Handling Healthcare SMS Security Between Different Devices

10.26.12 In the News

By: Patrick Ouellette   |   October 26, 2012  (Featured on Health IT Security)

TigerText, a short message service (SMS) security company, announced yesterday that more than 250 healthcare facilities around the country are using its HIPAA-compliant messaging platform for their secure communications. Considering the company’s healthcare mobile security experience, it can speak to the struggles that CIOs or CISOs can face in maintaining a secure, HIPAA-compliant mobile platform.

Using a security platform built on an open application programming interface (API) that gives flexibility to healthcare providers to include scheduling and cloud hosting services on their mobile platforms, the TigerText application is an interesting option for providers. Jeffrey Evans, co-founder and CEO of TigerText, took some time a few months ago to talk with EHRIntelligence.com, a HealthITSecurity.com sister site, about secure messaging between different devices.  It can be difficult to get devices to the point where they can send encrypted messages between operating systems, which is where Evans says that TigerText can step in.

How do you go about designing a secure messaging system that complies to HIPAA?
The complication isn’t in designing a system that meets the HIPAA standards and requirements are, it’s in trying to deliver a cross-platform solution that lets people communicate the way they want by building a unique system. We secure the information and encrypt it at rest, it’s encrypted in transit and it’s encrypted on the device. So having it encrypted in all spots, it meets the compliance standard and if something happens to the integrity of the data, it encrypts it so there’s not in a situation where there’s a loss of information out there in the public domain.
The biggest complication is “How do people want to communicate?” If we say we just want to build an iPhone to iPhone application, there’s a little simplicity to that. In fact, we’ve seen companies come out and do that right now. For us, we said the key has to be “How are you choosing to communicate via mobile?” So whether you’re on an Android, iPhone or Blackberry, that’s one thing but there’s also have nurses and administrators who spend the majority of their time in front of a desktop. So we make it work for them on the Web as well, where you have an instant message conversation with someone’s iPad or iPhone.
And people aren’t always on one device only. I could be on my iPad, iPhone and computer and so we made the system synchronize between all three. So if I send a message to someone from my iPhone and I go look on the computer, the message I see there will be there from account as well. It’s very important to us and something that we’re going to pride ourselves on.
What’s the best way to handle security for different operating systems
It’s challenging – there’s nothing trivial about it by any stretch. The complications are different with each of them. The problem with Android is that you have multiple versions of the software that are highly prevalent so it doesn’t update anywhere near the pace they update iOS. You’ve got multiple versions of Blackberry software, devices and screen resolutions. You’re talking about 1 iPhone and 45-50 Blackberrys in terms and have uniqueness.
There are device-centric items as well as server-centric items. Very few Blackberrys are touch-screen so you have to deal with that. If a group has an Android, Blackberry and iPhone, whenever someone takes action with a message, it affects everyone in that group, it all has to come together and connect in the end.
We look at it like the devices should be irrelevant so we want to get to the point where you can message anyone, no matter what kind of phone they have and it’s a HIPAA compliant communication path, period.
Evans has strong experience in secure messaging and how healthcare CIOs should look at mobile devices. Companies like TigerText are going to be useful going forward as SMS becomes more widely adopted. As noted in a recent HealthITSecurity.com article, many healthcare providers aren’t aware of HIPAA policies and recommendations when it comes to SMS. Healthcare providers will end up looking at these these types of secure messaging companies that are HIPAA compliant.