley report. Having the right enterprise cloud strategy in place, often in a multi cloud environment, also helps companies become a more intelligent business. Companies that master this path have something in common: they create a culture of continuous innovation. In his presentation, Dilipkumar Khandelwal outlined the latest...
On-premise or off, you have powerful tools available to maximize the value of your infrastructure and you demand more visibility and operational control. Fortunately, data center management tools keep a vigil on memory contestation, power, thermal consumption, server health, and utilization, allowing better control no matter your cloud's shape. In this session, learn how Intel software tools enable real-time monitoring and precise management to lower operational costs and optimize infrastructure...
The dream is universal: heuristic driven, global business operations without interruption so that nobody has to wake up at 4am to solve a problem. Building upon Nutanix Acropolis software defined storage, virtualization, and networking platform, Mark will demonstrate business lifecycle automation with freedom of choice and consumption models. Hybrid cloud applications and operations are controllable by the Nutanix Prism control plane with Calm automation, which can weave together the following: ...
FinTech is a disruptive innovation that denotes the adoption of technologies that have changed how traditional financial services work. While FinTech is now embedded deeply into the financial services ecosystem, the rise of digital age has paved way to FinTech 2.0 - which is rolling out innovative solutions through emerging technologies at a disruptive pace while maintaining the tenets of security and compliances. Blockchain as a technology has started seeing pilot adoption in FinTech around ...