What makes DocbookMD HIPAA secure?
DocbookMD ensures that all standards of HIPAA and HITECH security are followed. We enable physicians to be HIPAA-compliant while communicating with fellow doctors, and their CareTeam, through our secure messaging application.
All messages are sent and stored on our high-grade encryption servers. Messages are never stored in the permanent memory of your mobile device. If your phone or tablet is lost or stolen, simply notify us, so that we may deactivate your account, ensuring that your messages remain confidential.
Additionally, all DocbookMD users are required to sign a HIPAA business associates agreement (BAA) upon registration, outlining our data protection and the responsibilities of all parties, to keep patient information classified.
In layman's terms -
When someone sends a normal text message, that message is stored on your mobile device, then it's stored with your mobile carrier, then it's stored with the recipient's mobile carrier, then it's stored on the recipient's mobile device. It's most likely stored elsewhere as well, and that's four minimum points of failure where that ePHI is compromised. This is not HIPAA compliant.
When you send a message through DocbookMD, none of the messages are stored on your mobile device. They're all stored on our encrypted servers, and our application gives you secure access to those messages stored on our encrypted servers. The only information that's stored on your mobile device is the app itself. Whenever you send a photo with DocbookMD, we recommend that you please take a photo with this app (instead of using your mobile device's camera). This ensures that the photo is not stored on your phone and is only stored on our encrypted servers. It's really that easy.
To maintain the highest level of security, we recommend that you enable a pin lock in your mobile device settings, and also enable a pin lock within DocbookMD. If your mobile device is stolen or misplaced, they will need to get past those two pin locks to get to your patient data. If you notify us that your device was misplaced, we can also disable your account.
DocbookMD can also be access on the web - https://webapp.docbookmd.com/#/login As you can see, our website is "https" instead of "http." This let's you know that the website is encrypted and secure.
Here's an easy to read Snopes article that discusses the difference between http and https - http://www.snopes.com/computer/internet/https.asp
You may also view this wiki page that discusses the technicalities of http vs https in detail. - http://en.wikipedia.org/wiki/HTTP_Secure
To read more about how DocbookMD is HIPAA compliant, please visit our website's Features and HIPAA section here.