In this rapidly advancing technological world, an increasing number of healthcare providers are incorporating electronic health record (EHR) technology. In addition, they are also connecting to health information exchanges more frequently, making patient health information (PHI) more susceptible to online security threats as well as possible HIPAA data breaches.

The convenience of PHI being more accessible to providers also carries the risk of being more accessible to hackers and unauthorized users.   Effectively monitoring and managing potential risk is imperative for a healthcare organization.  Risk assessments play a key role in staying HIPAA compliant.  Mobile devices and ransomware threats are examples of why healthcare providers need to be prudent in their risk analyses.  The slightest oversight or lapse could lead to a HIPAA data breach as well as a lengthy, expensive recovery course.

What Is a HIPAA Data Breach

Per the U.S. Department of Health and Human Services (HHS), a data breach is the forbidden use or disclosure of PHI under the Privacy Rule that jeopardizes the security or privacy of patients.  For example, if a nurse’s assistant is a friend of patient Jane Doe and posts on social media that Jane Doe’s health condition is worsening, this is a HIPAA breach.  Another type of data breach is unencrypted data being lost or stolen due to using backup tapes for data archival. Portable devices that are unencrypted or not properly safeguarded by passwords, personal identification numbers, or other security measures, pose a much greater risk of a data breach. 

There are three exceptions to the HHS Privacy Breach.  First, if a healthcare worker unintentionally acquires the use of PHI while acting under authority of the covered healthcare organization, this is an exception. Secondly, inadvertently sharing PHI with another person who has authorized access to PHI is not a breach.  For example, John Doe is a patient at XYZ Hospital.  Dr. Smith is his cardiologist and Dr. Jones is his nephrologist.  To properly coordinate a heart and kidney care plan of treatment for Mr. Doe, Drs. Smith and Jones are allowed to share PHI pertaining to the patient.  Lastly, if a healthcare organization believes that the person to whom the PHI disclosure was made is unable to retain the information, this is also not considered a data breach. 

Understanding HIPAA data breaches and the exceptions to the rule provides healthcare organizations the information they need to formulate extensive data security plans to keep PHI safe and secure.  One of the easiest ways to prevent an employee data breach is by training, documenting, and monitoring employee adherence to security policies and procedures. In addition to training your own employees, remember to be vigilant when checking your business associates’ compliance to ensure their employees have been trained.

Ransomware Attacks – Are They HIPAA Data Breaches

Whether or not a ransomware attack is a HIPAA data breach is determined on a case-by-case basis.  To put it somewhat simply, if electronic protected health information (ePHI) is encrypted as a result of a ransomware attack, it is considered a HIPAA data breach because the PHI was able to be accessed.  Therefore, it is a disclosure that is not permitted under the HIPAA Privacy Rule. 

On the other hand, if the ePHI encrypted in a ransomware attack was already encrypted in alignment with HIPAA regulations, it may or may not be considered a breach.  Each situation is treated uniquely.  The HHS Office of Civil Rights states, “If the electronic PHI (ePHI) is encrypted by the entity in a manner consistent with the Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals such that it is no longer ‘unsecured PHI,’ then the entity is not required to conduct a risk assessment to determine if there is a low probability of compromise, and breach notification is not required.”

Ensuring PHI Protection

The HHS PHI Privacy Rule protects all individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. 

In order to determine the best security measures, a healthcare organization must consider its size, capabilities, and complexity.  Furthermore, the technical hardware and software infrastructure must be evaluated as well as the expense of security measures.  Last, but certainly not least, every healthcare organization must scrutinize the likelihood and possible consequences of plausible risks to ePHI.

To protect ePHI, it is imperative that healthcare organizations keep all security measures up-to-date, confirm compliance with state and local laws, as well as HIPAA compliance.  There are several ways ePHI security can be compromised, and that is why facilities have to be cautious and able to adjust security measures when necessary. 

HipLink offers real-time secure messaging for Apple or Android devices. The user can send secure text messages, encrypted for HIPAA compliance from a desktop or smartphone.  For more information, contact us at 408-399-6120.  

