Start-up looks to cure privacy concerns

To help hospitals meet the letter of the Kennedy-Kassebaum privacy law by the time enforcement begins in 2003, San Jose, Calif.-based ChartOne called on a tiny start-up in nearby Sunnyvale, Calif. The start-up is composed of former employees of iPlanet, the Netscape-Sun enterprise software alliance.

"Kennedy-Kassebaum is health care's Y2K," said ChartOne Chief Technology Officer Sharad Patel, whose company oversees the patient-records management of 1,200 hospitals across the nation. "Conforming to the law will exceed our Y2K expenditures. It's a serious bill with serious penalties and jail sentences for noncompliance."

Operating under the code name MomsDesk, the start-up that won the ChartOne account is working on software that lets doctors securely access patient records from outside the hospital intranet where the records reside.

The medical privacy law, formally known as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), has stimulated software development efforts since being signed into law. One example is Quadramed, which formed ChartOne as a joint venture before selling its interest in September, and which has been jockeying for position in the market for HIPAA-compliant systems since 1999.

Another example is 2AB, a professional services and software company in Calera, Alabama. The company's iLock software, launched in 1998 and designed with HIPPA requirements in mind, provides access control for information resources. The software is based on Resource Access Decision, a standard ratified by the health care domain task force of the Object Management Group.

MomsDesk's technology provides not only for secure connections between networks and through corporate firewalls, but also for accountability features crucial to privacy compliance. Foremost among these is "nonrepudiation," or the ability to prove after the fact whether or not a person has accessed a file.

The start-up plans to target industries other than health care, including the high-tech and financial sectors, where there is demand for secure communications and document exchange across networks.

Built on XML (Extensible Markup Language), MomsDesk's Cross Company Collaboration (C3) establishes a central repository where documents are securely accessible over the Internet.

MomsDesk claims to have carved out a crucial niche in enterprise software but acknowledges that its technology could be easily imitated.

"Nobody's doing this the way we're doing it. But there's nothing that stops iPlanet or WebLogic from slipping into this very quickly," said co-founder A.L.N. Reddy, a former senior technology manager at iPlanet who joined Netscape in 1996. "That's what we're running against."

Launched in May 2000 and funded by its founders, the company employs 10 people, most of them iPlanet and Sun veterans. The official launch, along with a new name, are due in October.