We’re often asked whether we see encryption coming into play when messaging to mobile devices. To us, this question is better turned around to our customers – are they seeing a need for encryption? The answer has been an overwhelming yes. Especially in the healthcare community where patient data enters the mix, encryption is a necessary component of mobile messaging.
We agree with our customers. Sensitive information via SMS needs to be encrypted from the time it leaves the host system – a hospital’s Web directory or operator console – until it is received by the smartphone. Government initiatives such as HIPAA and HITECH are dictating the requirements when it comes to the exchange of electronic protected health information (ePHI). As we develop our applications, we’re paying close attention. This is especially important as we at Amcom look ahead to the future of our mobile applications and consider our plans to deepen our integrations with EMR systems.
Here again is where Amcom Mobile Connect comes into play. One of the many advantages of an application that resides on the smartphone is that it can handle decryption, helping to ensure the integrity of data. Something else to consider is that the BES (BlackBerry Enterprise Server) takes care of encryption on its own, which many of our customers find appealing. For those using Android or other popular smartphones, Amcom also offers encrypted communications that meet industry standards.
While messages sent via a BES are encrypted, messages passing through other network-based pathways are not. We’ve heard our customers loud and clear, and understand the need for secure messaging and the assurance that sensitive information is traveling over a secure connection.
We’d love to hear your thoughts on encryption. Do you see it as a requirement for healthcare messaging? Would you consider implementing a system which wasn’t encrypted?
Wednesday, June 23, 2010
Subscribe to:
Post Comments (Atom)
My organization uses a mix of pagers and SMS to notify our mobile staff, and I know for a fact that ePHI is being shared insecurely in some cases - thus my anonymity. With the HITECH enforcement that's in place now, it seems only a matter of time before organizations like mine run into trouble.
ReplyDeleteAlso, as we replace paging - 1980's technology, I question replacing it with what might be considered 1990's technology (SMS). From the little I know about SMS, even if encrypted, it seems to me it's too short and not reliable enough when you compare it with what can be done on smartphones these days. Sure, there are a hodgepodge of smartphone operating systems out there - if we didn't have so many individually purchased devices we could standardize on BlackBerry or something just as secure - but I'm hopeful organizations like Amcom can overcome these technical challenges.
I don't plan to implement anything new until I'm convinced it solves my HIPAA concerns...