SDx and Mobile Security

Software Defined Technologies Bring HIPAA Compliance to Mobile Devices

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!


Many Healthcare organizations are looking to grow their mobile initiatives. After all, equipping healthcare providers with instantaneous and accurate information has become a critical component of value based healthcare. Yet, those mobile devices present many challenges to healthcare provides, particularly when it comes to maintaining HIPAA compliance. Simply put, HIPAA dictates how to manage PHI (Protected Health Information), more commonly known as patient data, and makes sure that the information remains secure.

There-in lies the real challenge – how to openly disseminate data to those that need to act on it, while also keeping that data protected from those that have no businesses accessing it. It’s a challenge that requires the coordination of what were once considered separate security elements; what device is being used, how that device is connected, the location of the device, what networks that device communicates over, who the user is, what application is being used, and what type of data is being transmitted. Failure to accurately assess and control any of those aspects can lead to a data breach, and a compliance violation, both potentially expensive problems to remediate.

Mobility vendor NetMotion is attempting to mitigate the problems of mobility in the healthcare industry with its latest iteration of NetMotion Mobility (Please see my review over at eSecurityPlanet.Com) , the company aims to bring the power of Software Defined Everything (SDx) to the forefront of mobile security technology.

NetMotion seems to take a different approach than other mobile security vendors by incorporating full end to end control over the device, the user, and the application. Mobility uses software defined controls that are driven by administrator defined polices, which in turn interact with a piece of client software on the mobile device. That client software encrypts traffic, while also establishing control over the device using policies that are housed on the Mobility server.

Those policy driven controls can be location sensitive, user sensitive, and application sensitive, giving administrators granular control over the data, a critical concern for those seeking to maintain HIPAA compliance. By basing security on the triad of device, application, and user, tasks such as auditing, enforcement, and reporting become much easier.

In the quest to achieve compliance, healthcare organizations can learn from the lessons offered by NetMotion and extract those best practices that matter the most to a given organization. Simply put, achieving compliance means knowing the who, what, when, and where of data access, and wrapping the appropriate intelligence around it to make sure that access is valid.


6 Responses to “Software Defined Technologies Bring HIPAA Compliance to Mobile Devices”

  1. Quote: “Those policy driven controls can be location sensitive, user sensitive, and application sensitive, giving administrators granular control over the data, a critical concern for those seeking to maintain HIPAA compliance.”

    All those ‘sensatives” are likely to be expensive, which may be the point of them. They also may make staff work more time-consuming and difficult, which is even worse. You see that in the remark about “giving administrators…”

    The key problem with bringing these new technologies into healthcare is that they’re being driven by hospital administrators, insurance companies, and federal bureaucracies. And as a consequence, they’re making life even more difficulty for those on the frontlines of healthcare.

    What’s needed is not a bureaucrat’s vision of what mobile devices should do. What’s needed are devices that make the work of doctors, nurses and other staff go more smoothly and efficiently. That means quick and easy communication among staff. That means Siri-like, voice driven assistant rather than clumsy to-do lists more suited for paperwork than patient care. And it certainly doesn’t mean overwhelming already overworked staff or burying them in an overabundance of distracting data and confusing regulations.