QliqSOFT’s “Security First” philosophy guides the design and management of its secure clinical collaboration platform. We’ve developed the Qliq encrypted messaging apps and platform from the ground up with security as the top priority. In the “HIPAA Omnibus Era,” healthcare organizations face challenging security risks from their partners and vendors in handling protected health information (PHI).At QliqSOFT, we have drastically reduced the security risk of a PHI breach by designing Qliq with a more robust security architecture on an enterprise-proven communication platform. Our three pillars of security achieve significant advantages over alternative messaging and collaboration solutions. It not only offers greater protection of patient information but also reduces motive, means and incentive for intruders.
Cloud Pass-Thru
First, Qliq uses a “Cloud Pass-Thru” messaging architecture, where encrypted messages pass from the sender through the Qliq Cloud server to the recipient. No large storage server keeps all the messages for all the Qliq users in the Cloud. Qliq’s “Cloud Pass-Thru” architecture is substantially more secure than legacy “client/server” architecture because no Protected Health Information (PHI) is stored or decrypted on the QliqSOFT servers. The client/server model commonly found is less secure since it involves decrypting, storing and logging of all messages on a 3rd party server.
Double Encryption
Second, Qliq is unique in that it uses an individual Public/Private Key Encryption model. Every Qliq user has a unique encryption key pair, and each message is encrypted specifically for the single recipient of the message. QliqSOFT has no access to the decryption keys (private keys).
Therefore, it is impossible for QliqSOFT to decrypt messages in transit and cannot access your PHI. Since “Cloud Pass-Thru” is peer-to-peer, all messages are encrypted/decrypted only in the app on your mobile devices and computers. In effect, all messages and PHI is “double-encrypted” as the metadata is also encrypted using TLS/HTTPS Transport encryption during network transmission.
Archive in Your Control
Lastly, Qliq offers a secure encrypted messaging archive (auditing) solution called QliqSTOR that resides behind the customer’s firewall and in their direct control. QliqSOFT does not store the archive containing extensive PHI on its cloud server. This drastically reduces 3rd party vendor risk of a PHI breach and provides easier access for eDiscovery research by the administrator.
Reduced Risk and Easier Compliance
QliqSOFT’s security approach dramatically reduces the risk of a breach of PHI since we serve only as a conduit of encrypted information. Furthermore, the fact that QliqSOFT (and its sub-vendors) cannot decrypt and access PHI allows you to complete your HIPAA security and risk analysis of QliqSOFT, which is required by the HIPAA Omnibus Rule, in less time and with fewer resources. With alternative client-server communication solutions, you need more extensive due diligence on vendors and sub-vendors, depend more on vendor security and face more risk and uncertainty.Click Here to Learn More about HIPAA Security Compliance
