HIPAA Compliant Text Messaging Apps – BEST OPTIONS
April 18, 2019
HIPAA compliant text messaging apps protect sensitive data, like Protected Health Information (PHI) in transit.
Today, everyone uses text messaging (“texting”) for easy and quick communication. It is a great tool for convenience and efficiency, but most users don’t realize that texting is an unencrypted form of communication. Text messages can be intercepted at any point in transmission. In this blog we will review several companies that provides HIPAA compliant text messaging, allowing secure texting of PHI.
The Path of a Text
Although sending a text seems like a simple act, your messages travel a long and winding path to their recipient. If you’re interested in the specifics, here is an interesting video from Gizmodo that shows you how a simple video text goes from one phone to another:
The long and short of it is, your text takes a complicated journey from one phone to another. Other entities have the power to intercept your text at many points along the way. In fact, your message may be saved on servers until the carrier decides to purge it.
Additionally, text messages often reside on your device and device backups indefinitely. While this is fine for everyday text messages, it is unacceptable for messages containing PHI. The lack of control over this information poses a threat to your company’s security.
Reviews of HIPAA Compliant Texting Apps:
In our review, we evaluated cost, ease-of-use, customer service, and additional features offered by each service. Based on those criteria, the four HIPAA compliant text messaging apps we chose are:
TigerText, Zinc, QliqSoft, and Spok Mobile.
We examined secure text messaging solutions for several companies. Each application has a free version for download. Certainly, we recommend you try the free version before deciding which program best meets your needs.
First, HIPAA compliant text messaging app that we’re going to review is TigerText (now TigerConnect). TigerText is one of the industry’s leading applications for
TigerText syncs all messages from your phone, computer, and other devices. Users get notifications when recipients open and read their messages
Cost of TigerText – HIPAA Compliant Text Messaging Solution
You must purchase the Enterprise Edition to assure HIPAA compliance. TigerText works with clients to create custom pricing for their needs. For that reason, visit
Installation of TigerText – HIPAA Compliant Text Messaging Solution
The download is quick. For Mac OS and Windows operating systems, you can install the application from TigerText’s website, or sign-in through their web portal. Use the App Store or Google Play store to install on iPhones/iPads and Android phones. Once you download TigerText and sign-up for the app, you can invite others and send secure messages.
For configuration on your internal server, TigerText sends experts to your location to install and configure security measures. Once the installation is complete, your business can add an unlimited number of users to the network. TigerText staff members offer training webinars if requested by your organization.
Encryption and Security of TigerText
TigerText transmits messages using 256-bit AES encryption. For added security, no one can copy, paste, or forward these messages. Their data
For medical practices and other health organizations, you can securely initiate medication reminders to patients. The app offers user monitoring and it tracks and authenticates es all users. Messages are tightly encapsulated and can be configured to travel only within a defined private network with the use of a combination of TLS protocol to create uniquely encrypted channels for private communication of ePHI in motion. TigerText alerts users when recipients receive and open their messages. Additionally, users can recall any sent messages and all sent messages self-destruct after a designated amount of time. TigerText is essentially a data destruction company with end-to-end encryption.
Integration of TigerText
TigerText integrates with major file sharing programs, such as OneDrive, ShareFile, Dropbox, and Box. (Remember, it is up to you to make sure that you have a Business Associate Agreement with the file sharing program your company or practice uses!)
Extra Benefits of TigerText – HIPAA Compliant Text Messaging Solution
TigerText promises that their platform will remain private and secure, and backs this up with a $1 million guarantee. TigerText is the only secure messaging platform we tested that makes this claim. This service includes administrative functions to control settings on sending and receiving messages for optimal security. Most noteworthy, there is User Management included with the Administration Functions for preparing an optimal Bring Your Own Device (BYOD) Policy customized to your unique business structure. TigerText allows your IT staff to remote wipe or
Zinc Feature Overview
Zinc’s features include:
- Text, voice and video messaging. Easy person-to-person and group text messaging, along with one-click VOIP conference calling and video calling.
- Instant alerts and communication. Gives workers the information they need, right away with push alerts to groups or individuals, read receipts and person-to-person “walkie-talkie” voice calling.
- Security and compliance. Simple administration tools give IT departments control over usage without having to worry about unsecured data and information. Zinc is designed for companies that need to be HIPAA, TRUSTe, FIPS 140-2, and SOC 2 compliant.
- File sharing, location sharing, integrations, and bots. Quickly send important files. Connect Zinc to the services your workers rely on to do their jobs.
Cost of Zinc – HIPAA Compliant Text Messaging Solution
The list price is $10/user/month for up to 1,000 users. Custom pricing is available above 1,000 users. Free trials are available at www.zinc.it. Zinc signs Business Associate Agreements (BAAs), demonstrating an ongoing investment in enterprise security, compliance and control.
Ease-of-Use and Installation of Zinc
Unlike many enterprise communication tools built for use at a desktop, Zinc is unique in its focus on the mobile user experience. The solution is truly mobile-first and offers a familiar, easy experience employees have come to expect in consumer messaging apps and texting. Group texting, voice, video calling, file sharing and more – any device, all in one place.
