NetMotion Mobility XE HIPAA Compliance
To comply with HIPAA data security standards, hospitals must meet five main requirements. Here are those requirements and a short description of how Mobility XE meets each one:
- Confidentiality—Keep all transfers of information private; ensure that information is not made available or disclosed to unauthorized individuals
Mobility XE's VPN allows you to encrypt data from the mobile device all the way through to the Mobility server: medical data is kept confidential through the airwaves and over public network infrastructures.
- Integrity—Ensure that data has not been changed en route or in storage
Encryption alone is not enough to ensure the integrity of data as it is transferred. Mobility XE performs a computational integrity check before encryption, encrypts the data as it travels between the mobile device and the Mobility server, and then validates it after decryption.
- Authentication—Verify that the person sending the message is who he or she claims to be
A user establishes his identity by logging in to the Mobility client using his Windows domain user name and password.
- Non-repudiation—Once a transaction occurs, neither the sender nor the recipient can deny that it took place
Mobility XE does not provide any specific non-repudiation functions, which must typically be implemented within a medical application. But Mobility does allow you to securely use a medical application with non-repudiation capabilities over a wireless network.
- Authorization—Give authenticated users access to network information and resources based on defined privileges
Once a user is authenticated via Mobility XE, access to network resources and applications is controlled through the Windows 2000 or Windows 2003 domain. Using the Windows domain credentials allows for a single sign-on process and involves no extra work for the IT department. Once a user has been authenticated, Mobility seamlessly establishes the communications path for transporting application data.
See HIPAA Security for Wireless Networks for the sections of HIPAA that focus on protected health information and the steps to HIPAA compliance.
