NEC's MobilePro Tricryption System helps health care providers meet HIPAA privacy rule requirements

Rancho Cordova 12 August 2003NEC Solutions (America) Inc., a provider of business solutions and services for commercial and professional markets in North America, has unveiled the NEC MobilePro Tricryption System, a unique three-layered data security solution ideal for health care applications. Using advanced encryption and automated key management, the MobilePro Tricryption System can help health care organisations meet the Health Insurance Portability and Accounting Act of 1996 (HIPAA) privacy rule requirements regarding patient data. MobilePro Tricryption System is also suitable for enterprise applications where security and confidentiality are critical.


"The NEC MobilePro Tricryption System can help health care organisations implement the technical safeguards required by the HIPAA Security Rule for access control, audit controls, data integrity, authentication and transmission security", stated Larry Miller, vice president and general manager, Mobile Solutions Division of NEC Solutions America. "Sitting on top of an existing database, the solution not only protects stored information, it also safeguards confidential e-mail in transit or on a user's PC. NEC is the first vendor to approach patient privacy and the network environment in this way."

The MobilePro Tricryption System can be added easily on top of a pre-existing database to provide the benefits of security and speed. Because the data is encrypted, the system protects database entries even if a network security system or firewall is breached. Individual fields within a record can be encrypted separately from the entire record. This means that if a user is searching a database for information contained in a single field, such as location, the search can be accomplished much more quickly than if the full record were encrypted separately. The search application need not unencrypt the entire record or database.

The MobilePro Tricryption System is comprised of two elements, one for file protection and another for database protection, each part of a client-server application. Whether the data resides in a file, or within a field within a database, the MobilePro Tricryption System secures the data in three distinct ways; the data itself is encrypted, an encrypted key is generated with user privileges that secures the confidential data, the links to those keys are encrypted, and all three elements are stored separately.

When a file is transferred, the encrypted data is sent seperately from the encrypted key which is used to unlock the information. This three-level approach helps eliminate misuse of confidential information, virus threats and the transfer of protected data to unauthorised users. Features of the MobilePro Tricryption System include:

  • Dynamic data security, regardless of where the data resides
  • Secure content delivery
  • Unique key per transaction, including authentication and authorisation
  • Complete access control by time, user, machine with real-time audit trails
  • Rights ownership enforced onto the key itself
  • Lays on top of existing databases
  • Appropriate for use in wired and wireless environments

Unlike traditional "key management" data encryption systems where an administrator must manage storage, access and transfer of security keys, the MobilePro Tricryption System relies on a key server to automatically generate keys and manage permissions. Using the MobilePro Tricryption System, the creator of a particular database record, perhaps a hospital intake clerk, sets access permissions independently of the data itself, and can encrypt each field within a record separately.

In addition to database protection, the MobilePro Tricryption System allows users to send secure files via e-mail. Individual recipients can be assigned specific privileges to access certain documents. In a health care setting, for example, a doctor can electronically transmit patient data to a pathology lab or an insurance claims department and ensure that unauthorised users cannot view this confidential information in either location. An audit trail is also created which allows the patient to see who has viewed his or her data and at what time(s).

"NEC is driving the next generation for health care solutions. The MobilePro Tricryption System is ideal for health care customers, where different users require access to different pieces of data", stated Tim Bajarin, president, Creative Strategies. "The system adds a new level of security to patient information, and it is easy to implement and use on a day-to-day basis in hospitals and home health care environments. The solution also provides the ability to audit who has accessed protected data and at what time, another important aspect of HIPAA compliance."

The MobilePro Tricryption System relies on passwords for user authentication. When attempting to open a secured file or data field, a user is prompted for a password. The MobilePro Tricryption System client software was designed to operate in most Windows environments. The File Protection element requires Microsoft SQL, Oracle, IBM DB2, or mySQL database on the back end. The database element requires Windows, Linux, Solaris or AIX operating system. The system also supports biometric input to authenticate users trying to access information, providing quick, secure access where needed.

HIPAA establishes standards for the electronic exchange, privacy and security of health information and applies to various entities, such as health plans or health care providers, who have or may require access to patient data. The HIPAA Privacy Rule requires these entities to safeguard patient data by implementing measures such as pass codes or electronic keys to data. According to the United States Department of Health and Human Services, "A major goal of the Privacy Rule is to assure that individuals' health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well being."

Mobile Solutions is a division of NEC Solutions (America) Inc. Mobile Solutions offers unique mobile computing hardware and solutions to the enterprise market and combines best-in-breed software and services with world-class hardware to deliver complete solutions to targeted commercial market segments.

Leslie Versweyveld

[Medical IT News][Calendar][Virtual Medical Worlds Community][News on Advanced IT]