This HIPAA compliant text messaging app works across platforms, including native apps for iOS, Android, Windows and Mac and you can access Zinc on the web via Mozilla Firefox, Internet Explorer, Safari or Google Chrome. Conversations seamlessly sync across devices so you’ll never miss an important message.
Encryption and Security of Zinc
Zinc’s simple-yet-sophisticated administrative tools bring together leading security and compliance measures without sacrificing the end user experience.
- Privacy You Don’t Have to Think About: Zinc gives administrators full control with customizable management options for data retention and security features that are on by default.
- Built with the Most Advanced Technology: Zinc delivers military-grade encryption, partnerships with the most trusted security and infrastructure companies, and anywhere/anytime reliability.
- Certifications from Trusted Organizations: Zinc is committed to earning and sustaining the trust of their business customers by actively achieving compliance on globally-known and trusted security standards including HIPAA, SOC-2, FIPS 140-2 and more.
For more information on Zinc’s security practices, please visit www.zinc.it/security.
Integration of Zinc – HIPAA Compliant Text Messaging Solution
Easily share resources from the enterprise services your organization relies on with Zinc’s built-in integrations and custom bots. Zinc’s native integrations enable easily mobile sharing (Box, DropBox, Google Drive, OneDrive and more) as well as Salesforce CRM for quick conversations around contacts, leads, accounts and opportunities. Zinc’s custom bots enable you to automatically pull information into Zinc from over 500 business services – from brand mentions on social media, inclement weather warnings to alerts on patient lab results and more.
Additional Administrative Controls of Zinc
In addition to leading security and compliance measures, Zinc’s administrative tools enable organizations to effectively manage Zinc like they would any official enterprise communication channel.
Sample administrative features include:
- User Management: Confidently manage employee use and access from anywhere. Easily onboard employees with pre-populated Official Groups.
- Analytics: View analytics on your network, group, and messaging activity. You can archive and export network data (e.g., for e-discovery).
- Role-Based Tiers: Designate multiple admins within your organization based on desired responsibilities (e.g., group management, alerts, etc.).
- Custom Alerts: Send one-way alerts to employees and groups. Track who has received and opened alerts in real-time.
For more information or to find out how to get your organization in Zinc today, please visit www.zinc.it.
The most cost-effective of the 4 HIPAA compliant text messaging programs is QliqSoft’s secure-messaging app. We found the layout of the application easy to use with virtually zero training needed to understand it (though, training is available if needed). Healthcare organizations are the primary users of the product due it its capability to integrate with EMRs. The desktop application is important because it allows the user to send messages through the computer, keeping you better connected with your clients and colleagues. QliqSoft has three levels: Professional, Business, and Enterprise. QliqSoft will only sign Business Associate Agreement for the Business and Enterprise levels.
Cost of Qliq – HIPAA Compliant Text Messaging Solution
The Professional Plan is a free option for QliqSoft. This option is for up to 25 users and it includes the secure messaging service and basic user administration. This plan is best for smaller groups who do not need group management capabilities. The Business Plan with QliqSoft is $6/user/month. It offers a wider range of features such as security controls, device management, and multiple devices per user. It also includes group management. The Enterprise Plan is available at a quoted fee and offers custom integration with a variety of applications. This plan is geared toward larger hospitals and allows them to integrate with EMRs.
Installation and Ease-of-Use of Qliq
QliqSoft can be downloaded on your Apple or Android smartphone. It can also be downloaded to your Apple or Windows desktop through the QliqSoft website.
Encryption and Security of Qliq
An important feature of this HIPAA compliant text messaging app is remote lock and wipe. Qliq on missing phones can be locked and wiped remotely to avoid a breach. User authentication is required before smartphone or desktop users can send or receive messages on QliqSoft. Users must log in using authorized credentials and four-digit PIN authentication access is available.
Group administrators can set password strength requirements. All data in transit is encrypted end-to-end with 2048-bit message encryption. No unencrypted data is stored in the cloud. 256-bit AES encryption is used for data at rest and message attachments (image, audio). Messages are encrypted by the sending device and then decrypted by the receiving device, using a combination of public and private keys which means, only the intended recipient can decrypt the message.
Integration of Qliq
QliqSoft is able to incorporate integrations by QliqSoft’s integration engine, QliqDirect, making it possible to receive messages, documents, and images from applications such as EMRs, call centers/answering services, scheduling systems, nurse alert systems, lab and radiology systems, and other applications. The company can use an API for third-party integration.
Extra Benefits of Qliq
QliqSoft can provide training for your staff, along with any support via telephone. This HIPAA compliant text messaging application allows a user to organize groups, have multiple devices with their account, and have an individual dashboard to keep track of messages.
For administrative controls, QliqSoft includes group-wide security controls, device management, user activity monitoring, and advanced group management. QliqSoft also provides centralized security controls for the administrator. These include remote data wipes, auto-lock for idle devices, and a lock-out feature for users who lose or upgrade their devices. Additionally, the device locks after the user reaches the maximum number of allowed failed logon attempts.
