Healthcare Information Security

Mobile News

Expanding clinical communications: Security decisions

By Patrick Ouellette

- As healthcare organizations continue to move on from pager-based clinical messaging and begin to take advantage of smart phone technology, ensuring staff members are communicating securely remains a high-level priority.

Saint Agnes Hospital, a 264-bed, full-service teaching facility Baltimore, Maryland, has traditionally relied on pagers and operator consoles for clinical communication, but recently chose to expand to Spok’s clinical alerting and secure texting offerings. Paul Donnelly, St. Agnes Director of Safety, Security and Emergency Management, explained to HealthITSecurity.com that while St. Agnes previously focused on two-way pagers to secure communication, the ability to facilitate secure texting is an asset to the organization.

Using the application, data is encrypted at rest, with the potential to use a mobile device management (MDM) solution to set a passcode and the application itself may wipe the data inside the app remotely. As for data in transit, it is 256-bit, Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encrypted. And because messages are stored on-site at St. Agnes, the IT department is able to control its own data, which is important to the hospital.

In addition to requiring a user authenticates themselves with name and password, the user needs to be sent a unique invite to gain entry into the St. Agnes directory to communicate with other clinical users.

  • Why Email Failed To Replace Fax For Secure Document Exchange
  • Stakeholders Desire Clarification on Secure Data Exchange in TEFCA
  • Computer Virus Potentially Exposes PHI of 2.5K at OR Clinic
  • Healthcare Cybersecurity Knowledge Gaps in Phishing Awareness
  • Insider Health Data Security Threats Bigger Concern than External
  • VA Patient Privacy Violations Found, Says OIG Report
  • HHS discloses Westerville Dental Center data breach
  • Why Businesses Must Adhere to FTC Act and HIPAA Privacy Rule
  • UPMC mails patient data breach notification letters
  • Top Tips for Better Healthcare Security in 2015
  • Health IT Security Weakness Found by ONC Challenge Winner
  • Preventing Insider Threats from Affecting Health Data Security
  • HHS Reiterates OCR Ransomware Guidance after Recent Attack
  • State HIPAA Settlement Reached in URMC Data Breach Case
  • Secure file, ePHI transfer considerations for hospitals
  • Healthcare Blockchain Key Component for Trusted Data Exchange
  • ONC interoperability roadmap cites privacy, security needs
  • Healthcare Pros Worry about Data Security at Other Organizations
  • 2014 HIMSS Analytics Cloud Survey cites security decisions
  • Shands Jacksonville clinic reports patient data breach
  • Breaking Down the HIPAA Risk Assessment
  • $130K NY State Settlement from Late Data Breach Notification
  • Patient Privacy Advocated for in AAPS Amicus Brief to SCOTUS
  • Taking charge of HIE and EHR security in legal agreements
  • HIPAA audit preparation and compliance: BA effects on CEs
  • Healthcare Cybersecurity Pushed in EHNAC, NH-ISAC Agreement
  • University of Florida alerts pediatric patients of data breach
  • Many Healthcare Ransomware Attacks Impact Providers, Patients
  • Gaps Found in Healthcare Cybersecurity Threat Detection
  • Southern Penn. senior living experiences resident data breach
  • OMB memo discusses continual security monitoring plan
  • NHHIO leaders talk HIE, HISP privacy and security
  • Peeling away the layers of health data breach response
  • Easter Seals notifies 3,026 clients of health data breach
  • LabMD Files Review Petition Against Data Breach Allegations
  • Iowa law students examine mental health privacy laws
  • PHI Data Breaches, Fraud in Georgia and New York
  • Gmail privacy questions raise healthcare security concerns
  • Diversnet releases MobiSecure 4.5
  • Allscripts Ransomware Attack Impacts Limited Number of Applications
  • Discussion Begins Over National Data Breach Notification Law
  • WEDI President and CEO Devin Jopp Resigns
  • Report: Healthcare endpoints facing myriad cyber attacks
  • Security Operations Centers Falling Below Optimal Levels
  • Tiger Team assesses BA responsibilities for data intermediaries
  • BIDMC Developing Interactive, Secure Health Data Program
