Frequently Asked Questions
HomecareNet Mobile Security
How does HomecareNet Mobile security work? What protects the data if a nurse loses a device?
HomecareNet Mobile requires a four-digit alphanumeric PIN to enter the application. Once logged into the HomecareNet Mobile application, the user can view all encounters (visits) on the device but is only permitted to edit encounters which have been created by the user that is logged in. Additionally, a host administration feature allows the administrator to selectively provide access to one or any combination of patient groups to the HomecareNet Mobile user, e.g. a user in group A will only see information pertinent to group A.
The following is required before a user is authorized and capable of accessing, entering and editing information on the system:
- User (staff) must be entered in the HomecareNet/HomecareNet Mobile system and assigned a PIN.
- User must have a system status of Active, e.g. not terminated (Inactive).
- User must be added to the Sync Manager to authenticate him/her on each sync attempt.
- User must be assigned a unique device ID by a Host administrator to authorize the user to sync with the HomecareNet/HomecareNet Mobile system.
- User must be initially staged by a host administrator, i.e. initial data load, to successfully complete the system sync process
There are several ways to disable a user's access to HomecareNet Mobile and its patient data in the event of a lost or stolen device:
- Changing the staff status to inactive will disable the sending of any information to the staff device. This can be done by any user with appropriate Viewer rights.
- Removing the device assigned to the staff will disable the HomecareNet Mobile sync with the device (via the staff device setup option on the Host). This is done by a Host administrator.
- Removing the staff from the Hotsync Manager list will disable the device to perform any sync. This is done by a Host administrator.
Data can be encrypted if it is transferred using a VPN.
Will nurses have to remember two logons, one for HomecareNet and one for HomecareNet Mobile?
A user (nurse) using both HomecareNet and HomecareNet Mobile will have the same staff ID in both applications. The passwords in the two systems can, but do not have to be, set to the same values.
Will HomecareNet's security/logon system control the device's security/log-on system?
No. The logon processes are independent between the HomecareNet and HomecareNet Mobile products.
How is the data being transferred between the host system and the device secured? Is it encrypted?
PHI information on the Windows Mobile device is encrypted. The PDA un-encrypts PHI information as it is needed throughout the HomecareNet Mobile application. The PIN authorization file sent to the device from the Host is also encrypted. During the sync process, data flowing from the device to the Host remains encrypted. Technologies such as VPNs provide even greater security since all data flow is encrypted still further.
Syncs via modem are performed via standard telephone connections, which is permitted under the HIPAA Security rule. If a wireless or internet-based sync is utilized, the device is configured with a VPN client to provide a secure tunnel (path) to the server.
Other features that support your compliance with HIPAA include:
- The ability to define a unique identifier and password for each user
- The ability to define security access to a group of patients
- The ability to terminate users in the system
- The ability to configure automatic logout after a period of inactivity (a standard device feature)
- The ability to audit a user's activity within the system on key data, such as patient, staff and MD. Plus, the ability to keep a detail log of the most recent 30 syncs by any user.
For More Information
Call us at (800) 738-8850 to find out about HomecareNet’s fully integrated solutions for home infusion, HME and home healthcare, specialty pharmacy and hospice providers.