HIPAA & Security

The Basics of Protecting PHI

Up to 80% of physicians send and receive text messages using unsecured email systems to transport protected health information (PHI), which violates HIPAA rules. As a Business Associate of covered entities, Doc Halo has strict security features to protect PHI.


Doc Halo takes unprecedented steps to ensure the security of our data and the entire communication system.*

Healthcare organizations face significant technical and legal challenges in protecting their data and networks, and the smartphone revolution has added another layer of complexity. This problem has been difficult to control and will continue to grow as smartphone technology expands in health industry.

When a physician registers and uses Doc Halo, hospital IT departments no longer have to worry about physicians and other staff texting or sending unsecured email with PHI.

Our strict security measures include:

  1. PHI is encrypted at all levels (database, transmission and on the app with federally validated encryption standards)
  2. Secure Sockets Layer (SSL) with 2048 bit encryption for transmission of data
  3. All sensitive data stored with 256 bit AES encryption as approved by the National Security Agency (NSA)
  4. Remote mobile app wipe option in case of lost phone
  5. Auto log out with inactivity
  6. Maximum 30-day data life of all messages
  7. Doc Halo exclusive provider verification process (PVP) and 2-step verification for lost passwords
  8. Secure private server with backup
  9. Strategic firewalls and intrusion detection system
  10. CISSP certified security engine

*Doc Halo reserves the right to withhold publication of additional security and verification methods not mentioned for privacy reasons.


Doc Halo understands the importance of reliable and quick physician communication—lives literally depend on it. The Doc Halo mobile health platform functions on all spectrums of cellular data and Wi-Fi to ensure broad coverage and avoid "dead zones" commonly encountered in hospitals. The platform also tracks whether a message has been delivered and repeatedly pings the user until the message is retrieved.

The U.S. Department of Health and Human Services is expected to audit covered entities (hospitals, physicians, etc.) for privacy and security compliance, with a single violation generating a fine of $1,000 to $50,000. Doc Halo ensures strict compliance with HIPAA and all its features.

Rated highest standard vendor for care team communication by KLAS.

—Secure Communication 2016: Vendors Transitioning to Secure Communication Platforms

in the news

Read about Halo Pronto in HealthcareIT News.

Read More

Featured resource

The 10 essentials of a secure texting solution.

Read More

blog pick

Communication gaps that are costing your health system millions.

Read More