Need secure email that works like Tigertext does for text messaging

N

not1germ

n00b
Joined
Apr 17, 2007
Messages
49
I work at a small hospital, and we are starting to embrace bring your own device (BYOD), but more because the doctors are demanding that they be able to use their smartphones and iPads to send patient info quickly by text message or email.

The problem is that HIPAA laws mean that sending patient info by text to a phone can really open up the doctor and hospital up to legal action.

So as part of any BYOD solution, we need to look deeply at the security aspect, and research all the options. I looked at some good large enterprise BYOD solutions out there like Centrify and Enterproid, but they are expensive, invasive, hard to deploy and are really for larger organizations.

For smaller organizations, I really didn't find much in the way of solutions. It is then that I saw that for many companies, they are going think about breaking down the BYOD implementation into smaller components. This may means using several smaller apps/software systems to add security and management functions to a BYOD network.

We started to do this, by having an app (Tigertext) installed on all the BYOD devices. Tigertext deletes the text messages sent/revived on the phone after a period of time. If a doctor loses his phone, the texts are deleted and HIPAA compliance is met.

This is how we are approaching BYOD policy, finding small apps and programs that we can afford that add some specific level of security and control to the BYOD implementation.

Now we need something like this for emails and PC's.

Does anyone know of a way to do secure emails in the way that Tigertext does secure text messages?

Would be good to find something that is HIPAA compliant.
 
We've been using YouSendIt for emailing sensitive data, as we have HIPAA and another state-level security compliance to meet.

They do have apps for mobile devices. Although I'm not sure on the cost, as that's above my pay grade :p
http://www.yousendit.com/applications

I haven't dealt with the mobile apps though; to my knowledge all our users have been using the web-based or Outlook plug-in.
 
That's funny, y'all! I was just talking to someone today about patient info and their doctor texting their info to another doctor and if it was safe. looks like it will become a big problem for doctors since these Docs got fined big buck for not using something like Tigertext:

http://www.hipaatext.com/100000-hipaa-fine-designed-to-send-message-to-small-physician-practices/
“This case is significant because it highlights a multiyear, continuing failure on the part of this provider to comply with the requirements of the Privacy and Security Rules,” said Leon Rodriguez, director of the HHS Office of Civil Rights. “We hope that health care providers pay careful attention to this resolution agreement and understand that the HIPAA Privacy and Security Rules have been in place for many years, and OCR expects full compliance no matter the size of a covered entity.”

Looks like they are going to crack down on this, so doctors need to watch out.
 
j-sta said:
We've been using YouSendIt for emailing sensitive data, as we have HIPAA and another state-level security compliance to meet.

They do have apps for mobile devices. Although I'm not sure on the cost, as that's above my pay grade :p
http://www.yousendit.com/applications

I haven't dealt with the mobile apps though; to my knowledge all our users have been using the web-based or Outlook plug-in.
Click to expand...

Do you have a BAA with YouSendIt? You should have one in place with any vendor that touches your PHI at all.
 
j-sta said:
BAA?
All that stuff is above my paygrade :p
Click to expand...

Business Associate Agreement. Basically makes the reciever of the data responsible for the care of it. 90% of cloud services will NOT sign one which means that any data uploaded to the service can be considered a breach.

As a general rule of thumb (at least in my experience), cloud services (unless they're internally hosted) have no business touching PHI at all. Hell, any 3rd party app that any user wants to introduce into our environment has to go through our office for a security review.
 
Blackjack988 said:
Business Associate Agreement. Basically makes the reciever of the data responsible for the care of it. 90% of cloud services will NOT sign one which means that any data uploaded to the service can be considered a breach.

As a general rule of thumb (at least in my experience), cloud services (unless they're internally hosted) have no business touching PHI at all. Hell, any 3rd party app that any user wants to introduce into our environment has to go through our office for a security review.
Click to expand...

apparently YouSendIt doesn't do BAA/BAC, but it is not necessary either.

As such, YouSendIt is considered by the U.S. Department of Health and Human Services to be a conduit for PHI (similar to the U.S. Postal Service) and therefore a Business Associate Contract is not required.
Click to expand...
http://support.yousendit.com/t5/Welcome-To-YouSendIt-Knowledge/Business-Associate-Agreement/ta-p/134
 
I have a bridge to sell you....:D

The conduit rule is somewhat antiquated and doesn't apply well to technological transfer methods, only to physical means of sending data. The big thing you have to remember is that if you are using YouSendIt to send your data, you are also storing it on their servers. If one of those servers gets breached, you get breached, and since you don't have a BAA with the vendor, you are SOL.
 
Blackjack988 said:
I have a bridge to sell you....:D

The conduit rule is somewhat antiquated and doesn't apply well to technological transfer methods, only to physical means of sending data. The big thing you have to remember is that if you are using YouSendIt to send your data, you are also storing it on their servers. If one of those servers gets breached, you get breached, and since you don't have a BAA with the vendor, you are SOL.
Click to expand...

meh, it's not my problem :p
 
You must log in or register to reply here.
Back
Top