Upload
steve-dunn
View
1.596
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Implementing a professional encryption solution as part of a comprehensive privacy and security strategy for protected health information data-at-rest
Citation preview
ENCRYPTION TECHNOLOGY
FOR THE HEALTHCARE ENTERPRISE
Privacy and Security of PHI
Protecting Data at Rest
HEALTH INFORMATION SECURITY Adoption and implementation of
emerging health IT solutions must involve reassessment of security practices and policies
Healthcare providers are expected to prevent the unauthorized access, use and disclosure of a patient’s protected electronic health information
Developing a comprehensive strategy for ensuring the confidentiality, integrity and availability of electronic patient data will be required
HEALTH INFORMATION SECURITY Assessing the health IT environment requires an
understanding of all technologies being used throughout the enterprise for clinical, and administrative purposes
Evaluate any possible situation for unauthorized access and use. Today, many individuals and groups have access to, and can share electronic medical records and confidential patient information, including: Government and public health agencies Insurance companies Hospital and Physician office personnel IT vendors and their business associates
Part of the healthcare providers comprehensive security strategy will include a professional grade encryption solution
ENCRYPTION Is a process that transforms plaintext data
(using a certified algorithm like AES – Advanced Encryption Standard) into a format that makes it unreadable without an authorization key
The authorization key is a type of password and is required to encrypt and also decrypt the data
Key Management is the process of monitoring the algorithms and the employees keys, and is managed by a key custodian
Changing keys regularly is referred to as Key Rotation, and is necessary in order to maintain optimum security levels
ENCRYPTION The key management and key rotation
processes are the most critical aspects of data encryption
Most conventional solutions are time consuming and can be difficult, especially with limited IT staffing and support
A simple yet sophisticated technology is necessary in order to manage a continuous cycle of key creation, splitting, initialization, rotation and deletion
ENCRYPTION Encryption is part of a comprehensive
prevention strategy when used in conjunction with other technologies, and can be a first and last line of defense against:Accidental loss or disclosure of confidential
data by employees, business associates and consultants
Internal access by employees (malicious)Lost or misplaced laptopsTheftOffice break-inExternal breach / Hacker (malicious)
TYPES OF ENCRYPTION SOLUTIONS Software Solutions
Limited security capability with inside employees
Sold as individual licenses – can be very expensive
Will decrease database performanceDifficult and complex key management and
rotationTypically requires a dedicated IT staff to
manage and supportMay not support certain operating systems
(Linux, Mac OS X)
TYPES OF ENCRYPTION SOLUTIONS Hardware or Appliance-based
Lower Total Cost of Ownership – No licensing fees
Can be installed at web, application or database server
Does not effect system speed or performance
Minimal integration and IT expertise neededNon-proprietary, can be used with any
operating systemScalable to large organizations without
additional licensing costsOffloads encryption processing from servers
APPLIANCE-BASED ENCRYPTION Resides on the network and use a hardware
device to encrypt and decrypt at high speeds Offloads cryptographic processing from
database for improving system performance Scalable to handle any quantity of data Not operating system (OS) dependent.
Typically compatible to most IT environments and networks
Integrates easily with EMR, Practice Management, Imaging and Clinical information systems
Ideal for hosted solutions
JANA SERIES TECHNOLOGY Award-winning encryption technology Complies with state and federal security and
privacy rules Powerful, yet simple key management and
key rotation features Works in any operating environment Can be used simultaneously by multiple
(different) business applications Scalable to any size healthcare provider, from
a physician office to the large, geographically dispersed Integrated Delivery Network (IDN)
Manufactured in USA by Dark Matter Labs
JANA SERIES TECHNOLOGY Appliance-based solution offering
superior performance and security Easy upgrading and updating when
required State-of-the-art software delivered on a
revolutionary hardware platform Offers strict control over encryption keys Increases network performance Can be interfaced with web servers,
application servers (recommended), database servers, or customized servers
JANA SERIES TECHNOLOGY
JANA appliances are award winning encryption solutions that completely offload intense cryptographic processing from overworked servers
3 Devices designed for small to enterprise-wide applications
Employs government certified algorithmsCompletely independent of database, operating system,
and applicationUnits differentiate based on processing power, speed,
number of Ethernet ports and high availability capability
INSTALLATION DIAGRAM
JANA & DARK MATTER LABS Offers an advanced level of security
through an appliance-based solution Highest level customer support with an
industry-first perpetual hardware replacement warranty
Offers comprehensive technical support and encryption training
No hidden costs, licenses or vendor lock-in when purchasing appliance-based technology
Simple to install and use
WHO SHOULD ENCRYPT? All healthcare providers who access and
store protected health information. Hospitals, physician offices, pharmacies, clinics, labs, psychiatry offices, imaging centers and dentists
Healthcare management organizations, i.e. HMO’s
Health Insurance companies Commercial vendors i.e. EMR software,
Hospital Information Systems, Billing and Transcription, Hosting services, Imaging Equipment
WHY ENCRYPT? Protect data even in the event of a security
breach Safeguard patient information HIPAA compliance, and
TO AVOID
Financial loss (large fines, lost patients & revenue)
Legal ramifications (regulatory or civil prosecution)
Damage to professional image (negative publicity & media fallout)