How to choose HIPAA compliant messaging app

April 20, 2023

---

Any company that handles protected health information (PHI) must be HIPAA (The Health Insurance Portability and Accountability Act) compliant.

Secure and HIPAA compliant messaging apps are essential not only for communication with patients, but also for internal communication within healthcare organizations. In this blog post we will talk about the importance of secure corporate communication and will help to choose the HIPAA compliant messaging app for your healthcare organization.

What messaging apps can be considered HIPAA compliant

All platforms used to share PHI should have security controls implemented to make sure patient information is not captured while on the move. The best solution is to host such messaging app on-premises and create separate channels for communication within the healthcare organization.

Virola corporate messenger can be used for communication purposes in healthcare organizations. Since it is hosted on-premises, the server where it is hosted can have additional protection for storing PHI. When the app is hosted on the organization's server, this means there are no third parties which can access the data while it is being transmitted.

All data in Virola is protected during the transfer by public-key cryptography and SSL. The security certificate for self-hosted Virola can be defined by a user. If it is not defined, it is generated automatically on a server when it is launched.

For voice chats Virola has symmetric-key encryption AES. The keys are generated on the server when it is running and are renewed within a specific period. The keys are stored in RAM only while the server is running.

Virola users can be restricted only to those chats where they were added by the Virola admin. This means that only authorized employees will have access to specific information. This feature is very important for internal communication within the healthcare organization since the communication takes place on different levels and by different specialists. For example, contractors and subcontractors cannot see the communication in the groups of doctors or insurance agents.

With Virola corporate messenger healthcare organizations can:

• Allow users access only specific topic-based chats
• Communicate via encrypted channel
• Take additional security measures on the server side, for example, disk encryption
• Start voice meetings in group and private chats
• Have all internal communication in one app
• Share documents in topic-based or private chats
• Build the culture of secure internal communication

Why your organization needs a HIPAA compliant messaging app for internal communication

Effective and secure communication cannot be achieved without utilizing a secure corporate messenger. No matter how large your organization is, it is important to keep all conversations in one place. This minimizes the leakage of information and helps to increase employees' efficiency.

According to IBM Security Report published in 2021 healthcare data breaches were the costliest. HIPAA compliance breach, with the average cost increasing by $2 million to $9.42 million per incident. Ransomware attacks cost an average of $4.62 million per incident.

However, together with information leakage and data losses, healthcare companies lost their reputation because of neglecting HIPAA compliance of the applications they used for internal communication. While taking care of security in communication between doctors and patients, many healthcare organizations do not pay attention to the ways their employees communicate with one another.

The main security breach is in internal communication when terabytes of sensitive information are shared in various messengers which employees use for their everyday communications. To prevent this from happening and to keep PHI protected, it is important to use secure messaging apps not only for communication with patients, but also for internal communication within the healthcare organization.