Security and Authentication
To ensure confidentiality of patient data, mUzima application takes security very seriously.
mUzima provides the following security features:
- Secure Encrypted Data Storage on mUzima: All patient data on mUzima is stored in an encrypted format within the mobile device.
- Secure Data Transmission between mUzima and OpenMRS: Communication between mUzima and OpenMRS is through the secure Hyper Text Transfer Protocol Secure (HTTPS) protocol.
- Access Control: mUzima uses access username and passwords authenticated with OpenMRS for access to the application data. With this approach, the application authenticates users against OpenMRS for the first time, and stores secure credentials locally to enable users to authenticate while offline. In the event users forget passwords, mUzima supports a mechanism where the passwords need to be changed on OpenMRS and the application is forced to obtain updated credentials from OpenMRS.
- Automatic Timeouts when Idle: mUzima has a customizable timeout mechanism that automatically logs users out after a specific period of inactivity. This ensures when a device left idle, it does not compromise the security of data stored on the application.
