Protecting Personal Health Records – Data

at Rest Encryption

Privacy and Security of Personal Health Information

Protecting Data at Rest

Health Information Security Adoption and implementation of emerging

health IT solutions must involve reassessment of security practices and policies

Healthcare providers are expected to prevent the unauthorized access, use and disclosure of a patient’s protected electronic health information

Developing a comprehensive strategy for ensuring the confidentiality, integrity and availability of electronic patient data will be required

Health Information Security Assessing the health IT environment requires an

understanding of all technologies being used throughout the enterprise for clinical, and administrative purposes

Evaluate any possible situation for unauthorized access and use. Today, many individuals and groups have access to, and can share electronic medical records and confidential patient information, including:• Government and public health agencies• Insurance companies• Hospital and Physician office personnel• IT vendors and their business associates

Part of the healthcare providers comprehensive security strategy will include a professional grade encryption solution

Encryption Is a process that transforms plaintext data (using

a certified algorithm like AES – Advanced Encryption Standard) into a format that makes it unreadable without an authorization key

The authorization key is a type of password and is required to encrypt and also decrypt the data

Key Management is the process of monitoring the algorithms and the employees keys, and is managed by a key custodian

Changing keys regularly is referred to as Key Rotation, and is necessary in order to maintain optimum security levels

Encryption The key management and key rotation

processes are the most critical aspects of data encryption

Most conventional solutions are time consuming and can be difficult, especially with limited IT staffing and support

A simple yet sophisticated technology is necessary in order to manage a continuous cycle of key creation, splitting, initialization, rotation and deletion

Encryption Encryption is part of a comprehensive

prevention strategy when used in conjunction with other technologies, and can be a first and last line of defense against:• Accidental loss or disclosure of confidential data by

employees, business associates and consultants• Internal access by employees (malicious)• Lost or misplaced laptops• Theft• Office break-in• External breach / Hacker (malicious)

Types of Encryption Solutions Software Solutions

• Limited security capability with inside employees• Sold as individual licenses – can be very

expensive • Will decrease database performance• Difficult and complex key management and

rotation• Typically requires a dedicated IT staff to manage

and support• May not support certain operating systems

(Linux, Mac OS X)

Types of encryption solutions Hardware or Appliance-based

• Lower Total Cost of Ownership – No licensing fees • Can be installed at web, application or database

server• Does not effect system speed or performance• Minimal integration and IT expertise needed• Non-proprietary, can be used with any operating

system• Scalable to large organizations without additional

licensing costs• Offloads encryption processing from servers

Appliance-based Encryption

Resides on the network and use a hardware device to encrypt and decrypt at high speeds

Offloads cryptographic processing from database for improving system performance

Scalable to handle any quantity of data Not operating system (OS) dependent. Typically

compatible to most IT environments and networks

Integrates easily with EMR, Practice Management, Imaging and Clinical information systems

Ideal for hosted solutions

JANA Series Technology Award-winning encryption technology Complies with state and federal security and

privacy rules Powerful, yet simple key management and key

rotation features Works in any operating environment Can be used simultaneously by multiple

(different) business applications Scalable to any size healthcare provider, from a

physician office to the large, geographically dispersed Integrated Delivery Network (IDN)

Manufactured in USA by Dark Matter Labs

JANA Series Technology Appliance-based solution offering superior

performance and security Easy upgrading and updating when required State-of-the-art software delivered on a

revolutionary hardware platform Offers strict control over encryption keys Increases network performance Can be interfaced with web servers,

application servers (recommended), database servers, or customized servers

JANA Series Technology

JANA appliances are award winning encryption solutions that completely offload intense cryptographic processing from overworked servers

3 Devices designed for small to enterprise-wide applications

Employs government certified algorithms Completely independent of database, operating

system, and application Units differentiate based on processing power,

speed, number of Ethernet ports and high availability capability

Installation Diagram

Dark Matter Labs Offers an advanced level of security through

an appliance-based solution Highest level customer support with an industry-first perpetual hardware replacement warranty

Offers comprehensive technical support and encryption training

No hidden costs, licenses or vendor lock-in when purchasing appliance-based technology

Simple to install and use

Who should encrypt? All healthcare providers who access and store

protected health information. Hospitals, physician offices, pharmacies, clinics, labs, psychiatry offices, imaging centers and dentists

Healthcare management organizations, i.e. HMO’s

Health Insurance companies Commercial vendors i.e. EMR software, Hospital

Information Systems, Billing and Transcription, Hosting services, Imaging Equipment

Why encrypt? Protect data even in the event of a security breach Safeguard patient information HIPAA compliance, and

TO AVOID

Financial loss (large fines, lost patients & revenue) Legal ramifications (regulatory or civil prosecution) Damage to professional image (negative publicity &

media fallout)

Jana series encryption

http://darkmatterlabs.net