Slideshow 10 Policies to Support Secure Text Messaging

Text messaging is becoming commonplace among employees at many organizations, but key guidelines and rules are necessary to keep systems and data safe.

Before implementing a secure text messaging approach, leaders from IT, security, legal and human resources must collaborate to develop policies and procedures ensuring that all processes and technology involved will be effective and secure. Here are 10 ways to get there, based on research by Spok, a vendor that specializes in messaging applications.

Define which users are eligible to use secure text messaging based on the workflows in which they are involved.

Define who pays for the device, the application, and mobile carrier voice and data services.

Define user responsibility for the use and maintenance of the technology, such as battery management, availability while on call, and damaged or lost devices.

Define how data shared within secure text messages will be secured in transit and at rest. This will likely include using mobile device management for enforcing pass codes, device encryption and restrictions.

Define what devices, networks, services and features IT will support, and what is out of its scope of coverage.

Define whether or not users are allowed to use consumer messaging apps, such as iMessage and WhatsApp, in any workflows, or whether they will be prohibited.

Define whether or not staff can use secure text messaging to text orders. However, certain secure text messaging solutions may not support everything needed to enable these workflows, such as order verification.

Create a procedure to prohibit screenshots of secure text messages. Most secure texting solutions natively prevent copy/paste, but they cannot prevent screenshots without a mobile device management solution.

Create a procedure to prohibit the use of keyboard dictation for any messages containing protected information. For example, in healthcare, if your secure texting solution uses the native keyboard, this is not a HIPAA-compliant workflow.

Create a procedure to prevent the ability to attach images or video that contains PHI from the device’s camera roll. Instead, devise a procedure whereby users have to add attachments from the camera within the app when including PHI. Pictures in the camera roll can be unencrypted and unprotected if they aren’t managed by a mobile device management solution.