Slideshow 10 Policies to Support Secure Text Messaging

  • July 29 2016, 6:30am EDT
12 Images Total

10 Policies to Support Secure Text Messaging

Text messaging is becoming commonplace among employees at many organizations, but key guidelines and rules are necessary to keep systems and data safe.

10 Policies to Support Secure Text Messaging

Before implementing a secure text messaging approach, leaders from IT, security, legal and human resources must collaborate to develop policies and procedures ensuring that all processes and technology involved will be effective and secure. Here are 10 ways to get there, based on research by Spok, a vendor that specializes in messaging applications.

Content Continues Below

Policy: Eligibility

Define which users are eligible to use secure text messaging based on the workflows in which they are involved.

Policy: Expense allocation

Define who pays for the device, the application, and mobile carrier voice and data services.

Policy: User roles and responsibilities

Define user responsibility for the use and maintenance of the technology, such as battery management, availability while on call, and damaged or lost devices.

Content Continues Below

Policy: Security and feature management

Define how data shared within secure text messages will be secured in transit and at rest. This will likely include using mobile device management for enforcing pass codes, device encryption and restrictions.

Policy: IT support

Define what devices, networks, services and features IT will support, and what is out of its scope of coverage.

Procedure: Consumer application usage

Define whether or not users are allowed to use consumer messaging apps, such as iMessage and WhatsApp, in any workflows, or whether they will be prohibited.

Content Continues Below

Procedure: Texting orders

Define whether or not staff can use secure text messaging to text orders. However, certain secure text messaging solutions may not support everything needed to enable these workflows, such as order verification.

Procedure: Screenshots

Create a procedure to prohibit screenshots of secure text messages. Most secure texting solutions natively prevent copy/paste, but they cannot prevent screenshots without a mobile device management solution.

Procedure: Dictation

Create a procedure to prohibit the use of keyboard dictation for any messages containing protected information. For example, in healthcare, if your secure texting solution uses the native keyboard, this is not a HIPAA-compliant workflow.

Content Continues Below

Procedure: Attachments

Create a procedure to prevent the ability to attach images or video that contains PHI from the device’s camera roll. Instead, devise a procedure whereby users have to add attachments from the camera within the app when including PHI. Pictures in the camera roll can be unencrypted and unprotected if they aren’t managed by a mobile device management solution.