Installation of Notifyd
Setting up Notifyd is a simple process, especially for non-admin users. The company or employer creates an account after purchasing the service and invites users to join. Employees receive an email that enables them to create a password (their email address is the username) and set up a profile. Note: employees can have multiple accounts for different workplaces, but each account must be associated with a separate email address.
Notifyd can be used on virtually any device: the mobile app is available for iPhones and Androids and the desktop site is accessible through any browser. Potential clients can schedule a free demo with the Notifyd staff here.
Encryption and Security of Notifyd
Notifyd offers end to end encryption for all users. They use multiple types of encryption to best protect sensitive data at different points in transmission and storage. For example, Notifyd uses TLS for information in transit and AES for data at rest. No data is stored on the end-users mobile device; instead, users are granted temporary access to securely view documents. For an added layer of security, all requests for data must pass multiple authorization checks.
Notifyd works with their clients to establish mobile device management policies and procedures, which is an excellent benefit for HIPAA compliant clients. This also distinguishes them from competitors who often fail to provide a strategy suitable for mobile devices that access PHI.
Additionally, company administrators have the power to cut access for terminated employees. For reasons involving HIPAA data retention standards and audit trail requirements, these threads of communication are not erased. Revoking access is as simple as removing the former employee from the company’s account.
Cost of Notifyd
Notifyd offers three payment plans for their clients. A standard month to month plan costs $350/month per location. There is no limit to the number of users a company may add or the number of messages they can send.
Clients who purchase a yearly subscription save 10% and pay just $315/month per location. Companies with more than 50 locations qualify for the enterprise solution, and will work with a Notifyd representative to create a custom plan for their business. All three payment plans offer the same features.
Extra Benefits of Notifyd
Notifyd integrates seamlessly with EMR systems. However, all Covered Entities and Business Associates can use this system, not just medical professionals. Notifyd offers scheduling capabilities that are particularly helpful for organizations, like hospitals or home healthcare providers, that need to assign employees to specific shifts. Their app and desktop site offer a safe platform for secure sharing of videos, pictures, and files. Files are stored securely and can only be accessed by the sender and recipient.
Notifyd appreciates their clients’ business and invites interested parties to contact them about partnering together if interested.
Finally, the last HIPAA compliant text messaging app we are presenting is Spok Mobile®. This secure texting solution is a key part of Spok Care Connect®,
Cost of Spok – HIPAA Compliant Text Messaging Solution
Spok can work with you to determine
Installation of Spok
Spok’s Professional Services team will work directly with your organization on developing and executing a tailored rollout and adoption plan so all users understand the solution and how to use it successfully to improve care.
Encryption and Security of Spok
Furthermore, this HIPAA compliant text messaging app uses industry best practices to guard the security of electronic protected health information (ePHI). The solution leverages a variety of security features, including encryption, application lock, automated message removal, password-protected inbox, and remote device wipe to keep messages secure in accordance with guidelines from HIPAA and the HITECH Act.
Integration of Spok
As part of the Spok Care Connect suite, Spok Mobile integrates with Spok’s directory, contact center, clinical alerting, emergency notification, and critical test results management solutions. It also integrates with leading mobile device management (MDM) applications, which gives health system IT departments even more security features and control over the use of the application. In select use cases, Spok Mobile can push and pull data to and from electronic health record (EHR) systems that use HL7. Finally, its mobile API allows integrations with a host of other third-party mobile applications.
Extra Benefits of Spok
Spok Mobile keeps a full audit trail of messages and provides users with sent and read receipts. This could help administration manage reporting requirements and possibly reduce complaints from users that they didn’t receive messages.
Also, there is an extra feature that could add some efficiency to your organization; Spok Device Preference Engine (DPE) as a solution to help ensure messages are routed to the right people on their preferred devices. The solution considers factors, such as message priority, to route a text or voice message to the intended recipient on his or her preferred device for certain situations. Users create routing profiles labeled as “Low,” “Normal,” and “Urgent.” The message goes to a specific device based on its priority level. For example, a user who often checks their mobile device might have “Urgent” messages sent to their smartphone in order to receive them as soon as possible. However, this user may not check their email quite as often, so “Low” priority messages would be sent there since they are not as time sensitive.
You install Spok Mobile
In conclusion, TigerText, Zinc, QliqSoft, Notifyd, and Spok Mobile all meet the requirements for HIPAA compliant text messaging. Certainly, all these programs offer affordable and easy to use solutions, great customer service, and unique extra benefits to your practice. Additionally, every one of these HIPAA compliant text messaging apps will allow you to test them for free to see which program works best for you.
Finally, a disclaimer: This list is not exhaustive. We tested these four applications and found that they are an excellent solution for our clients, who are usually small to medium organizations. Other HIPAA compliant text messaging apps created for larger organizations (like hospitals and medical centers) exist. Above all, we recommend choosing a service that best fits the needs of your organization. We gathered most of our information from the organizations’ websites and white papers detailing their product. While we feel these websites provided us with all of the necessary information for this blog post, we must add that Zinc and
January 6, 2020
HIPAA breaches involving fewer than 500 individuals, which occurred during 2019, must be reported to the US Department of Health and Human Services (HHS) by Saturday, February 29, 2020. Reporting… Read More ›Read More