Implementation of Secure Text Messaging (STM) affords healthcare providers a convenient, efficient method to communicate with colleagues in real time.  Lab results, medication requests, and test results can all be sent and received via a secure, encrypted text messaging app. 

However, implementation alone does not ensure usage of the STM app.  Many healthcare providers may be skeptical of the new changes to the existing system.  In order to augment adaptation, hospitals need to be driven and encouraging in their efforts to promote usage of the app.  An internal marketing campaign, support from the IT department, and positive feedback from users are some ways this can be done. 

Garner Support and Encourage Change

Procuring executive support and buy-in is crucial.  To achieve this, the project leader or manager must demonstrate how STM tackles business problems and how it can be advantageous to the hospital, i.e., improved communication amongst healthcare providers, HIPAA-compliant, and improved patient satisfaction.

Additionally, influential end users can help stimulate change by being advocates of the new technology.  When these users understand the benefits of STM to their daily work routines and the ease of use of the app, they will be eager to spread the word, resulting in others being enthusiastic about the new technology.  Technologically experienced physicians who are held in high regard by their peers are imperative in this process.  Colleagues tend to consider the opinion of a trusted source when determining their own stance concerning new technology. 

Encouraging change within technology is actually quite simple with an STM app.  Explaining that STM operates using the same methods as regular texting will immediately ease the transition into the new technology.  Detailing the benefits STM brings to each individual using the app is also a key point.  Does it save time?  Does it provide quicker communication with a colleague that ends in better care for a patient?  Incorporating clinical communications such as nurse call and code calls also offers workflow improvements to communicate more efficiently.

Promote the Advantages

Acceptance of STM also requires a marketing campaign.  Preferably with the help of the marketing department, plan a promotional crusade that ensures everyone is aware of the app’s availability, the rollout schedule, training opportunities and, specifically, the benefits for the end users.  Before the launch of the app, generate excitement with the help of newsletters, posters, banners, and blogs.  It is much easier to integrate new technology at an event that everyone is looking forward to.  Pre-launch blogs detailing the app and its ease of use as well as its many benefits can go a long way towards increasing enthusiasm. 

The rollout event is as essential as the marketing campaign.  To ease the transition, provide initial training, and answer questions, the event should have representatives from the IT department and from the vendor.  Seeing the app and having any concerns addressed in person will help end users accept it and perceive it as simple and beneficial not only to themselves, but to the patients as well.  Don’t forget to include the influential physicians and users as advocates for support at the event. 

Provide a Dependable Infrastructure and Troubleshooting Process

Comprehensive Wi-Fi and mobile coverage throughout all hospitals and affiliate locations is absolutely essential.  Lack of an excellent wireless and cellular signal not only leads to frustrated users, it can also have a devastating effect on the quality of patient care.  Critical messages that are delayed by a poor signal are unacceptable in a hospital setting.  Additionally, users who get frustrated by a poor network will not adapt to the STM. 

As with all technology, many things can occur that affect the functionality of the app.  A problem with the app, data accuracy of the contact directory, device settings, and more can all cause a glitch.  Implementing a self-service FAQ comprehensive database of the most common questions and troubleshooting problems will save time and solve the simplest of problems.  For more complex issues, a service desk can be established.  Users should have multiple means of accessing the service desk, including an avenue in the app itself.  Users who have a difficult time getting help when they have problems are likely to give up and return to the old, unsecure texting to communicate with others.  By getting quick answers and solutions to their problems, users are much more likely to engage with the app.

Plan and Deliver

For an STM app to be successfully adopted, it requires an excellent user experience.  As with all apps, most people blame one glitch on the app itself when the problem may actually be something else entirely such as poor cellular network coverage.  To prevent this, IT should test the app extensively to ensure a smooth user experience.

In-depth planning and preparations will help you deliver a more successful rollout to augment acceptance and enthusiasm of the STM app which is an invaluable, efficient communication tool that saves time and speeds the delivery of patient care.  For more information about HipLink and our STM app, contact us at 1-800-524-7503.

