ZOLL emsCharts NOW Security Overview

Click on a topic to learn more.

• Database level security

• Application PHI encryption

• Server and network communications

• Application level security

Database level security

The ZOLL emsCharts NOW application uses Oracle RMDBS database for the server database, and Microsoft SQLite for the mobile database. All API’s the application uses to access the Oracle Database Server do so using database level authentication. The client uses internal API’s to access the encrypted mobile SQLite Database.

Oracle RMDBS login

The login model supports Oracle user authentication for all API’s that access Oracle.

Microsoft SQLite login

The ZOLL emsCharts NOW application utilizes Ionic Secure Storage to access the device level cross-platform local SQLite database. All data stored in the database is encrypted using the user’s login credentials, so is private to that user amd unavailable to other users on shared devices. Login chips and encryption/decryption keys are stored in Identity Vault, which manages secure user identity and session chips, ensuring sensitive data is encrypted at rest, stored only in secure locations on the device. Always-on Session Management safeguards data even when not using your app, with background screen protection for sensitive data and apps, and automatic logout based on inactivity time. The underlying SQLite database provides full encryption (256-bit AES) to protect sensitive data.

Application PHI encryption

The ZOLL emsCharts NOW application has additional security that encrypts all PHI using AES encryption with a 256 bit key when the data is not being shown to the user. This includes patient PHI. All fields in the PHI elements section below that apply to the patient in the mobile database are encrypted. Only when an authenticated user accesses the PCR or Common Customer data is the encrypted PHI decrypted.

PHI elements

The Human Resource Protection Program from the University of California in Berkley recommends the following list of data elements:

1. Names

2. All geographical subdivisions smaller than a state, including street address, city, county, precinct, zip code, and their equivalent geocodes

3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death

4. Phone numbers

5. Fax numbers

6. Electronic mail addresses

7. Social Security numbers

8. Medical record numbers

9. Health plan beneficiary numbers

10. Account numbers

11. Certificate/license numbers

12. Vehicle identifiers and serial numbers, including license plate numbers

13. Device identifiers and serial numbers

14. Web Universal Resource Locators (URLs)

15. Internet Protocol (IP) address numbers

16. Biometric identifiers, including finger and voice prints

17. Full face photographic images and any comparable images

18. Any other unique identifying number, characteristic, or code (note this does not mean the unique code assigned by the investigator to code the data)

Source: https://cphs.berkeley.edu/hipaa/hipaa18.html#18identifiers

Server and network communications

The ZOLL emsCharts NOW application is designed with a SaaS (Software-as-a-Service) architecture. ZOLL designed components to communicate with one another over various protocols.

ZOLL emsCharts NOW app

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses cryptography for secure communication over the internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS). The protocol is therefore also referred to as HTTP over TLS. Supported versions of TLS for the ZOLL emsCharts NOW application include:

• V1.3

• V1.2

Application level security

Password reset and password complexity

The ZOLL emsCharts NOW application uses existing user accounts from ZOLL emsCharts Web. Complexity rules are setup by the Services that use ZOLL emsCharts Web. The current ZOLL emsCharts Web basic password rule requirements are:

• A minimum length of five

• A maximum length of 15

• May contain any letter or number

• Passwords are case sensitive

Note: As ZOLL moves all apps to use Single-Sign-On via ZOLL Online with Okta, these rules will change.

The ZOLL emsCharts NOW application provides no way for a user to reset or change their password, or to create new user accounts. That must be done using ZOLL emsCharts Web.

Roles

ZOLL emsCharts NOW users have their roles set in ZOLL emsCharts Web. The only variance of roles in ZOLL emsCharts NOW, is certain roles are allowed CAD access, as defined by their Service in emsCharts Web.