Healthcare Information Security

Mobile News

Expanding clinical communications: Security decisions

By Patrick Ouellette

- As healthcare organizations continue to move on from pager-based clinical messaging and begin to take advantage of smart phone technology, ensuring staff members are communicating securely remains a high-level priority.

Saint Agnes Hospital, a 264-bed, full-service teaching facility Baltimore, Maryland, has traditionally relied on pagers and operator consoles for clinical communication, but recently chose to expand to Spok’s clinical alerting and secure texting offerings. Paul Donnelly, St. Agnes Director of Safety, Security and Emergency Management, explained to that while St. Agnes previously focused on two-way pagers to secure communication, the ability to facilitate secure texting is an asset to the organization.

Using the application, data is encrypted at rest, with the potential to use a mobile device management (MDM) solution to set a passcode and the application itself may wipe the data inside the app remotely. As for data in transit, it is 256-bit, Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encrypted. And because messages are stored on-site at St. Agnes, the IT department is able to control its own data, which is important to the hospital.

In addition to requiring a user authenticates themselves with name and password, the user needs to be sent a unique invite to gain entry into the St. Agnes directory to communicate with other clinical users.

  • The OCR HIPAA Compliance Audits Procedure: A Review
  • Computer Virus Potentially Exposes PHI of 2.5K at OR Clinic
  • Reviewing the first HITECH breach penalty dealt by HHS
  • Why Strong Health Insurance Exchange Security is Needed
  • Most Physician Secure Messaging Apps Not HIPAA Compliant
  • HHS deals out largest-ever $4.8M HIPAA violation settlement
  • Boston Public Health responds to patient privacy questions
  • OIG Compliance Audit Finds HHS Risk Management, IAM Issues Continue
  • Study: Data breaches cost healthcare providers $1.6 billion
  • R.I. approves patient privacy bill for crime investigations
  • Ransomware Attack Affects Servers at USC Hospitals
  • eHealth Initiative Survey: HIEs Lacking In Interoperability
  • HIPAA’s impact on use of health cloud services, business associates
  • AltaMed Health Services alerts 2,995 patients of data breach
  • Arkansas Facility Ransomware Attack Potentially Affects 128K
  • Healthcare Ransomware Increasing, Education Sector Top Target
  • Privacy and Security Tiger Team rounds up HIE query talks
  • Bridging the gap between health cloud, mobile security
  • Delaware Health Data Breach Potentially Impacts 19K
  • HIPAA omnibus rule redefines aspects of health information
  • Jackson Health System mum on recent data breach
  • LabMD Files Review Petition Against Data Breach Allegations
  • KY Hospital Implements New Medical Device Security Option
  • US-CERT Urges Updates to Counter Found WiFi Vulnerabilities
  • HIPAA Privacy Rule: Permitted PHI uses and disclosures
  • Senators Present Bill Aimed at Health IT Security Standards
  • Data Breach Notification Law Passes Unanimously in Wash.
  • Medical data breaches start class-action lawsuit trend
  • Rocky Mountain Spine Clinic notifies patients of breach
  • Radiology group uses virtual trust zones for HIPAA compliance
  • FDA Has Medical Device Cybersecurity Concerns in Abbott Labs
  • PHI Exposed in Colorado Through Discharge Paperwork
  • ONC, OCR’s HIPAA model notices of privacy practices
  • FDA seeks comment on cybersecurity in medical devices
  • Healthcare Cybersecurity Knowledge Gaps in Phishing Awareness
  • More Hospitals Affected by Healthcare Ransomware Attacks
  • How Health Data Sharing Benefits a Research Center
  • Health Data Privacy Concerns Not Hindrance for PHI Sharing
  • Insufficient Staffing, Education Hinders Healthcare Cybersecurity
  • How HIPAA and the military Privacy Act intersect
  • Building Strong Mobile Security with Proper Communication
  • Public cloud survey cites security perception as an obstacle
  • UAMS tells 1,500 patients of potential health data breach
  • 5 Lessons Learned in OCR HIPAA Settlements
  • AHA Urges Reduced Data Sharing Barriers in HIPAA Regulations
