Healthcare Information Security

HIPAA and Compliance News

How a new medical center tackles secure communication

By Patrick Ouellette

- There is an array of items to deliberate for any healthcare organization that is looking to bring on a new clinical communications platform, let alone a hospital that has been open for about two months. Ensuring that the data being communicated is secure in a HIPAA compliant manner should be near the top of that list.

Walnut Hill Medical Center (WHMC), a 100-bed facility with over 200 employees and physicians on staff, offers services such as cardiovascular, gynecologic, imaging, general surgery, emergency medicine and intensive care. The new organization knew that safe, secure staff communication was a must from the outset and chose to provide secure devices to staff members. The corporate-distributed devices have baked-in security features as part of Voalte’s mobile infrastructure. While the phones are currently limited to internal use with Voalte One, WHMC physician Ricardo Guerra said the organization is looking at ways to extend its use of Voalte outside of its four walls of hospital by being able to text information securely with Voalte Me.

Matt Adams, Director of IT at WHMC, explained that the phones are configured in a way that limits what the user can and can’t do.

As far as security goes, we can lock down what applications are loaded and what is sent between phones so we can maintain HIPAA compliance. A normal smartphone may allow a user to take photos anywhere, which may get you into some HIPAA compliance issues. With these phones, we have a strict set of guidelines that we use to establish and remove users as well as some pretty sophisticated text message logging.

Additionally, clinical staff members must sign in to the shared smartphones with unique passwords and WHMC is able to track delivery and read receipts for every message sent.
Adams added that a lot of the functionalities of the phone are secured by AirWatch. As soon as the phone leaves WHMC’s four walls, it essentially becomes a brick and nothing resides on the phone at all.

The phones run off of our wireless network, which is secured, and we have a secure VLAN within the hospital itself. We have patient wireless connectivity portal and our medical devices, so we’ve securely broken up our local area networks (LANs) and segmented an area just for Voalte. We put those layers in place for that reason. Additionally, we obviously use SSL because we have a secure VLAN.

Adams said that WHMC has implemented Voalte across its different departments and it’s become its primary communications tool. Since WHMC is such a young organization, it’s still in the process of determining what it’s long-term mobile strategy will consist of, but this looks to be an interesting approach. While many organizations are figuring out the best ways to handle BYOD, if a hospital has the capital to distribute secure smartphones, the idea of limiting these phones to only internal use may be a consideration down the line.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks