You may be wondering how to approach the subject of compliance with the new HIPAA & HITECH legislation. This page offers some specific points to keep in mind when you consider your options.
Answers to these questions specifically for Answer Excellence’s Secure and Ensured Messaging solution are provided here.
- Secure your communications
- Blackberry, iPhone, Android & other models supported
- No Software to install
- Guaranteed delivery options
Questions to Ask
1. How easy is it to set up and use?
It’s hard to get much simpler than basic SMS text messaging. There is no way to secure message information without adding at least a small degree of complexity. You must consider the potential impact of a particular solution, on both its users and the organization as a whole.
A well-designed system minimizes complexity that you have to deal with, while adding features which improve the overall communications process. Contact us to discuss your HIPAA compliance needs. Our Secure Messaging solution may be just what you need to achieve HIPAA compliance while providing additional benefits.
2. Does it require any special smart phone?
One difference between systems is the range of devices that are supported. This depends on whether or not a proprietary application must be installed on users’ phones. Solutions that involve installing an application on the phones usually support only specific brand(s) of phones and require individual attention to each phone.
A different approach to secure mobile messaging involves using the same technology that enables secure online internet banking. All modern smartphones, even many inexpensive models, support the HTTPS secure encrypted protocol that you probably use for your online shopping today. This opens up a range of options, none of which require any special phone type or application on the phone itself.
What will happen if I don’t receive a message?
Some messages are so critical that you may want a form of guaranteed delivery, where escalation occurs if you don’t read a message in a designated amount of time. Escalation of unread messages might involve a phone call to the recipient at one or more phone numbers, or perhaps having the message automatically sent to a second recipient.
If you have this concern, it’s important to understand how a proposed solution will handle this situation. Also see “Is it possible to have special handling for urgent messages?” below.
Do I have to log in to get each message?
To be reasonably secure, some form of user authentication is required. This involves a compromise between maximum security (which would suggest requiring users to log in to see each individual message) and user convenience (because logging in is, frankly, a hassle to most users).
Ideally, a solution allows you to strike a reasonable balance. For example, a system that requires a user to log in once per week is relatively non-disruptive while still limiting potential exposure due to a lost or borrowed phone.
A secure system must allow users to log out explicitly in case they lend the phone to a non-authorized individual. It’s imperative that access to the phone itself does not necessarily allow access to confidential messages.
Are my messages stored in case I need them later?
Messages can constitute useful ongoing reminders, like a checklist of items to be done. It’s important that you can control whether or not you delete any particular message.
Will I pay more for this secure messaging?
If a solution requires the purchase of any special hardware, software, or phone devices, it will involve some expenditure.
- Is there an up-front investment in the form of a special server, licensed software application, or custom phone model?
- Does it require IT resources to install or configure?
- Is there an ongoing fee per message or per user?
Do I need special equipment or software for my phone or office?
Some solutions are based on proprietary software, which may require either purchasing a server or a special application for your office, special software for your phones, or all of these together. In addition, any equipment or software purchase is likely to require IT resources to install, configure, and support.
Another consideration about proprietary solutions is that there is no practical way for you to verify the level of security provided by the system. Not all forms of encryption are equal, and a poorly implemented encryption scheme is worse than none at all if it lulls you into a false sense of security.
Solutions based on mobile web technology generally support the HTTPS encrypted communication. HIPAA requirements are met by using the same level of encryption that is used for credit card numbers, bank account numbers, and other confidential information.
Is there a limit to the size of my text message?
SMS messages are limited to 140 characters in length. Many secure messaging systems permit much longer messages. While you may not need to send or receive huge messages, it’s very useful to have more than 140 characters. Most secure messaging solutions solve the problem of cut-off messages and missing information.
You should check that any proposed solution allow enough space for the types of messages that you would like to send and receive.
Is it possible to have special handling for urgent messages?
Not all messages are equally important. Some messages are so mission-critical that you can’t afford to miss the message for any reason. In these cases, it’s important that your messaging solution provides a guaranteed delivery option.
For example, if a critical message is not read in 30 minutes, an escalation protocol can deliver the message by other means (e.g., voice phone calls) or by automatically routing the message to a backup person.
Answer Excellence’s Secured and Ensured Messaging
Here are some answers to these questions as pertains to our Secure Messaging solution.
How easy is the solution for me to use? If you can use any web-based mail service (Hotmail, Yahoo, etc.) then you will have no problem using our system. It’s streamlined for mobile use.
Does it require a special smart phone? No. Any phone that supports mobile web internet access should be sufficient. The most important consideration is whether a phone meets your needs as a user in terms of screen size, keyboard, ease of use, voice quality, and other features.
Thanks to the advanced state of today’s mobile technology, a vast selection of devices are available. Please contact us regarding the use of specific devices.
What will happen if I don’t receive a message? Our Ensured Messaging option allows us to take other steps to deliver a message that hasn’t been read in time. This can include voice telephone calls and/or automatic routing of the message to a backup person or administrator for reassignment.
Do I have to log in to get each message? No. Typically we require a user to log in once per week to keep the maximum potential exposure to a reasonable level. The life of a login session can be configured based on user preference.
Are my messages stored if I need them later? Yes. Messages will remain visible to you until you delete them. Even after you’ve deleted a message, it is securely archived in case you need a copy of it later.
Will I pay more for this secure messaging? That depends. Basic Secured Messaging service is free for all our clients. Optional features (such as Ensured Messaging for guaranteed delivery with escalation protocol) may involve an additional fee.
Do I need special equipment or software for my phone or office? No. No software needs to be installed on your phones or office equipment. We provide a secure web page that you can share with your office or others who need to send messages to you. This works using any computer or phone with internet access and a web browser.
Is there a limit to the size of my text messages? Our basic Secured Messaging service supports messages up to 16,000 characters, which is many pages worth of text. Optionally, it can be expanded to include larger messages, images, and other mixed media.
Is it possible to have special handling for urgent messages? Yes. We call this our Ensured Messaging option. It can include an escalation protocol so that messages which have not been read in a specified time can be delivered by other methods or to other people. This provides the option of a guaranteed delivery protocol rather than a “send and forget” method.
For More Information
Contact us to discuss your HIPAA compliance needs. Our Secure Messaging solution may be just what you need to achieve HIPAA compliance while providing additional benefits.