Diversinet Receives FIPS 140-2 Security Validation, Marking First mHealth Platform to Reach This Milestone

SOURCE: Diversinet Corp.

TORONTO, Oct. 16, 2012 – Diversinet Corp. (TSX Venture: DIV, OTCQB: DVNTF), a leader in secure mobile health that “Powers Care Coordination through Mobility,” has been awarded Federal Information Processing Standards (FIPS) 140-2 validation by the National Institute of Standards and Technology (NIST) for its MobiSecure^® technology.

This certification validates the security technology underpinning the company’s MobiSecure mobile health platform. The milestone marks Diversinet’s mHealth platform as the first with built-in FIPS 140-2-grade security. FIPS 140-2 specifications exceed HIPAA requirements.

NIST has validated Diversinet’s Java cryptographic module and Java Crypto Module for Mobile under FIPS 140-2, Security Requirements for Cryptographic Modules – a rigorous testing program administered by NIST and the Communications Security Establishment Canada (CSEC).

The FIPS 140-2 validation, a recognized North American standard for proper use of encryption, is required for use in U.S. and Canadian government communications systems to protect sensitive data. Thus, Diversinet customers can be confident in having state-of-the-art security while taking full advantage of the Diversinet mHealth platform and solutions, which enhance communications, care coordination and outcomes while reducing costs.

The important third-party endorsement puts Diversinet ahead of the pack as government efforts to protect personal health information are building with greater adoption of mHealth solutions. For example, in a recent movement toward higher security standards, in September, the HIT Policy Committee, which advises the U.S. Department of Health and Human Services, called for requiring multi-factor authentication for applications involving remote access to patient information. If approved, this requirement will take effect in 2015 with Stage 3 of the HITECH Act’s meaningful use incentive program.

“FIPS 140-2 validation of our technology is a milestone not only for Diversinet but also for the mobile health industry,” said Dr. Hon Pak, Diversinet CEO. “Healthcare organizations that use Diversinet-powered mHealth solutions to promote care coordination are future-proofing the mobility and security elements of their applications.”

Pak added: “The FIPS seal of approval demonstrates how Diversinet is leading the trend toward greater exchange and protection of personal health information, fueled by increasing smartphone and tablet usage and popularity of bring-your-own-device, or BYOD, policies. Multi-factor authentication is one of several advanced features embedded in our platform to safeguard patient information at rest and in transit. Other security measures we provide include a patented encryption technique to prevent cloning and double encryption to thwart phishing.”

Indicating the attractiveness of the FIPS validation, AirStrip Technologies, Inc. announced in February that it selected Diversinet and its security software development kits (SDKs) to enable the company to serve U.S. government entities, such as military hospitals. AirStrip cited the fact that Diversinet was well on the road toward FIPS validation as a catalyst for the relationship.