  • Patient Privacy Concerns Arise Over Cal INDEX HIE
  • ONC Discusses HIPAA Regulation in Care Coordination
  • What Happens When a Healthcare Cyber Policy is Broken?
  • Information Security Weaknesses in MN Health Insurance Exchange
  • HIPAA Mandates Discussed, Comments Sought in EHNAC Program
  • Mass. HHS CIO talks MassHIway privacy and security
  • Healthcare identity federation simplifies authentication
  • What Happened with mHealth Security, Mobile Privacy in 2016?
  • ONC’s “Data Segmentation for Privacy” completes pilot phase
  • Study Finds Cyberthreat Data Overwhelming to Security Workers
  • Secure data, trust in physicians are conditions for PHR use
  • CO Hospital Email Breach Possibly Exposes PHI of 3.4K Families
  • Six legal tips for HIPAA omnibus compliance
  • Apple HealthKit collaboration talks: HIPAA implications
  • Healthcare Vendor Risk Management Programs Lagging, Says Study
  • Healthcare Privacy, Security Measures Included in ONC Draft
  • Why doesn’t healthcare attract more IT security pros?
  • Accenture: Healthcare Cyberattacks to Hit $305B Over 5 Years
  • Judge Upholds $4.3M Fines against MD Anderson for HIPAA Violations
  • DoD Wants Army EHR Security Audit, Security Protocol Review
  • CMS CISO: HealthCare.Gov security testing complete
  • DHS, Siemens Warn of Potential Medical Device Vulnerabilities
  • Stronger Cybersecurity Encouraged with Presidential Order
  • Health Data De-identification Can Be Improved, Says Study
  • EEOC Proposed Rule May Affect Health Data Security
  • Va. Data Breach Legislation Update Accounts for Payroll Data
  • Charles Stellar Named WEDI Interim President, CEO
  • HCCA releases Healthcare Chief Compliance Officers Salary Survey
  • Anthem Data Breach May Impact 8.8 to 18.8M Non-Customers
  • Patient Privacy Key Part of Precision Medicine Initiative
  • 11 steps to achieve HIPAA-compliant policies and procedures
  • Possible Microsoft Data Security Flaw Revealed in ‘Golden Key’
  • Florida DOH investigating patient identity fraud scheme
  • Unencrypted Flash Drives Missing from S.C. EMS Facility
  • What Does Increased Patient Access Mean for HIPAA Compliance?
  • Health Data Privacy Concerns Key Influence in PHI Data Sharing
  • HIPAA Rules to be Clearer for mHealth, Says HHS Leader
  • Health security considerations for cloud-based imaging
  • Maintaining HIPAA Privacy through Increased Patient Access
  • AHA Suggests Law Enforcement Aid in Cyber Attack Prevention
  • Is HIPAA too open for interpretation when assessing risk?
  • Healthcare Cloud Usage Exceeds IT Expectations, Report Finds
  • HIMSS: NIST Cybersecurity Framework Positive, Can Improve
  • Cybersecurity Measures, VA Healthcare on GAO High-Risk List
  • Adapting to wrinkles in your healthcare security strategy
  • Is Health Data Security Improved or Hindered with CISOs?
  • Oklahoma Updates Patient Privacy Law for FBI Database
  • Boston Children’s Hospital CISO talks secure messaging
  • Fairfax County, Va. reports data breach to 1,499 patients
  • Why HIEs Must Hire, Train Qualified Employees
  • What the HIPAA Omnibus Rule meant for healthcare in 2013
  • Orangeworm Jeopardizes Healthcare Data Security at Large Firms
  • Healthcare Cybersecurity Measure Evasions Common in Entities
  • Angeline Austin case has hospitals questioning hiring from staffing companies
  • Donnelly said that he’s comfortable with the level of security that the Spok application offers. “With respect to secure communication, St. Agnes has a firewall protecting the data as well as device security measures,” he said. “Users can text within the organization’s four walls, but the data remains on the hospital side of the firewall. And we [feel good about] the use SSL technology to secure the data as well.”

    The St. Agnes mobile strategy is currently undergoing a revolution and any staff member who wants use the Spok application to send text messages to fellow clinical staff members on their smart phone can do so. There’s no mandate to use the app, but if they are going to communicate through smart phones, they’ll use the Spok app.

    X

    SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

    HIPAA Compliance
    BYOD
    Cybersecurity
    Data Breaches
    Ransomware

    Our privacy policy

    no, thanks