HIPAA compliant and secure communication internally and with patients is vital to the operations and growth of your healthcare organization. Not all communication solutions are the same. When some solutions may talk the talk and claim to be secure and compliant, Lua can prove that our mobile messaging and telehealth solution has all necessary safeguards and features needed to keep communication secure and in adherence of HIPAA rules and laws.
Lua meets the obligations required by HIPAA, HITECH, and the final HIPAA Omnibus ruling. Additionally, for customers who must maintain HIPAA compliance, Lua signs BAAs - a legal document that all Covered Entities (CE) must obtain from any Business Associate (BA) that receives, maintains or transmits PHI on their behalf. We're dedicated to serving healthcare organizations through providing the tools they need for HIPAA compliant, secure, and streamlined communications.
Features and Controls Relevant to HIPAA requirements:
Encryption Security Standards
Lua adheres to the highest industry standards for security at every level to keep your data private and safe. All data, communication, and files in Lua are TLS 256-bit AES encrypted at rest and in-transit, on both the device and the server allowing healthcare organizations to confidently share patient information. Only authorized users (not even Lua employees) have access to the information.
App User Level Security
Lua’s application is configured with proper logical security protocols. For example, upon logging out, all data is removed from the client device. Administrators can set password expiration schedules, require passcodes, hide message bodies in notifications and even set expiration times for messages.
Admin Console with Customizable Controls
A dedicated admin console gives your IT department and organization administrators the flexibility to control access and more. Easily add, remove or investigate users through an admin panel. These controls help organizations ensure that user accounts and access permissions are correctly specified on an ongoing basis, including revoking accounts.
User Authorization and Verification
Data is segmented at Network level within Lua; under no circumstances will it be available to users who have not been explicitly authorized to a Network. Lua also provides controls for defining and granting access to users permitted by the healthcare organization or user entity.
Only authorized individuals from the user entity are granted the ability to access, modify, and delete information from Lua’s application. Additionally, Administrators can revoke access to individual users, instantly removing all data from the client device.
With Audit Reports, you can take your security and compliance precautions to the next level by monitoring and auditing your communication. Specially designated administrators can create and run custom reports based on your policies and concerns - helping you stay HIPAA compliant. Everything in Lua is auditable, including logs, conversations, files, groups and more. Fully log and review actions, data, and processes - on your own terms and at your own discretion. Lua also integrates with 3rd party archiving services.
To learn more about the benefits of HIPAA Compliant communication for healthcare organizations download the 5 Ways HIPAA Compliant Messaging Improves Your Organization whitepaper.
Contact us to see Lua's features in action through a free demo or trial.