Amion includes free, secure, HIPAA-compliant two-way messaging with every Amion schedule.
Amion has always made it easy to page staff right from the schedule. We will continue
to support all messaging platforms, including pagers, SMS texting and other secure-messaging
systems and communication systems like TigerConnect, Diagnotes and others.
With Amion messaging, you don't need to carry a separate device or install additional
apps on your phone for work-related communications. You also won't have to worry about
what information is or isn't allowed in an electronic message.
Complete setup guide + secure messaging
Why does messaging need to be secure?
When messages contain patient names, phone numbers or other personally identifiable
information, the government can levy significant fines if the messages are not handled
in a secure fashion.
Use initials or room numbers only and you should be OK. Every staff member would need
to follow the guidelines, though.
Use enough abbreviations and messages can be difficult to interpret. Cryptic messages
can make delivering timely, quality care more difficult.
Secure messaging lets staff focus on patients instead of worrying about what information
can or cannot go in a message. Secure messages can include photos and other information-rich
attachments that can help streamline patient care.
Aren't pagers secure?
Pagers are not secure. If a pager is misplaced, anyone who picks up the device can
read every message in its memory. Transmission towers don't encrypt their signals;
a snoop with a radio receiver could log every message to every pager at a hospital.
Even if they were secure, pagers are not very dynamic. Most pagers don't let you reply
to a message or notify the sender that you received or read the text. And have you
ever tried sending a picture to a pager?
Why aren't SMS texts HIPAA-compliant?
Texting on a cell phone is more dynamic but SMS messages are not secure. They're not
encrypted on the phone or while being transmitted. Outside parties could intercept
and read them as they travel through the Internet or over the air.
How secure are Amion messages?
Amion has partnered with mobile developer Doximity
to provide an easy-to-use app that includes the highest standards of security. Doximity
is a trusted medical network, with 1 in 3 physicians in the U.S. already registered
as members. Messages sent across Amion are encrypted from the device to the server
and back to the recipient. Messages are never stored on the device. If someone loses
a phone, no messages will display on the device itself. Messages are stored encrypted
on HIPAA-secure servers in Seattle and Virginia, and monitored for potential security
threats every day. ( Doximity
Amion secure messages incorporate several best-in-class security features that balance
the convenience of text messages with the security of patient information. Upon receiving
a new message, for example, Smart Secure redacts names and other sensitive
information and shows a PHI-free snippet of the text on a phoneís lock screen.
How do I receive Amion Secure Messages?
To receive messages, youíll need an iPhone or Android smartphone and the free Amion mobile app, the same app you may already use to view Amion schedules.
Download or update the app and create a free Doximity account to securely verify your
identity. Next, subscribe to your groupís Amion schedule and choose your name from
the staff list. If you already have the app but havenít identified yourself, tap the
Calendars tab and add your schedule.
If you have a red bubble next to your name at Amion, double check that you have the
latest version of the Amion app, that you have verified your identity with Doximity,
and that you have subscribed to your personal schedule in the Calendars tab of the
How do I verify my identity with Doximity?
Registering with Doximity is as simple as finding your profile, verifying with a few
questions, and creating a login. You can do this through the Amion App or on Doximityís
website. Youíll need just your name and an email to get started.
Administrators and non-physician providers can join Doximity and verify by sending
an email to firstname.lastname@example.org to get full access to the Amion mobile app. Administrators
will need to manually register and enter their information, whereas physicians, NPs,
and PAs will have a profile waiting for them to claim.
How can I send Amion Secure Messages?
You send messages from your smartphone or from your Amion schedule page.
On your Amion.com schedule, click a green speech bubble next to a providerís name.
() A red speech bubble () means the person hasnít installed
the Amion mobile app or hasnít identified him or herself on the Calendars tab. Click
a red bubble for instructions on how to set up messaging. If your schedule allows
it, you can still send a page or text message but it might not be secure. Messages
from Amion schedules are one-way, but messages sent from the app allow two-way conversations.
On your smartphone, youíll need the Amion mobile app. Install the app and create or
log in to your Doximity account. If this is your first time using a Doximity service,
youíll need to verify your identity.
Next, subscribe to one or more Amion schedules. On your smartphone, Amion Secure Messages
work a lot like familiar cell phone text messages, but now your Amion schedule is
your contacts list. Tap someoneís name on your Whoís On list, or choose New Message
from the messages screen and type someoneís name. You can send a message to any person
on your schedule.
Does this replace our existing paging options?
Amion Secure Messaging is designed to enhance the existing communication between your
team-members and provide a secure, HIPAA-compliant alternative to traditional text
messages. It will work alongside your existing paging system. Or you can configure
Amion to route all messages to the app.
Can I disable Amion Secure Messaging?
We think groups of any size will benefit from Amion Secure Messaging and itís included
free with every Amion license. If you prefer to not use our messaging, you can disable
it. Enterprise accounts can toggle messaging off or route messages to a different
platform; log into Amion with you master admin passwords and go to the Software Options
page. Individual groups will need to open a recent version of OnCall and go to File
/ Preferences / Messaging.
How long are messages stored?
Messages sent via the mobile app are never deleted from the Doximity servers and are
stored in an encrypted format. A feature coming soon will allow users to "delete"
a message from their inbox, which in effect hides it from their views.
Messages "live" on a mobile device only during a specific period of time:
- User opens the app and taps the messages tab. It loads their current messages
(before this point, they are not on the device).
- Messages are stored temporarily on the device until user quits the app.
- After users quits the app, all message content is removed from the temporary storage
on the device. It no longer lives on the device.
What ensures HIPAA compliance?
Highlights of the Amion App/Doximityís security and compliance components include:
- Unique user identification and verification
- User authentication to confirm the medical professionalís identity
- SSL handshake protocol with 2048-bit RSA cryptosystem
- Secure inbox with endtoend 256-bit AES digital encryption with CBC mode
- Audit control to protect users from security violations
- Backup of all network activity
- Require users to input strong passwords when signing into the application
Amion Secure Messaging is certified as a National Institute of Standards and Technology
(NIST) Level 3 assured product. This certifies us as a hardware device that is a cryptographic
module validated at FIPS 1402 Level 1 or higher. Validation testing of cryptographic
modules and algorithms for conformance to Federal Information Processing Standard
(FIPS) 1402, Security Requirements for Cryptographic Modules, is managed by NIST.
Information is transmitted via encrypted connections and stored in encrypted hard
drives on HIPAA-compliant infrastructure providers (monitored authorized personnel
access; in Seattle and Virginia).