Diversinet mHealth platform earns NIST validation for sensitive data protection

Canadian-based mobile health company Diversinet claims to be the first mHealth platform to meet U.S. Federal Information Processing Standards (FIPS) 140-2 validation by the National Institute of Standards and Technology. It announced last week that its MobiSecure platform has built-in FIPS 140-2-grade security.

FIPS 140-2 is the U.S. government computer security standard used to accredit cryptographic modules required for use in federal government communications systems to protect sensitive data. Based on a testing program administered by NIST and the Communications Security Establishment Canada, Diversinet's Java cryptographic module and Java Crypto Module for Mobile was validated under FIPS 140-2.

Encryption now is a de facto part of HIPAA compliance after the passing of the HITECH Act, signed into law by President Obama in February 2009 as part of the American Recovery and Reinvestment Act of 2009, an economic stimulus bill.

"FIPS 140-2 validation of our technology is a milestone not only for Diversinet but also for the mobile health industry," Hon Pak, Diversinet CEO, said in a statement. "The FIPS seal of approval demonstrates how Diversinet is leading the trend toward greater exchange and protection of personal health information, fueled by increasing smartphone and tablet usage and popularity of bring-your-own-device, or BYOD, policies."

In related news, in February, AirStrip Technologies announced that it selected Diversinet and its security software development kits to enable the company to serve U.S. government entities, such as military hospitals.

There is growing concern about the use of mobile devices for mHealth applications and the challenges of protecting the confidentiality, integrity and availability of health information. With greater adoption of mHealth solutions in the public sector, technology companies are supporting government efforts to protect personal health information.

The Health Information Technology (HIT) policy committee, which advises the National Coordinator for Health IT on the creation of a nationwide health IT infrastructure, in September called for requiring multi-factor authentication in certain cases for Stage 3 of the Meaningful Use incentive program. Stage 3 is scheduled to start in 2015, and rules are in the early discussion stages.

To learn more:
- read the Diversinet announcement