Not too long ago, the use of mobile devices inside organizations was a foreign and often heavily debated concept.  The rapid increase of BYOD integrations and Mobile Application Management (MAM) has become an evolving phenomenon with many personal mobile devices present in the work place.

BYOD offers the capability to support fewer employee network devices, yet still unleashes productivity amid employees and partners. A successful BYOD implementation leverages the organization’s network and gets the best out of consumer technology.  In combination with cloud-based applications, personal device expansion, and data center reorganization, BYOD and MAM provide an opportunity for organizations to build the best network design with mobility in mind.  Managing BYOD and MAM properly is an integral part of any growth strategy. Organizations that incorporate formal programs and successful training will reap five crucial benefits:

An Increase in Employee Productivity

People are more comfortable and productive when using their own mobile device.  The functions of an employee’s personal phone or tablet are familiar and can be quickly accessed and utilized.  BYOD also enables employees to stay connected during down time (i.e., evenings, weekends, and commuting). In a healthcare setting, physicians and staff can use Secure Text Messaging (STM) to share clinical information on a patient, omit some of the red tape that comes along with referrals, schedule appointments, and document a patient’s care. 

Lower Overhead Costs

BYOD eliminates the responsibility of an organization to provide mobile devices to all employees.  Utilizing STM, an organization can send messages securely through message encryption and stay compliant with security standards.  

Advanced Business Processes

There is no denying that mobile devices have evolved tremendously over the past few years.  Combining MAM and BYOD enables organizations to create new business processes to streamline responsibilities and/or facilitate new functionalities when workers are away from their desks.  With MAM in place, healthcare providers can use their mobile devices anytime from anywhere to do tasks such as document patient encounters, view schedules, view patient charts, and prescribe medications. 

Consistency Among Users

Multimedia personal devices on a corporate network can restrict the quality of a user’s experience due to the additional capacity required to support them. A mainstream BYOD policy can help IT managers understand the impact of BYOD and improve the infrastructure where necessary to secure a consistent user experience for everyone. 

Flexibility

Mobile technology continues to advance quickly. An organization investing in the very best of mobile devices will suffer when these devices are obsolete in two or three years.  When employees are forced to use outdated devices, productivity suffers.  Employees are people that consistently upgrade to the latest technologically advanced mobile devices. With BYOD and MAM incorporated, an organization leverages employees bringing necessary devices in order to adapt to new technologies.

Solutions

There are many more advantages of Mobile Application Management. By using HipLink for MAM, organizations see faster deployment, shorter learning curves, and increased Return on Investment (ROI) for communication solutions.

The HipLink Mobile Application provides the following features:

•          Text Message App Overview
•          Designed for Apple or Android and smartphones and tablets
•          Supports Wi-Fi or Cellular Data connections
•          HIPAA compliant encrypted text messages
•          CJIS compliant encrypted text messages
•         Alternative to SMS messaging
•          Includes notification to desktops via pop-up alerts
•          Audit trail to track delivery and read receipts

Additionally, HipLink Mobile has a suite of mobile application options that provide maximum flexibility and leverage optimum use of smartphones and tablets. Using HipLink Mobile, users have access to a priority view of important alerts, receiving fully-secure text messages, sending secure messages, and executing actions remotely.

Hiplink's proprietary protocol operates over TCP live connections so that text messages are sent completely independent of cellular SMS. The applications provide advanced messaging features for encrypted text messages, the ability to override phone settings for emergency messages, and one-click responses. Combined with the secure and easy to manage HipLink Platform, HipLink Mobile improves overall communication throughout the organization, regardless of location.

To learn more about BYOD and MAM, visit HipLink or call 1-800-524-7503 to learn more and to request a demo.

Mobile health technology is transforming the entire healthcare system. The combination of innovative data analytics and mobile technologies are simplifying the methods used by healthcare professionals from the patient care experience to healthcare administration.

Healthcare providers faced obstacles with mobile health technology lacking essential protective measures as they relate to shared patient information, ensuring conformity of mobile devices with EMRs, and concluding which apps were the safest and most effective.  Today, the efficacy of mobile health technology has proven successful.  With access to a fully optimized, real-time, reliable mobile health app, healthcare providers have immediate access to vital information and the ability to share it with other pertinent team members. 

