Imprivata Cortext Secure Text Messaging Solution Validated as HIPAA Compliant by ecfirst

Comprehensive Third-Party Evaluation Assures Customers that Imprivata Cortext Meets Compliance and IT Security Requirements While Improving Clinical Communication

Lexington, Mass.—July 18, 2013—Imprivata®, a leading global provider of healthcare IT security solutions, today announced that ecfirst has validated Imprivata Cortext®, the company’s secure text messaging solution, as HIPAA compliant. The comprehensive third-party evaluation process ensures customers that Imprivata Cortext meets IT security and patient privacy requirements while supporting broader collaboration and improving communications efficiency amongst clinicians. In addition, Imprivata has initiated an ongoing program with ecfirst to train Imprivata employees and audit Imprivata Cortext applications and operations to ensure the proper controls and procedures remain in place to meet HIPAA and HITECH compliance requirements. 

The HIPAA/HITECH Business Associate endorsement process from ecfirst, a leading provider of compliance training and certification services, is based on ecfirst’s proprietary bizSHIELD™ methodology and includes a thorough assessment of product capabilities to ensure remediation priorities are addressed appropriately. The validation process is based on a comprehensive checklist influenced by OCR HIPAA-related resolution agreements, HIPAA guidance from the National Institute of Standards and Technology and other security standards and best practices.

“Imprivata Cortext is developed with the authentication, encryption, auditing and other security controls in place to meet HIPAA compliance and patient privacy requirements. A comprehensive analysis of the product’s capabilities reveals that Imprivata Cortext is an ideal choice for healthcare organizations considering a secure text messaging solution,” said Ali Pabrai, CEO of ecfirst. “This evaluation should also give customers added assurance that Imprivata is a well-qualified Business Associate and that potential risks to patient information have been sufficiently mitigated. This is especially important with the deadline to comply with the HIPAA Omnibus Rule and the possibility of significant enforcement action for violations looming.”

Imprivata Cortext enables clinicians to securely send text and picture messages from their smartphone, tablet or computer, which improves efficiency, enhances patient care and helps healthcare organizations address the deficiencies of pagers and other outdated communication technologies. Using cloud-based architecture, Imprivata Cortext employs several different encryption technologies, both while data is at rest and in transit, to ensure all information is transmitted and stored securely. Developed for the pace of clinical workflows, Imprivata Cortext includes features such as access to the organization’s contact directory through out-of-the-box AD synchronization, notifications and read receipts and quick callback requests. In addition, unlike competing text messaging products, Cortext supports cross-organization communication, which enables care providers to communicate with their colleagues across multiple organizations from within a single application to promote wider collaboration. To date, more than 1,100 healthcare organizations have enrolled their care providers in Imprivata Cortext.

“Imprivata is committed to working closely with customers to better understand their challenges from both the IT and the clinical perspective, which enables us to develop solutions with long-term strategic value. Imprivata Cortext, for example, delivers the fast, convenient communication that clinicians want while also ensuring IT is able to satisfy security and HIPAA compliance requirements,” said Ed Gaudet, General Manager of the Imprivata Cortext Products Group. “Receiving verification from ecfirst that Imprivata Cortext meets HIPAA compliance requirements is an important competitive differentiator for us as we continue to work with healthcare organizations to help solve their communication challenges and simplify healthcare IT to enable better focus on what matters most—patient care.”

According to a recent Ponemon Institute survey of healthcare professionals sponsored by Imprivata, the use of outdated communication technologies such as pagers can cost U.S. hospitals more than $8.3 million annually. Titled “The Economic & Productivity Impact of IT Security on Healthcare,” the report also finds that the use of outmoded communication technologies negatively impacts patient care—average patient discharge time is currently 101 minutes, which 65 percent of survey respondents believe could be cut to 50 minutes with secure text messaging.

Imprivata will host a webinar titled “The CIO’s Guide to HIPAA Compliant Text Messaging” featuring Ali Pabrai of ecfirst to provide more detail about the Imprivata Cortext HIPAA evaluation process and criteria on Thursday, July 18, 2013 at 1 p.m. EDT. To register, please visit

Customer and Analyst Quotes

Edward Ricks, vice president of information services and CIO at Beaufort Memorial Hospital in Beaufort, S.C.

“We have used Imprivata’s single sign-on and authentication management solutions for years to enable No Click Access™ to clinical systems and patient information, which delivers both the security that IT requires and the convenience that clinicians need to better focus on patient care. This gave us confidence that Imprivata Cortext would satisfy both IT and clinical workflow requirements when we decided to introduce secure text messaging. As expected, our clinicians have been extremely impressed with the functionality and ease-of-use of Imprivata Cortext, which has improved productivity and enhanced patient care while maintaining compliance with HIPAA and privacy regulations. Imprivata is an integral partner in our long-term IT strategy because it develops solutions that are fast, secure and enable clinicians to focus on what matters most—delivering high-quality patient care.”

Chuck Deckert, vice president, health information technology solutions with Sharp Community Medical Group in San Diego, Calif. 

“Like many healthcare IT executives, we are constantly trying to balance convenience and ease-of-use with security and compliance requirements. Our clinicians were particularly frustrated by the inability to use text messaging to communicate and collaborate with one another, which prompted us to evaluate potential solutions. After considering several options, we elected to deploy Imprivata Cortext. The product is equipped with all the functionality to satisfy our clinicians’ needs for faster, more efficient communication. With the third-party HIPAA compliance evaluation now complete, we are also assured that private patient health information will remain secure as we roll out Cortext on a larger scale.”

Lynne Dunbrack, program director, connected health IT, IDC Health Insights

“Increasing demand amongst clinicians to use smartphones and other modern technologies presents a number of security and compliance challenges for healthcare organizations. Our research in this area highlights the need for solutions that remove the barrier to technology created by HIPAA and security requirements to provide care givers with the convenience they need to better communicate, collaborate and care for patients.”

About Imprivata

Imprivata, the leader in healthcare IT security, enables secure access and collaboration for two million healthcare users worldwide. As the #1 independent provider of single sign-on and access management solutions for healthcare and other regulated industries, Imprivata OneSign® Single Sign-On is exclusively endorsed by the American Hospital Association (AHA) and recognized by Gartner and KLAS. Imprivata Cortext is the leading free HIPAA compliant text messaging solution for healthcare. Headquartered in Lexington, Massachusetts, Imprivata serves 1,300 hospitals in partnership with over 200 EMR and technology infrastructure vendors around the world. For more information, please visit

All Imprivata products are trademarks of Imprivata, Inc. in the USA and other countries. All other product or company names mentioned are the property of their respective owners.


# # #