The pMD Blog

Welcome to the
pMD Blog...

where we cover interesting and relevant news, insights, events, and more related to the health care industry and pMD. Most importantly, this blog is a fun, engaging way to learn about developments in an ever-changing field that is heavily influenced by technology.

POSTS BY TAG | Encryption



As the world continues to adapt to the changes brought on by the COVID-19 pandemic, the health care industry has ridden waves of changes brought on by “the new normal.” The U.S. Department of Health & Human Services acted quickly to remove barriers to providing the best care possible to patients by announcing that the Office for Civil Rights (OCR) would not penalize the use of video conferencing tools that are not HIPAA-compliant during the pandemic. This notification went on to suggest that providers seek out HIPAA-compliant video communication products whenever possible, but the lifted restriction allowed providers to care for their patients utilizing their best judgment without red tape restricting their ability to improve patients’ lives. 

However, now that we are seven months into the pandemic, one of the questions I have been hearing more and more often is: “What makes pMD’s telehealth video platform HIPAA-compliant?”

Let’s get technical


While the Health Insurance Portability & Accountability Act (HIPAA) policy has several goals, the one that applies to video conferencing is to respect individuals' rights to privacy by requiring secure handling of individuals’ health data. Covered entities, such as health care providers, insurance providers, and clearinghouses, in addition to business associates, or another company that conducts business with a covered entity and comes into contact with patient information, are subject to the HIPAA legislation. 

Two major sections of the HIPAA legislation are The Privacy Rule and The Security Rule. The Privacy Rule covers the patients’ rights to privacy and appropriate processes for using and sharing PHI, or Protected Health Information, no matter the medium used. The Security Rule sets standards for electronic storage and transfer of PHI. These standards within The Security Rule include administrative actions, physical safeguards, and technical standards.

pMD’s telehealth video chat functionality (as well as all our other software products) meets the requirements set forth by the HIPAA legislation. We execute Business Associate Agreements (BAA) with our customers in order to provide the assurance that we will handle our clients’ PHI with the utmost care, to disclose how we manage and process PHI, to outline how we will safeguard the data, and to determine how we will help our clients comply with the Privacy Rule.

In addition, pMD utilizes the highest encryption standards across the industry in order to protect our customers. While other vendors shy away from storing clinical information and, in some cases, even advertise that they will not store any information on your behalf, pMD understands the clinical importance of having a fully integrated solution for telemedicine and instead builds robust technical systems to manage your patients’ health information.

pMD also understands that HIPAA-compliance is not necessarily enough to protect PHI, so we consistently go above and beyond the security measures required by legislation to ensure we serve as a trustworthy and reliable partner for our customers. Each year, pMD undergoes rigorous voluntary security audits to confirm that we meet the industry’s best practices.

Make the best decision for your practice


While pMD has taken strong steps on the security front, this is still only one of the critical factors that should go into evaluating telehealth vendors. pMD’s extraordinary customer service, our collaborative approach to implementing the best telehealth workflow regardless of your organization’s size, and the intense focus we place on the pMD user experience set us apart from the competition. All of this is backed by the organization you know and trust: a 20+ year player in the health care industry with thousands of happy customersIf you’d like to learn more about our telehealth solutions, contact us.

Related articles:
https://www.pmd.com/blog/post/your-future-revealed-telehealth-with-pmd
https://www.pmd.com/blog/post/supporting-patients-one-video-call-at-a-time
https://www.pmd.com/blog/post/pmd-the-most-valuable-player-in-telehealth
https://www.pmd.com/blog/post/pmd-helping-practices-and-patients-navigate-telehealth-when-they-need-it-most


To find out more about pMD's suite of products, which includes our charge capture and MIPS registrysecure messagingteam and pro communication, and care navigation software and services, please contact pMD.






At pMD, our goal is to always push the envelope to help make providers’ lives easier and ultimately improve the quality of patient care. We are constantly updating our application to be as robust as possible and releasing new features that increase provider productivity. Recently, the pMD engineering team has been focusing on polishing our secure messaging features and among those items is encrypted push notifications. While “encrypted push notifications” may sound a bit boring, it is actually a very exciting feature that will greatly improve our users’ experience while using pMD® Secure Messaging™. But before talking about that, I want to briefly discuss the term ‘encryption’.

Simply put, encryption is a way to convert information into gobbledygook in order to prevent unauthorized access to that information. Encryption works by using an encryption algorithm, or set of rules, along with an encryption key. When text is processed by an encryption algorithm, it is unreadable until it is translated back to readable text using the same algorithm and the encryption key.

To illustrate this we can observe the Caeser Cipher, one of the oldest encryption methods in the world. The Caeser Cipher works by replacing each letter in a text and shifting the letter over by a certain number of positions in the alphabet. For example, with a shift of 2 the letter ‘A’ becomes the letter ‘C’, the letter ‘D’ becomes the letter ‘F’ and so on. So if we use “hello” as our text and our key (the number of times we move a letter) is 2, “hello” will become “jgnnq”. To convert our text back we simply do the reverse of our algorithm with our key of 2 and voila! The text turns back to “hello”! Now that you know the basics of encryption, let’s return to our topic of encrypted message notifications.

Messaging applications have become so commonplace that certain features are expected to be included in every messaging application. One of these staple features is being able to read the message body from a notification on your device’s locked screen. Though it may sound straightforward, this wasn’t actually possible to do when pMD originally released our secure messaging service, simply because we had no way of encrypting our notification! No encryption, no HIPAA-compliance! It wasn’t until Apple released some code that our developers were able to process an incoming pMD notification before displaying its contents. This means that we can encrypt the notification when sending it to a user’s device and decrypt the contents upon arrival to the user’s device.

What does this mean for the our users? The biggest win for our users is being able to read the pMD message directly from their locked screen! At pMD, we all use pMD® Secure Messaging™ to communicate with each other and understand that sometimes, it’s inconvenient to unlock your phone, tap on pMD, tap on the messages tab, and finally tap on the conversation to read the received message. With this feature, we bring a positive contribution to the overall experience of using pMD.

Find out more about pMD's suite of products, which includes our MIPS registry, charge capture, secure messaging, clinical communication, and care navigation software and services, please contact pMD.