The Future Is Now

The 2015 HIMSS Mobile Technology Study consisted of 238 respondents who suggested that healthcare organizations are widely beginning to deploy mobile technologies with the aim of engaging patients within their organizations. Importantly, many of the respondents cited a need to fully optimize and leverage the diverse capabilities offered by mobile technology and platforms.  For example, almost 90% of respondents reported maintaining mobile devices to engage patients at their organizations. In addition, 47% of respondents indicated that implementing mobile services for access to information is a high priority in the future.

The prevalence of mobile technology in the health care industry is rapidly increasing as programs and applications for smartphones and tablets have progressively advanced. Mobile health technology (commonly referred to as mHealth) possesses the capability to improve patient care and boost efficiency of the staff and procedures.

In order to successfully incorporate mobile health technology into an organization, healthcare administrators must ensure that the app meets certain criteria:

1.    Does it offer timely and immediate access to information, whenever and wherever?

2.    Is it able to perform multiple tasks efficiently without having to switch from app-to-app?

3.    Is it organized to provide current, accurate, unbiased, relevant, and essential content during moments of care?

4.    Does it allow healthcare providers to receive and review the information they need, when and how they need it?

5.    Does it seamlessly connect with EMR (or EHR)?

6.    Does it help healthcare providers be more productive in and out of the office?

By using a mobile device to input data and update patient charts, a healthcare provider is able to spend more time with the patient and less time on the computer. 

Secure Text Messaging

Secure Text Message (STM) is used for securely sending and receiving texts and picture messages with an assortment of other mobile devices and workstations in a HIPAA-compliant manner.  Secure text messages are encrypted while being transmitted to meet the protection requirements PHI (Patient Health Information). 

By implementing an STM app, a healthcare team can communicate with colleagues in real time to rapidly address the needs of a patient.  Speeding up the process of ordering tests, lab results, and medications, affords the healthcare provider more time for more patients. 

HipLink offers an outstanding secure text messaging platform that works in real-time on Apple or Android phones.  The user can send secure text messages, encrypted for HIPAA compliance for both messages and attachments from a desktop computer and directly from the phone. HipLink Mobile provides a highly reliable and secure text messaging system.  Even if a user is not logged in, HipLink will alert the user and give them the option to login quickly. The sender will know the status of the message in all cases, whether it is pending, delivered, when it is read, and any responses – either phone-to-phone or desktop-to-phone.

By using Transport Layer Security (TLS), HipLink ensures the confidentiality of messages at the highest level of HIPAA compliance.  A very distinct feature HipLink has developed is a “single session” handshake process.  With this method, the TLS encryption key is constantly changing for each and every communications session between the HipLink server and the device.  This makes cracking the encryption virtually impossible as the key is constantly regenerating with each communication. 

Additional Features

HipLink also offers several other standard and advanced features with the Secure Text Messaging app.  Some of these features include:

• Use message templates to promptly compose new messages and spend less time typing
• Control your status by toggling between the “available” and “not available” mode
• Quickly silence or mute all pre-defined alert setting for all severities to vibrate
• Attach location coordinates
• Execute pre-programmed custom commands and templates
• Full administration and management controls
• Draft messages, set Favorites, define alert tones
• Streamlined workflows offer efficient functionality for all tasks

By incorporating HipLink mobile health technology into a healthcare organization, not only does the organization operate more effectively and efficiently, the satisfaction, engagement, and care of patients is vastly improved.  For more information about our mobile health technology including HIPAA Compliant Text Messaging, visit HipLink or call 1-800-524-7503.  

On April 29^th, 2016, the Joint Commission announced its new position on patient care through text messaging. This is a tremendous step forward in healthcare communication and will improve many aspects of patient care. At this time, physicians or licensed independent practitioners are able to text orders for patient care, treatment, services to the hospital, or other health care settings if they are using a secure text messaging platform.

