Phone Answering Service Blog

Secure Text Messaging and Email for Medical Practices

Written by Aaron Boatin | November 30, 2020
Most health care providers send text messages and emails throughout their day. Unfortunately many are choosing unsecured methods of transmission. If your medical answering service is sending PHI via regular text messages, they should know better. It's bad news for protecting patient data and worse yet, a clear HIPAA violation. 
 
Embracing technology to increase the speed of health care is a good thing, but only if it's done right. This means encrypting PHI to ensure the privacy protection mandated by HIPAA / HITECH act. 
Get answers to your toughest questions about choosing a medical answering service. From HIPAA compliance to pricing, our free guide covers it all. 
 

Managing Protected Health Information (PHI) with Secure Text Messaging

Standard texting on cell phones and alpha/text pagers is not HIPAA compliant. However, implementing secure text messaging for providers is a painless process, and allows you to receive HIPAA compliant, secure text messages using your smartphone

Startel Secure Messaging App

Startel released their popular Secure Messaging Application as a way for medical practices to stay on top of their customer service, anywhere they may be, and remain HIPAA compliant.
 
It's a powerful enterprise paging and messaging application built for Apple iOS and Android mobile phones and tablets. It can replace or supplement current paging technology and enables instant two-way communications.

It is ideal for organizations where HIPAA compliance is a necessity or sensitive data needs to be securely delivered to mobile devices.

When the recipient receives a new message alert, the secure message can be viewed instantly using the secure messaging app. The secure messages are kept separate from email and text messages.
 
It also features ‘One Button Check-In’ which allows staff to acknowledge they have received the call without having to speak to one of our agents.
This saves time, money and improves response time to patients. Faster response can have a big impact on patient satisfaction scores.

Socket Layer (SSL) Technology

Ambs Call Center’s Startel Secure Messaging offers compliance, privacy, and sender/receiver authentication and uses 256-bit encryption SSL Technology, which exceeds compliance standards, and is the same technology that protects sensitive information on major websites that offer secure online transactions.
 
Other ways that the app is useful to medical practices complying with HIPAA and increasing efficiency include:
  • Includes reporting and an audit trail of all messages with all message events.
  • Issues persistent alerts to the recipient’s mobile device, helping ensure immediate action.
  • Allows you to designate High Priority messages, which is displayed at the top of the message list.
  • Provides encrypted Message Delivery and Message Read receipts, indicating that the device has received the message, or the recipient has opened the message.
  • No need to add a text messaging plan, the app bypasses traditional SMS messaging
  • Free secure messaging between devices – no text charges apply.
  • Ability to send secure broadcast messages to a group.

Management of Secure Text Messaging for Medical Practices

The management of secure text messaging users is easy. Management of the devices is done via web portal so that your IT staff can add, delete or change user settings. If a device is lost or stolen, the data on the phone can be deleted using the 'remote wipe' functionality.
 
Secure text messaging solutions work by hosting the encrypted PHI on hosted secure servers. The phones then access this secure data via the secure texting app.
 
This is a great solution for medical practices where most providers use their own phones. It fits in perfectly with BYOD policies in place at large health care organizations.
 
The best apps mimic the ease of use of regular text messaging making adoption easy and intuitive. They also bring several nice enhancements and integrations. For example, the ability to send and receive images (think x-rays) and audio files saves an enormous amount time.
 
Many medical practices that have implemented secure text messaging have seen huge benefits in productivity. Aside from HIPAA compliance, the speed of communications accelerates dramatically
 
This has a direct positive effect on patient care.

Encrypted Email

Standard email is not HIPAA complaint. Email that is sent from one user to another is vulnerable at any point along that transfer without email encryption.

Using unencrypted emails not only puts the content of the emails at risk but also the identities of the sender and receiver.

About Encrypted Email Delivery

In order to provide additional protection for email communication in transit and keep electronic communications from prying eyes, companies often apply encryption methodologies to their electronic communications.

Encrypted email refers to the process of encoding email messages in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can.

Two Popular Options for Encrypting Email

Ambs Call Center supports both TLS and Secure/Multipurpose Internet Mail Extensions (S/MIME) encryption methods.

Using TLS encryption

Transport Layer Security transcription (TLS) protocol keeps prying eyes away from your emails while they are in transit. TLS is a protocol that encrypts and delivers mail securely for inbound and outbound email.

It helps prevent eavesdropping between email servers. It's worth noting that your email messages are encrypted only if the sender and receiver both use email providers that support Transport Layer Security.

Not all email providers uses TLS. Not sure if your mail server has TLS enabled? Use this online tool to test your email address.

Using S/MIME secure email

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a widely accepted method for sending secure email messages.  It allows you to encrypt emails and digitally sign them. It gives the recipient the peace of mind that the message they receive in their in box is the exact message that started with the sender.

It also ensures that the person receiving the email knows that it really did come from the person in the 'From:' field.

S/MIME provides for cryptographic security services such as authentication, message integrity, and digital signatures.

Fax

Information and messages containing PHI can be faxed immediately as they are received or sent as a batch at the days and times that are most convenient for you.

Secure Web Portal

Many medical answering services offer real-time access to call records and information via a secure web portal.

You can mark messages as read, forward via email, and sort and filter calls as you see fit. Most web portals are mobile-optimized for smartphones and tablets.

Putting it all together for your practice is a challenging endeavor - and the best way to start is to do you due diligence, and if you've decided to use an answering service, find some way to compare them on an even playing field. We've got you covered in our Medical Answering Service Comparison Checklist - download it now to make a comprehensive comparison.