• No results found

Engage Mobile Security Whitepaper

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Engage Mobile Security Whitepaper"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Engage Mobile Security Whitepaper

NavisHealth Platform Products

NavisHealth

(2)

WHITEPAPER

About NavisHealth

NavisHealth is a Silicon Valley, Digital Health IT Solutions Company that provides a cloud-based companion EHR with an integrated mobile application suite to engage senior management and patients. We serve acute care hospitals and healthcare organizations of all sizes, throughout the US. Fusing our expertise in leading-edge technology with clinical operations, we deliver the cutting-leading-edge healthcare solutions that our customers need.

We’re a recognized thought leader on the most important questions in healthcare today – from ‘Meaningful Use’ of electronic medical records, to patient engagement, data security and system interoperability. This allows us to develop highly-effective, innovative solutions for our clients’ most pressing technical and business issues.

Engage Platform Overview

Engage gives you a simple set of intuitive mobile tools that help you meet and exceed your 5% Meaningful Use target for ‘View, Download and Transmit’ by helping your patients get involved and engaged in their own

treatment. This whitepaper describes how Engage by NavisHealth ensures the confidentiality, integrity, and availability of its mobile platform. Engage platform is a secure, on-demand, Healthcare Cloud Solution providing patients instantaneous access to elements of their electronic protected health information (ePHI). The system is built on a public cloud platform that serves as an integrated framework for aggregating clinical events from disparate systems and transforming the data into easy-to-read, concise, and meaningful displays that can interact with today’s common smartphone technologies. The platform consists of three key

components (See Figure 1 below):

 An Engage Mobile application that is downloadable for both iPhone (iOS) and Android Smartphones;

 A secure and fault tolerant NavisHealth Cloud Service (NCS) that interfaces with the Engage mobile application to supply data to the hospital patient’s smartphone;

 Direct Messaging interfaces between NCS and the Health Information Service Providers (HISP) of participating hospitals, allowing secure exchanges of a patient health information according to national security standards (see http://www.healthit.gov/policy-researchers-implementers/direct-project )

Security for each of these components is important to the overall privacy of the patient health information, as described below.

Engage Mobile Application Security

Mobile security is currently a hot topic among IT professionals and developers, with widespread concern over vulnerabilities being revealed in many of today’s mobile apps. Healthcare mobile apps require greater attention

(3)

WHITEPAPER

given the federal and state regulations pertaining to privacy of patient health information. This is an emphasis in Engage; the mobile application is developed specifically with patient privacy in mind:

Identity Management features include:

 Multi-factor authentication: registration of a patient to use the Engage Platform involves prior

identification with hospital, a verified phone number, and security questionnaire’s according to industry standards;

 Tokenization of mobile device: Interaction with the NavisHealth Cloud Service requires tokens issued to the device during registration; the mobile device can only retrieve patient information for the registered patient, and no one else

Storage features:

 Persistent data on the device is limited;

 Shared or insecure storage file systems are not utilized

Encryption:

 transmission encryption uses TLS/SSL Authentication and AES-256 encryption, according to common industry standards

App login and session management:

 Access to Engage requires a PIN to unlock the mobile App;

 Session timeout for inactivity and session termination upon exiting the App;

 Every instance of an Engage App will have its own unique endpoint ID;

 Only 1 instance of the Engage App can be active at any given time;

 Engage App is tied to the user’s mobile phone number, if the number changes, the user will be required to re-authenticate;

 If the user enters the wrong PIN 3 times, the App will be suspended for 5 minutes (Initial suspension); after 5 minutes have elapsed, the user will have 3 more chances to enter the correct PIN, if the user enters the wrong PIN 3 times after the Initial suspension, the App will be locked and user will need to contact Customer Service to restore access

NavisHealth Cloud Service Security

The NavisHealth Cloud service operates in an ISO27001 datacenter that is monitored 24x7x365. The datacenter infrastructure is built with best-of-breed security technology and fault tolerance. Firewalls and Intrusion Detection Systems (IDS) offer protection to critical resources. Encryption of data-at-rest health information is employed, as mandated by HIPAA, as is auditing and logging of information system activity. Vulnerability testing and regular system updates are among the best practices used by the NavisHealth

(4)

WHITEPAPER

Operations team. Business continuity is maintained with ongoing disaster recovery testing and data redundancy.