The initial stance was that text messaging was not considered safe enough to use in healthcare settings due to unsecured text messages being transmitted via personal mobile phones. Additionally, the validation of information was difficult to obtain, as was the identity of the person sending the messages. The technology was simply not considered adequate to support a safe and secure use of text messaging for orders.

Times have changed however and there has been an incredible increase in secure text messaging platforms that address many of the concerns that the Joint Commission faced in the past.

The Joint Commission fully supports secure text messaging as long as the following is implemented:

·         A secure sign-on process

·         Messages have to be encrypted

·         Delivery and read receipts need to be incorporated

·         All orders have to be date and time stamped

·         Customized message retention time frames

·         Specified contact list for individuals authorized to receive and record orders

Furthermore, hospitals and other accredited organizations that plan to incorporate text orders must develop a verification process documenting the capabilities of their secure text messaging platform and define when text orders are either appropriate or not appropriate. They must also monitor how frequently text messaging orders are being used and assess the compliance with texting policies and procedures. In addition, they have to develop risk-management strategies, perform risk assessments, and conduct training for staff and licensed independent practitioners.

Although the topic is on texting orders, the Joint Commission expects that all forms of texting, including patient updates or other patient information is also used within secure text messaging platforms. They also noted that all accredited organizations must have policies that document text messages in an electronic health record- either electronically or manually.

By implementing HIPAA-compliant and secure text messaging, a healthcare team can connect with colleagues in real time and address patients’ needs quicker. They can order lab results, medications, or X-Rays, allowing the healthcare team to see more patients. A pharmacy may be able to receive text orders directly based on test results. The efficiently this can bring if implemented safely and securely can mean a great deal for patient satisfaction and help decrease staff burnout. 

HipLink® Mobile meets all of the requirements set forth by the Joint Commission and was developed to alleviate some of the communication challenges in the healthcare environment. Our HIPAA compliant, encrypted mobile application makes it incredibly easy to send full patient details and coordinate proper patient care. This can dramatically improve workflow and enable fast and accurate communication with ease. The physician or nurse can send secure text messages and attachments from a desktop and directly from the phone.  It's like a HIPAA compliant chat application.

With HipLink Mobile, the healthcare team is connected to the server in real-time and able to transmit reliable and fast messages. When one of the healthcare team members is not logged in, HipLink will automatically alert them to re-log in. The sender will always know the exact status of their messages, whether pending or delivered, and when they are read, along with any response, whether it is phone-to-phone or from the desktop to phone.

In addition to client applications, there are several features for Remote Device Management from the HipLink administrative interface that is built in the HipLink Mobile Application. An administrator can take action to disable access, delete data and enforce General Policy for all of their Users.

To read more about HipLink®’s, HIPAA compliant, encrypted mobile application, please click here. 

How do you keep your communication flow during a cyber attack? The recent cyber attacks in hospitals are raising many questions about safety and security within many organizations.

CNN just recently reported that Ransomware is growing and that “the FBI received 2,453 complaints about Ransomware hold-ups last year, costing the victims more than $24 million dollars”. CSO Online reported that incident response teams are dealing with 3-4 Ransomware incidents weekly. They also report that ransom requests have increased considerably and that in many cases the cost of recovery is so extreme that the only valid option is to consider payment.

Criminals sneak in through various techniques such as “man in the middle” attacks, lock the system and demand a ransom to unlock it. They rely on Bitcoins (XBT) since those are difficult to trace to actual people. Many of these hackers have offshore accounts and the chances of actually getting your money back or catching someone “a world away” is highly unlikely.

At HipLink we feel that the best solution is to minimize your attack surface and implement a communications platform with the ability to manage and secure your communications from end-to-end should one take place.  Our focus is to provide our customers with a complete solution for managing these requirements. Our business model has always been to build a strong communications hub with several layers of redundancy to minimize a central point of failure or compromise. This means that we do not put all of our eggs into one basket. We look at the big picture and we understand that implementation needs to be dynamic and offer seamless alternate ways to notify staff using automated intelligence.

