Amion includes free, secure, HIPAA-compliant two-way messaging with every Amion schedule.

Amion has always made it easy to page staff right from the schedule. We will continue to support all messaging platforms, including pagers, SMS texting and other secure-messaging systems and communication systems like TigerConnect, Diagnotes and others.

With Amion messaging, you don't need to carry a separate device or install additional apps on your phone for work-related communications. You also won't have to worry about what information is or isn't allowed in an electronic message.

Complete setup guide + secure messaging via Amion.

Why does messaging need to be secure?

When messages contain patient names, phone numbers or other personally identifiable information, the government can levy significant fines if the messages are not handled in a secure fashion.

Use initials or room numbers only and you should be OK. Every staff member would need to follow the guidelines, though.

Use enough abbreviations and messages can be difficult to interpret. Cryptic messages can make delivering timely, quality care more difficult.

Secure messaging lets staff focus on patients instead of worrying about what information can or cannot go in a message. Secure messages can include photos and other information-rich attachments that can help streamline patient care.

Aren't pagers secure?

Pagers are not secure. If a pager is misplaced, anyone who picks up the device can read every message in its memory. Transmission towers don't encrypt their signals; a snoop with a radio receiver could log every message to every pager at a hospital.

Even if they were secure, pagers are not very dynamic. Most pagers don't let you reply to a message or notify the sender that you received or read the text. And have you ever tried sending a picture to a pager?

Why aren't SMS texts HIPAA-compliant?

Texting on a cell phone is more dynamic but SMS messages are not secure. They're not encrypted on the phone or while being transmitted. Outside parties could intercept and read them as they travel through the Internet or over the air.

How secure are Amion messages?

Amion has partnered with mobile developer Doximity to provide an easy-to-use app that includes the highest standards of security. Doximity is a trusted medical network, with 1 in 3 physicians in the U.S. already registered as members. Messages sent across Amion are encrypted from the device to the server and back to the recipient. Messages are never stored on the device. If someone loses a phone, no messages will display on the device itself. Messages are stored encrypted on HIPAA-secure servers in Seattle and Virginia, and monitored for potential security threats every day. ( Doximity Privacy Policy).

Amion secure messages incorporate several best-in-class security features that balance the convenience of text messages with the security of patient information. Upon receiving a new message, for example, Smart Secure redacts names and other sensitive information and shows a PHI-free snippet of the text on a phone’s lock screen.

How do I receive Amion Secure Messages?

To receive messages, you’ll need an iPhone or Android smartphone and the free Amion mobile app, the same app you may already use to view Amion schedules. Download or update the app and create a free Doximity account to securely verify your identity. Next, subscribe to your group’s Amion schedule and choose your name from the staff list. If you already have the app but haven’t identified yourself, tap the Calendars tab and add your schedule.

If you have a red bubble next to your name at Amion, double check that you have the latest version of the Amion app, that you have verified your identity with Doximity, and that you have subscribed to your personal schedule in the Calendars tab of the app.

How do I verify my identity with Doximity?

Registering with Doximity is as simple as finding your profile, verifying with a few questions, and creating a login. You can do this through the Amion App or on Doximity’s website. You’ll need just your name and an email to get started.

Administrators and non-physician providers can join Doximity and verify by sending an email to support@doximity.com to get full access to the Amion mobile app. Administrators will need to manually register and enter their information, whereas physicians, NPs, and PAs will have a profile waiting for them to claim.

How can I send Amion Secure Messages?

You send messages from your smartphone or from your Amion schedule page.

On your Amion.com schedule, click a green speech bubble next to a provider’s name. () A red speech bubble () means the person hasn’t installed the Amion mobile app or hasn’t identified him or herself on the Calendars tab. Click a red bubble for instructions on how to set up messaging. If your schedule allows it, you can still send a page or text message but it might not be secure. Messages from Amion schedules are one-way, but messages sent from the app allow two-way conversations.

On your smartphone, you’ll need the Amion mobile app. Install the app and create or log in to your Doximity account. If this is your first time using a Doximity service, you’ll need to verify your identity.

Next, subscribe to one or more Amion schedules. On your smartphone, Amion Secure Messages work a lot like familiar cell phone text messages, but now your Amion schedule is your contacts list. Tap someone’s name on your Who’s On list, or choose New Message from the messages screen and type someone’s name. You can send a message to any person on your schedule.

Does this replace our existing paging options?

Amion Secure Messaging is designed to enhance the existing communication between your team-members and provide a secure, HIPAA-compliant alternative to traditional text messages. It will work alongside your existing paging system. Or you can configure Amion to route all messages to the app.

Can I disable Amion Secure Messaging?

We think groups of any size will benefit from Amion Secure Messaging and it’s included free with every Amion license. If you prefer to not use our messaging, you can disable it. Enterprise accounts can toggle messaging off or route messages to a different platform; log into Amion with you master admin passwords and go to the Software Options page. Individual groups will need to open a recent version of OnCall and go to File / Preferences / Messaging.

How long are messages stored?

Messages sent via the mobile app are never deleted from the Doximity servers and are stored in an encrypted format. A feature coming soon will allow users to "delete" a message from their inbox, which in effect hides it from their views.

Messages "live" on a mobile device only during a specific period of time:

• User opens the app and taps the messages tab. It loads their current messages (before this point, they are not on the device).
• Messages are stored temporarily on the device until user quits the app.
• After users quits the app, all message content is removed from the temporary storage on the device. It no longer lives on the device.

What ensures HIPAA compliance?

Highlights of the Amion App/Doximity’s security and compliance components include:

• Unique user identification and verification
• User authentication to confirm the medical professional’s identity
• SSL handshake protocol with 2048-bit RSA cryptosystem
• Secure inbox with endtoend 256-bit AES digital encryption with CBC mode
• Audit control to protect users from security violations
• Backup of all network activity
• Require users to input strong passwords when signing into the application

Amion Secure Messaging is certified as a National Institute of Standards and Technology (NIST) Level 3 assured product. This certifies us as a hardware device that is a cryptographic module validated at FIPS 1402 Level 1 or higher. Validation testing of cryptographic modules and algorithms for conformance to Federal Information Processing Standard (FIPS) 1402, Security Requirements for Cryptographic Modules, is managed by NIST.

Information is transmitted via encrypted connections and stored in encrypted hard drives on HIPAA-compliant infrastructure providers (monitored authorized personnel access; in Seattle and Virginia).