Data of Messaging App JusTalk Has been Compromised. Here is How to Not Repeat History With Your HIPAA Compliant Texting App

4 months ago

The idea of a messaging or texting app seems simple. But the use cases are very personal. 

And when it deploys in healthcare settings, privacy and security concerns raise ten folds.  

Every messaging app claims to be the most secure app and the reason they give is having end-to-end encryption. 

But app security is more than just data encryption!  

The most popular and secure messaging app JusTalk and the story of it losing both ‘popular’ and ‘secure’ thrones 

Imagine a messaging app having 20 million users. 

The major use cases of that app are chatting, voice calls, video call and image/video sharing. 

And the best part, the app company claims that the app is having end-to-end encryption and only you and the person you are chatting with have access to your messages, images and videos.  


But you know what, millions of messages just got leaked out of that most secure app!  

Here is what exactly got leaked online. 

  • Millions of JusTalk user messages
  • Precise date and time they were sent
  • The phone numbers of both the sender and recipient
  • Records of calls 
  • Granular locations of thousands of users

We now have two questions for you. 

Question #1: As a user, would you dare to be the victim of this disaster? 

Question #2: And as an app owner, would you dare to let your app be the victim of such a disaster? 

If your answer to these both questions is no, welcome to the club! 

HIPAA compliant texting app for medical professionals: How is it different from normal texting apps? 

Ever since its existence, users have been using messaging apps to remain connected to their friends and family. 

With time, messaging apps have evolved greatly and allowed users to communicate in very engaging ways. 

However, even after so many advancements and developments, the essence of messaging apps remains very close to the fun and casual talking. 

But now when the need is urgent and messaging apps can address it, many tech enthusiasts and entrepreneurs are attempting to use it in healthcare settings. 

While the concept of messaging apps still remains the same, it of course requires some level of customization to make it healthcare-friendly. 

So, let’s now discuss the factors which draw a line between healthcare-friendly chat apps and normal chat apps. 

  • Compliance 

Messaging apps supposed to be used in healthcare settings must address all healthcare privacy and security regulations. 

And just to let you know, data encryption is just one of the regulations. 

  • Interoperability 

HIPAA compliant texting for medical professionals must be able to work with other healthcare systems - in an aligned manner while ensuring the highest level of data accuracy. 

  • UI/UX 

UI/UX of any app being used in healthcare settings must be most accessible with large buttons, easily readable text and voice control. 

Use cases of HIPAA compliant texting apps in healthcare settings 

You might be wrong. Texting apps in healthcare can be used in so many different ways. 

The more ways you use, the more revenue you can make. 

So, here sharing top use cases. 

  • Chat-based teleconsultation 
  • Patient onboarding 
  • Free self-care guide 
  • Reminders 
  • Instant medical assistance in non-emergency situations 
  • Medical images sharing 
  • Medical reports sharing 
  • Internal and external healthcare communication and collaboration 
  • Chatbot-based appointment booking
Appointment booking chatbot

Different healthcare entities that can easily capitalize on HIPAA compliant messaging app 

The best part of a HIPAA compliant messaging app is that it can easily be deployed in any healthcare environment to bridge the gap between providers, staff and patients. 

The following are top such healthcare environments. 

  • Walk-in clinics
  • Hospitals   
  • Wellness and nutrition clinics 
  • Medical labs 
  • Clinical trial sites 
  • Chronic care clinics 
  • Nursing homes 
  • Mental health clinics 
  • Physiotherapy centers 
  • Cosmetic surgery facilities
  • Vision centers
  • Dental clinics 
  • Pharmacies 
  • Home care agencies 

How to make a messaging app secure and private enough that it can be used in healthcare settings? 

The problem is not with its complexity. But with the process. IT companies which build messaging apps for the healthcare industry either lack knowledge of healthcare-specific privacy & security concerns or follow the wrong process. 

The following is a guide to building messaging apps healthcare-friendly. 

  • Follow HIPAA regulations at different levels 

You must follow HIPAA’s both technical and administrative regulations at both IT infrastructure and back-office levels. 

Apart from this, you must carry out a HIPAA audit every 6 months to make sure there is no newly evolved privacy or security concern. 

Because HIPAA regulations have been drafted in such a way that by following those guidelines, you automatically make your IT infrastructure secure and private. 

  • Carry out PIA 

PIA (Privacy Impact Assessment) is all about discovering the privacy vulnerabilities your entire organization has. So, once you know the privacy vulnerabilities, you can easily fill those out and ensure secure back-office operations that directly influence the privacy of your tech infrastructure. 

  • Carry out TRA 

Unlike PIA, TRA (Threat and Risk Assessment) is exclusively carried out on the app or software to find out the privacy vulnerabilities that particular app/software holds. (PIA/TRA is mandatory under healthcare data privacy laws in many regions.) 

You must read: How to execute PIA and TRA?

  • Choose HIPAA-compliant APIs only 

To build a messaging app, you would require a communication API to achieve chat, voice call and video call functionalities very easily. Thus, when it comes to choosing an API, always make sure to choose a HIPAA-compliant API. Otherwise, it will bring several security and privacy risks. 

  • Choose HIPAA compliant cloud provider 

Like API, you also need to choose only a HIPAA compliant cloud provider to host your application and its data. Otherwise, it would be very easy for intruders to access the app data through the privacy vulnerability that the cloud has. 

  • Always hire a healthcare-specific IT company 

Healthcare is a very unique industry. To build a health tech platform, healthcare-specific knowledge and on-ground understanding of compliance laws along with privacy and security concerns are required. And as compared to IT companies entertaining all industries, healthcare-specific IT companies are equipped with the required health tech and compliance knowledge and experience. 

We’re exactly what you are looking for: North American, healthcare IT company, serving healthcare startups, providers and enterprises 

We have a lot other things to say. And this all ultimately benefits you only! 

We are a young team. And the best part of our team is, all have an intense level of passion for healthcare. 

Our team members include UI/UX designers, developers, business analysts, compliance specialists, DevOps engineers, QA engineers and healthcare professionals. 

We have so far during the last 7 years built several healthcare mobile/web apps ranging from telemedicine to mental health, skincare, senior care and even for chronic care. 

We have the vision to make healthcare affordable, rapid and more accessible with the tech knowledge we are blessed with. 

The perfect fusion of clinical value and peace of mind is what we always deliver to our clients. 

And last but not least, we bet on the vision you are having, not the project size! So, let’s have a productive talk. (We don’t have salespeople. You will be directly talking to healthcare experts.)

The following is our healthcare project delivery approach.

Healthcare app development approach