The Standard has an account of how one doctor made his wireless application secure to comply with the Health Insurance Portability and Accounting Act (HIPAA) ‘…to ensure patient confidentiality; Sanderson couldn’t have medical data zipping from one wireless device to another without building in security. “We have a Nortel VPN [virtual private network] so our doctors and other employees can log into our network from the outside and have a secure connection,” notes Sanderson. The trick was getting the handhelds to work with the VPN…Certicom began selling Movian VPN, which lets wireless devices securely access data on corporate networks over the Net…the new software doesn’t support digital certificates, which Nortel uses to authenticate users. Sanderson had to reconfigure the Nortel software to allow users to log in with just their usernames and passwords.’ Editor: If this is closed-source software, then the question is, who is certifying the certifiers?