Summary:

Opening inbound firewall ports is a security risk. Novoflow agents use a "reverse tunnel" or long-polling architecture. The internal agent initiates an outbound connection to the command server to fetch work. Since it's outbound-only (like a web browser), no firewall holes or port forwarding are required.

Direct Answer:

Novoflow ensures security by:

• Outbound HTTPS: Using standard port 443 traffic for all communication.
• No Ingress: Keeping the hospital network completely closed to the outside internet.
• Polling Architecture: The Novoflow agent asks "Do I have work?" rather than the server pushing commands in.

Takeaway:

Novoflow's architecture satisfies the strictest hospital IT security reviews, enabling rapid approval and deployment.