Slideshow 10 keys to keeping text messages safe

  • July 26 2016, 6:34am EDT
11 Images Total

10 keys to keeping text messages safe

Before implementing a secure text messaging approach, leaders from IT, clinical, security, legal and human resources must collaborate to develop policies and procedures ensuring that all processes and technology involved will be effective and secure. Here are 10 ways to get there, based on research by Spok, a vendor that specializes in messaging applications.

Policy: Eligibility

Define which users are eligible to use secure text messaging based on the clinical workflows in which they are involved.

Content Continues Below

Policy: Expense allocation

Define who pays for the device, the application, and mobile carrier voice and data services.

Policy: User roles and responsibilities

Define user responsibility for the use and maintenance of the technology, such as battery management, availability while on call, and damaged or lost devices.

Policy: Security and feature management

Define how data shared within secure text messages will be secured in transit and at rest. This will likely include using mobile device management for enforcing pass codes, device encryption and restrictions.

Content Continues Below

Policy: IT support

Define what devices, networks, services and features IT will support, and what is out of its scope of coverage.

Procedure: Consumer application usage

Define whether or not users are allowed to use consumer messaging apps, such as iMessage and WhatsApp, in any workflows, or whether they will be prohibited.

Procedure: Texting orders

Define whether or not staff can use secure text messaging to text orders. However, certain secure text messaging solutions may not support everything needed to enable these workflows, such as order verification.

Content Continues Below

Procedure: Screenshots

Create a procedure to prohibit screenshots of secure text messages. Most secure texting solutions natively prevent copy/paste, but they cannot prevent screenshots without a mobile device management solution.

Procedure: Dictation

Create a procedure to prohibit the use of keyboard dictation for any messages containing protected health information. If your secure texting solution uses the native keyboard, this is not a HIPAA-compliant workflow.

Procedure: Attachments

Create a procedure to prevent the ability to attach images or video that contain PHI from the device’s camera roll. Instead, devise a procedure whereby users have to add attachments from the camera.