  • Broward Health sends 960 patient breach notification letters
  • OCR complaint filed against St. Rose Dominican Hospitals
  • Securing different types of HIEs
  • Patient Privacy Advocated for in AAPS Amicus Brief to SCOTUS
  • Budget is Largest Health Data Security Obstacle, Says Survey
  • Vendor Risk Management Key Focus in Recent HITRUST Program
  • 2014 HIMSS Analytics Cloud Survey cites security decisions
  • NY Health Data Breach Affects Persons with Disabilities
  • Laptop stolen from N.M. Oncology and Hematology Consultants
  • A Legal Breakdown of HIPAA, NAIC Cybersecurity Guidelines
  • Will the NIST cybersecurity framework always be voluntary?
  • VA launches patient identity theft awareness campaign
  • Overcoming the Healthcare Cybersecurity Workforce Shortage
  • Creating Strong Healthcare IT Infrastructure Security
  • Five HIPAA Omnibus Compliance Myths
  • HIPAA Omnibus Rule webcast: New regulation considerations
  • ONC delivers EHR certification privacy and security guidance
  • ONC, OCR Revise HIPAA Security Risk Assessment Tool
  • OCR Newsletter Underlines Healthcare Authentication Importance
  • How Do HIPAA Regulations Apply After Death?
  • Healthcare attorney watches clients’ HIPAA needs evolve
  • FDA rolls out new mobile medical application enforcement
  • Why HIPAA Technical Safeguards Alone Are Not Enough
  • Bon Secours Health System sends breach notification letters
  • $2.3M OCR Settlement Reached for 21st Century Oncology Data Breach
  • Should More Patients Worry About Healthcare Data Security?
  • Stronger Cybersecurity Encouraged with Presidential Order
  • Healthcare BYOD Adoption: Five Security Considerations
  • HHS discloses Westerville Dental Center data breach
  • North Country Hospital has second breach in 4 months
  • GAO identifies potential HHS security investment overlaps
  • How NIST Design Guide Could Impact Healthcare Cybersecurity
  • How Automation Aids Data Security, Improves Patient Satisfaction
  • Foreign countries hack VA system and expose vulnerabilities
  • How DDoS Attack Increase May Affect Healthcare Cybersecurity
  • Secure Email Key in New DirectTrust Patients Program
  • Medical Device Security, Health Data Security Top 2016 Issues
  • Patients file class action suit against Johns Hopkins Medicine
  • CO Clinic Healthcare Ransomware Case Affects 6,800 Patients
  • UC Irvine Health Data Breach Affects 4,800 Patients
  • NIST provides incident response recommendations
  • Improving Patient Privacy, Workflow with HIPAA Compliant Forms
  • Healthcare provider advice in gearing up for 2014 HIPAA audits
  • Understanding Medical Device Security in Healthcare Today
  • Patient Right of Access: Breaking Down HIPAA Rules
  • Supreme Court Dismisses Medical Identity Theft Lawsuit
  • PHI of 9.5K Possibly Compromised in WI Healthcare Phishing Attack
  • Healthcare cloud security: CISO perspective
  • EHR and mobile device auditing, security requires vigilance
  • HHS Releases Healthcare Ransomware, HIPAA Guidance
  • DirectTrust, EHNAC accredit DataMotion for HIPAA compliance
  • mHealth Android app security review: Attack surfaces
  • Reducing Insider Data Breach Risk with Strong IAM Policies
  • Phishing Scam Leads to Potential Healthcare Data Breach in WY
  • Are State Health Data Breach Notification Laws Needed?
  • Donnelly said that he’s comfortable with the level of security that the Spok application offers. “With respect to secure communication, St. Agnes has a firewall protecting the data as well as device security measures,” he said. “Users can text within the organization’s four walls, but the data remains on the hospital side of the firewall. And we [feel good about] the use SSL technology to secure the data as well.”

    The St. Agnes mobile strategy is currently undergoing a revolution and any staff member who wants use the Spok application to send text messages to fellow clinical staff members on their smart phone can do so. There’s no mandate to use the app, but if they are going to communicate through smart phones, they’ll use the Spok app.


    SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

    HIPAA Compliance
    Data Breaches

    Our privacy policy

    no, thanks