Compliant Healthcare Messaging for Everyone
 
Hospify_security_crop.jpg
 
 

Security and compliance

Hospify combines cutting edge technology, powerful security with careful consideration of UK and EU rules for handling patient information. Talk to us to find out more, or take a look at some of our frequently asked questions.

The number one question we're asked is "why can't I just just WhatsApp?". Well, there are lots of reasons! Our CEO James Flint has written a blog post summarising them here.

 
 

How are messages made secure?

Messages are secured using high-level encryption on your phone or tablet and protected using a unique 6-digit pin-code.

Learn more... 

stored.png

Where are messages stored?

Messages are stored on your phone or tablet and the recipients phone for 30 days, then removed in line with GDPR rules for the safe removal of patient information.

Learn more...

patient_info.png

Should I anonymise patient information?

Hospify was developed to make it possible to send text and photo messages securely in course of delivering health care without the need to anonymise the data.

Learn more...

announce.png

Should I tell patients I'm using Hospify?

You can tell patients directly, however this may not be practical during the course of your work; it's sufficient to post a notice on your website.

Learn more...

 
 

"Cost effective and provably secure."

- Paul Hughes, Information Security Manager, North West Anglia NHS Foundation trust -

 
outline-security.png

How are messages made secure?

Messages are automatically encrypted on your phone before sending using ECIES using RFC standards, then sent via HTTPS. This ensure that that transmission of all data, including your messages and your user profile are protected. When you download the Hospify app you will be asked to set-up a 6-digit pin-code. You will enter the pin-code each time you access your messages. When you receive a new message, a notification will appear on your home screen much like other messaging apps, however the contents of the message will not be shown on the home screen, ensuring the message is kept private within the app. Fingerprint recognition will soon replace the pin-code to make it easier to access your messages.

 
stored.png

Where are messages stored?

Messages are stored on your phone or tablet and the recipient’s phone. To ensure messages reach the recipient safely, messages are sent via a relay server that will temporarily hold the message in case the recipient’s phone does not have a mobile phone signal. Further attempts will be made to deliver the message for up to 36 hours before the message is removed. The data on the relay server is AES-256 encrypted and are located within the EU, in line with GDPR legislation. Messages on your phone and the recipient’s phone are removed after 30 days to comply with GDPR rules on data retention.

 
announce.png

Should I anonymise patient information?

It’s not necessary to anonymise patient information with Hospify however some people chose to do so. Hospify was developed by our surgeon co-founder to send text and photo messages securely without the need for anonymisation. We consulted with the Information Commissioners Office (ICO) in developing Hospify to manage messages in a way that is compliant with GDPR legislation and have sought to find the best way possible to secure and transmit messages. Hospify has been approved for use by security and information governance teams around the UK has NHS IG Toolkit L2 and ISO27001 certification.

 
patient_info.png

Should I tell patients I'm using Hospify?

You can tell patients directly that you're using Hospify - and even suggest that they use it to communicate with you! However this may not be practical during the course of your work. The good news is that you don't have to actively ask patients for their permission in order to use Hospify to talk about them and share information about their conditions, as long as you're doing it in the course of delivering their care. 

Once Hospify is in widespread, regular use across your organisation, you should put on your a notice on your website to that effect, listing it alongside any other tools you use to handle data, in accordance with your organisations information governance policies. Something along these lines is general sufficient:

"In order to protect patient confidentiality and abide with European health data protection guidelines, staff in this Trust/medical practice may use Hospify when they communicate using their mobile devices in the course of their work. Hospify securely encrypts messages, passes them from handset to handset, holds no information about its users communications on its servers, and keeps all communications within the European Economic Area, so abiding by UK data protection and the terms of the European General Data Protection Regulation. For more information please visit www.hospify.com."