Software Defined Technologies Bring HIPAA Compliance to Mobile Devices


Many Healthcare organizations are looking to grow their mobile initiatives. After all, equipping healthcare providers with instantaneous and accurate information has become a critical component of value based healthcare. Yet, those mobile devices present many challenges to healthcare provides, particularly when it comes to maintaining HIPAA compliance. Simply put, HIPAA dictates how to manage PHI (Protected Health Information), more commonly known as patient data, and makes sure that the information remains secure.

There-in lies the real challenge – how to openly disseminate data to those that need to act on it, while also keeping that data protected from those that have no businesses accessing it. It’s a challenge that requires the coordination of what were once considered separate security elements; what device is being used, how that device is connected, the location of the device, what networks that device communicates over, who the user is, what application is being used, and what type of data is being transmitted. Failure to accurately assess and control any of those aspects can lead to a data breach, and a compliance violation, both potentially expensive problems to remediate.

Mobility vendor NetMotion is attempting to mitigate the problems of mobility in the healthcare industry with its latest iteration of NetMotion Mobility (Please see my review over at eSecurityPlanet.Com) , the company aims to bring the power of Software Defined Everything (SDx) to the forefront of mobile security technology.

NetMotion seems to take a different approach than other mobile security vendors by incorporating full end to end control over the device, the user, and the application. Mobility uses software defined controls that are driven by administrator defined polices, which in turn interact with a piece of client software on the mobile device. That client software encrypts traffic, while also establishing control over the device using policies that are housed on the Mobility server.

Those policy driven controls can be location sensitive, user sensitive, and application sensitive, giving administrators granular control over the data, a critical concern for those seeking to maintain HIPAA compliance. By basing security on the triad of device, application, and user, tasks such as auditing, enforcement, and reporting become much easier.

In the quest to achieve compliance, healthcare organizations can learn from the lessons offered by NetMotion and extract those best practices that matter the most to a given organization. Simply put, achieving compliance means knowing the who, what, when, and where of data access, and wrapping the appropriate intelligence around it to make sure that access is valid.