This page contains a Flash digital edition of a book.
Access Control Lists: Access


control lists (ACLs), also known as role-based logins, control which users, using which mobiles can access an application. They can also have finer control over what data within that application they can access and what they can do with it (for example, read, read/write or read/write/delete). Fine- grained control using ACLs allows IT departments to tailor security policies to different types of users and enforce them diligently.


Encrypted Data Transmission:


Virtualized desktop environments may already have 128-bit, built-in encryption of any communication, including data to and from mobiles and tablet computers. If native apps are developed for mobiles, they may need to do this when they communicate with servers. Double Encryption: When


you use strong 128-bit encrypted transmission and storage of data on mobile devices, use of a Virtual Private Network (VPN) connection enables the encryption of already encrypted transmissions. This provides double encryption, a strong way of protecting data and transmissions.


Remote Wipes and Auto-Locks: Native apps on mobiles invariably use local storage, even if only for temporary download of healthcare data. Mobile device storage may need to be remotely wiped clean when the device is switched off. When mobile devices are lost, misplaced or stolen, the same remote wipe capability may be needed. Most mobile devices support auto-locking the device remotely if lost, misplaced, or stolen. When located again, they also require long pass codes to reactivate, providing one more layer of security. There are commercial mobile device management software packages that can register devices and do these remote wipes when warranted. Mobile ID Authentication Mechanisms: Additional authentication mechanisms may need to be implemented with something like real mobile device identification (unique ID of a smartphone or a tablet) and a company-assigned machine ID that is assigned to say, a clinician. Only with both these IDs will the mobile device be allowed to access the network. This is an additional security precaution to authenticate physical mobile devices. Fine-grained control using ACLs allows IT departments to tailor security policies to different types of users and enforce them diligently. Isolated Special Subnets


for Mobiles: Mobile devices like smartphones and tablet computers may need isolated special subnets, meant only for them. By having a separate subnet, mobile device usage can be logged for audit and unauthorized access detected.


Subnets can also ensure better bandwidth Quality of Service (QoS) for mobile devices. Desktops and laptops may hog a network’s bandwidth if they share the same network with mobiles and tablet devices.


Signal Range Control: By


making the wireless signal to the mobiles reachable only within the premises of the healthcare setting, such as within a hospital or clinic, or only at home through VPN, security and privacy can be enforced by restricting where applications are accessed from. This may not work very well if employees need to travel on business, but for healthcare applications that don’t involve travel, this will work well. Increasing use of mobile devices


in healthcare settings brings with it many security problems. Depending upon how the applications are accessed, through a virtual desktop or as native apps, those problems will vary. However, trends in mobile device security promise many methods to address these issues. By matching the needs of a particular healthcare setting to these tools and techniques, security and privacy can be effectively ensured. A number of commercially available mobile management software solutions can help healthcare IT pros create and administer these policies.


ABOUT THE AUTHOR Nari Kannan is currently the Chief Executive Officer of appsparq Inc., a Louisville, Kentucky- based mobile applications consulting company. Nari has over 20 years of experience in information technology.


Could Your Network Be in Danger?


Uncover Weaknesses witha Comprehensive Security Assessment Today IT organizations across all industries are faced with navigating a complex set of regulatory, compliance, and business demands. With ever-present security risks, business and technology evolution, and tightening regulations, security compliance can be difficult to achieve and maintain. Our Security Assessment is your first step to developing a 360° view of your network infrastructure and uncovering any security weaknesses.


Contact your Account Manager to schedule a Security Assessment today. 1.800.395.8685


IMAGE © NYUL / FOTOLIA CONNECTION/HEALTHCARE IT 2012.Q3 3


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36