Direct Messaging Security

The Engage Platform requires interaction with participating hospitals or their Health Information Service Providers (HISP) to receive current patient data. It is therefore designed to use the interoperability standards of the Direct Project (http://www.healthit.gov/policy-researchers-implementers/direct-project ) to securely

exchange patient health information as part of the developing Nationwide Health Information Network (NwHIN).

The Direct Project mandates the use of AES encryption between HISP’s using SMTP and S/MIME. For more information, please see

http://wiki.directproject.org/Applicability+Statement+for+Secure+Health+Transport+Working+Version

About NavisHealth Operations and Team

At NavisHealth we believe that security is everyone’s responsibility. Below are some of the specific programs in place that are part of our organization:

 Security Awareness Training annually (October) for all employees;

 All operations engineers are required to be CompTIA Security+™ Certified at a minimum;

 All operations engineers are required to complete HIPAA-specific training within 12 months of employment;

 All operations engineers abide by ITIL Service Management best practices in support of the NAAVIS Cloud Service

Conclusion

NavisHealth is committed to safely and securely storing sensitive information across our entire platform. As a Healthcare vendor, it is our emphasis to build products and operate system environments in a way that instills confidence in our customers. With Engage by NavisHealth, we have taken this emphasis to the mobile platform that achieves the privacy and protections the healthcare industry is striving for.

(5)

WHITEPAPER

Main Office

2560 Mission College Blvd. Suite 104 Santa Clara, California 95054 Tel: 408-780-0230 Fax: 408-716-4955 Contact: Ronda Carlson Tel: 408-780-0230 ext. 210 Cell: 415-306-1426 www.navishealth.com

Figure 1: Engage Platform Diagram

ENGAGE MOBILE PLATFORM

SECURITY OVERVIEW DIAGRAM

References

Download now ( PDF - 5 Page - 445.00 KB )

Related documents

Agricultura familiar, produção e comercialização de alimentos para o pnae no município de Marechal Cândido Rondon - PR / Family agriculture, food production and marketing through the pnae in the municipality of Marechal Cândido Rondon - PR

Analise da comercialização de alimentos através do Programa Nacional de Alimentação Escolar (PNAE) no Município de Marechal Cândido Rondon, Paraná, foi realizada

IMPROVEMENT OF THE BILL OF MATERIALS (BOM) GENERATOR FOR PRODUCT VARIANTS

In order to overcome the problems, previous research has developed a product data model using a single structure for many product variants.. The research also

SAS Mobile BI Security and the Mobile Device

To prevent offline access to mobile data on a server, the SAS Visual Analytics administrator assigns users or groups to a role that has the Purge Mobile Report Data capability..

Wednesday 16 January 2019 Afternoon

2b showing the correct position of the dial to accurately measure the voltage of the power supply on the

Taxation by Auction: Fund-Raising by 19th Century Indian Guilds

compare the auction mechanism to conventional forms of taxation and show that under certain conditions, not only will a majority of the guild members prefer to be taxed via the

How to arrive to the UNIVERSITY CARLOS III OF MADRID, Avenida de la Universidad 30, Leganes (Madrid)

(Take the left hand exit to “Calle Virgen del Camino” and follow on a straight ahead on to “Calle Santa Rosa”. You will find the University to the right of the first

Public Sector

The public sector is widely perceived as facing issues relating to corruption. There is a reasonable legal framework for accountability and integrity of public

internationalisation of korean performing arts; a case study analysis

This paper has adopted a cross-disciplinary perspective in researching the internationalisation of Korean performing arts organisations by analysing the