Many of HipLink’s customers have remote and on-premise servers that communicate with HipLink and act as a back-up communication platform in case of an emergency that may compromise any of the mission critical systems running each day. HipLink’s ability to accommodate strategic communication pathways on behalf of both employees and infrastructure separate our systems from others, making them popular in many of the world’s most advanced data centers.

Our flexibility within a wide range of verticals allows us to place ourselves in a unique position that accommodates a broad range of communication requirements. This position not only improves daily workflow efficiency but can help save critical data and in many environments, lives.

If you have never been to a drag racing event, you are missing the time of your life. You get to walk through the pits and talk to the drivers and mechanics while they are preparing for the race. This is reality at its best. The event itself is an open circus venue with food and beverage vendors surrounding the pit area. It’s a great place to take the whole family!

HipLink is proud to announce that AT&T has accepted the company into its prestigious Global Supplier Diversity Program, which supports our combined commitment to promoting ongoing change.

In 1947, two Wichita, Kansas business partners opened a small auto glass shop. Forty-five years later, the single shop had expanded into a major corporation, with over 1 million windshields manufactured. Today, Safelite Group, Inc. employs almost 6,000 people around the U.S. and operates three major business units: automotive glass fulfillment services, windshield manufacturing, and fleet and insurance claims management services.

If you’ve ever received a voicemail generated from an automated message, you’re likely familiar with the problems that arise. Typically, you’ll only get the tail end of a message and forever lose any essential information that you missed at the start of the recording — which happened while your voicemail message was playing.

HipLink is committed to providing BlackBerry users with the most secure and feature rich solution in the market place. Our native BlackBerry app was developed specifically for high-level BlackBerry customers in regulated industries where security and privacy are of prime importance, including healthcare, public safety, and IT.

In every organization, rapid communication is a top priority. However, highly regulated and security-minded organizations face even greater challenges as they move from pagers and radios to integrated messaging through smartphones.

HipLink & TCS Offer New Enterprise Grade Communications Solution

Effective communication means having everyone on the same page. However, any time you need to coordinate secure communications across a diverse group — from first responders covering a natural disaster to officials at sporting events to enterprise executives to facilities managers on college campuses — the biggest challenge is ensuring that messages are delivered reliably and securely, regardless of the mobile device they are using. A new partnership between HipLink and TeleCommunication Systems, Inc. (TCS) solves the challenge, cost-effectively with HipLink’s new HipText feature.

HipLink messaging software was the missing piece dispatchers in Tooele County, Utah needed to quickly disseminate text messages to first responders and agency personnel who rely on smartphones and cell phones. “Tooele County is unique,” says Lieutenant Regina Campbell, Communications Officer for Tooele County. “We are home to a large government facility, the Tooele Chemical Agent Disposal facility at the U.S. Army Deseret Chemical Depot.”

Previously, dispatchers struggled to reach first responders, consuming valuable time and often failing to reach them in critical situations. But with HipLink in place, dispatchers can now automate the process of sending of outbound messages with virtual certainty of reaching the appropriate first responder.

Grace Hospital is committed to providing the best clinical care to patients with complicated health conditions. It looked to enhance its clinicians’ ability to focus on direct patient care while reducing alarm fatigue and increasing protection of patients’ personal health information. The hospital also wanted to improve the communications between its four locations to increase efficiencies and centralize functions.

When Catholic Health Initiatives (CHI) created its secure communications strategy, the leaders of the national, nonprofit health system knew they needed a comprehensive technology solution. They also knew it would be a challenge to find that solution. In HipLink, CHI found a partner that could take on that challenge and help it realize the benefits of cutting-edge mobile health communications.

CHI is a national nonprofit health system with headquarters in Englewood, Colorado. CHI operates in 17 states and includes 86 hospitals and 40 long-term care facilities. With total annual revenues of more than $10.7 billion and approximately 83,000 employees, CHI ranks as the nation’s second-largest faith-based health system.

The largest health IT event in the industry is fast approaching, giving healthcare professionals, clinicians, and executives the opportunity to explore the latest and greatest in health IT. HipLink will be there … and we hope you will be too!