HomecareNet Mobile Security
How does HomecareNet Mobile security work? What protects the data if a nurse loses a device?
Device level
HomecareNet Mobile requires a four-digit alphanumeric PIN to enter the application. Once logged into the HomecareNet Mobile application, the user can
view all encounters (visits) on the device but is only permitted to edit encounters which have been created by the user that is logged
in. Additionally, a host administration feature allows the administrator to selectively provide access to one or any combination of
patient groups to the HomecareNet Mobile user, e.g. a user in group A will only see information pertinent to group A.
System level
The following is required before a user is authorized and capable of accessing, entering and editing information on the system:
- User (staff) must be entered in the HomecareNet/HomecareNet Mobile system and assigned a PIN.
- User must have a system status of Active, e.g. not terminated (Inactive).
- User must be added to the Sync Manager to authenticate him/her on each sync attempt.
- User must be assigned a unique device ID by a Host administrator to authorize the user to sync
with the HomecareNet/HomecareNet Mobile system.
- User must be initially staged by a host administrator, i.e. initial data load, to successfully complete the system sync process
There are several ways to disable a user's access to HomecareNet Mobile and its patient data in the event of a lost or stolen
device:
- Changing the staff status to inactive will disable the sending of any information to the staff device. This can be done by any
user with appropriate Viewer rights.
- Removing the device assigned to the staff will disable the HomecareNet Mobile sync with the device (via the staff device setup option
on the Host). This is done by a Host administrator.
- Removing the staff from the Hotsync Manager list will disable the device to perform any sync. This is done by a Host administrator.
During Sync
Data can be encrypted if it is transferred using a VPN.
Will nurses have to remember two logons, one for HomecareNet and one for HomecareNet Mobile?
A user (nurse) using both HomecareNet and HomecareNet Mobile will have the same staff ID in both applications. The passwords in the
two systems can, but do not have to be, set to the same values.
Will HomecareNet's security/logon system control the device's security/log-on system?
No. The logon processes are independent between the HomecareNet and HomecareNet Mobile products.
How is the data being transferred between the host system and the device secured? Is it encrypted?
PHI information on the Windows Mobile device is encrypted. The PDA un-encrypts PHI information as it is needed throughout the
HomecareNet Mobile application. The PIN authorization file sent to the device from the Host is also encrypted. During the sync process,
data flowing from the device to the Host remains encrypted. Technologies such as VPNs provide even greater security since all
data flow is encrypted still further.
Syncs via modem are performed via standard telephone connections, which is permitted under the HIPAA Security rule.
If a wireless or internet-based sync is utilized, the device is configured with a VPN client to provide a secure tunnel (path) to the
server.
Other features that support your compliance with HIPAA include:
- The ability to define a unique identifier and password for each user
- The ability to define security access to a group of patients
- The ability to terminate users in the system
- The ability to configure automatic logout after a period of inactivity (a standard device feature)
- The ability to audit a user's activity within the system on key data, such as patient, staff and MD.
Plus, the ability to keep a detail log of the most recent 30 syncs by any user.
For more information about HomecareNet Mobile, contact Healthcare Automation at (800) 738-8850 or
sales@healthcare-automation.com.
|
