futures - future uses of encryption - final 9.19.05
TRANSCRIPT
-
Future Uses of EncryptionPhyllis PatrickInformation & Security OfficerMontefiore Medical Center
Jonathan CarrollAVP, Infrastructure and SecurityInformation Security OfficerUniversity of Connecticut Health Center
Hai NgoChief Information Security OfficerNew York University Medical Center
AMC 9.26.05
-
Encryption DefinedEncryption is the process of taking a message and scrambling it so that only the intended party can read it. (The CPA Journal, NYSSCPA.org, 2002)
Caesar Cipher first known encryption method
M66MOW UX G PMB5
AMC 9.26.05
-
Objectives of EncryptionConfidentiality
Integrity
Authentication
Nonrepudiation
AMC 9.26.05
-
The Security Rule: Technical Safeguards Access Control (164.312(a)(1))Encryption and Decryption (Addressable)Implement a method to encrypt and decrypt ePHI.
What encryption and decryption mechanisms are reasonable and appropriate to implement to prevent access to ePHI by persons or software programs that have not been granted access rights?
AMC 9.26.05
-
Technical Safeguards (contd)Audit Controls (164312(b))Encryption (Addressable)Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.
How can EPHI be adequately protected when it is sent over an electronic open network?
AMC 9.26.05
-
Technical Safeguards (contd)Transmission Security (164.312(e(2)(ii))Implement a mechanism to encrypt ePHI whenever deemed necessary.
What methods of encryption will be used to protect the transmission of ePHI?
AMC 9.26.05
-
State of Encryption in HealthcareThere is no industry-wide encryption standard.
There are technical and financial burdens for many covered entities.
Security awareness and cultural issues (behavior change) supersede technical solutions for many entities. Encryption is too technical for decision makers.
Encryption is Addressable (Well look at it next year).
AMC 9.26.05
-
Federal Agenda:Standardization of Health InformationThere is no single, interoperable encryption solution for communicating over open networks.
NHIT legislation (4/27/04): Executive Order outlines a 10-year plan, including addressing privacy and security with interoperable systems and recommend methods to insure authorization, authentication, and encryption.
AMC 9.26.05
-
Examples: Current Uses of Encryption at AMCsUniversity of Connecticut Health Center
New York University Medical Center
Montefiore Medical Center (Bronx, NY)
AMC 9.26.05
-
Current Uses of Encryption: UCONN Health CenterData in Transit:SSL (Secure Sockets Layer)HTTPSCitrix Secure GatewayCommercially purchased certificatesIPSEC (Internet Protocol Security)VPNDynamic WEP (Wired Equivalent Privacy)EAP and Dynamic WEPSSH (Secure Shell)Replacement for Telnet
AMC 9.26.05
-
Current Uses of Encryption: UCONN Health CenterData at RestUCHC is currently investigating a solutionGoal (Phase I): Securing data stored on systems NOT located in the Data Center (laptops/PCs)Objectives:ScalableProven capabilitiesAddress Key EscrowLimit/Audit Key Recovery MethodCross Platform Support (Windows, Linux, MAC desirable)Minimal Support from IT
AMC 9.26.05
-
Secure Physician Messaging: UCONN Health CenterVersion 1- June 2003:Provide basic functionality to allow physicians and patients to log into a secured system to write messages to each other. Features include:Ability for physicians to select patientsAbility for patient to self register with an invite numberAbility for patient to select a limited number of physicians to send correspondenceNotification via standard email when messages are waiting
AMC 9.26.05
-
Secure Physician Messaging: UCONN Health Center
AMC 9.26.05
-
Secure Physician Messaging: UCONN Health Center
AMC 9.26.05
-
Secure Physician Messaging: UCONN Health CenterMechanics:Portal uses Verisign Certificate to provide HTTPS encrypted communications with usersData Stored in SQL backend (separate server)Unity Database Contains patient authentication credentials; proxies physician authentication to Active DirectoryUser Accounts Limit login attempts, then lockout accountRetention IndefiniteMedical Record Each medical record has a template sheet indicating that additional info may be contained in Messaging system (not automated yet)
AMC 9.26.05
-
Secure Physician Messaging: UCONN Health CenterWhy a Portal? (vs. Encryption):Message is never transmitted by emailMobility; Ease of Use sending and receiving endClosed system record keeping, logging, etc.Ownership no client issues; web based. No software to download (e.g. public/private keys)Address through policy (rather than forcing a technology). Physicians must use system per UCHC Policies
AMC 9.26.05
-
Investigating Encryption Technologies:UCONN Health CenterWindows EFS:Supports encryption of file systems on W2K, XP and Server 2003Certificate BasedAsymmetric public key encryptionSymmetric 3DES encryption for file or directory on diskMay be implemented using self generated certs or centrally through a Certificate Authority (CA)
AMC 9.26.05
-
Investigating Encryption Technologies:UCONN Health CenterWindows EFS:Limitations:Microsoft centric solutionEncryption key is stored in the users profileKey recovery is enabled through a policy that adds a recovery key to the encryption scheme; typically accessible to domain/local administrator
AMC 9.26.05
-
Investigating Encryption Technologies:UCONN Health CenterPretty Good Privacy (PGP):Supports encryption of file systems on W2K, XP and Server 2003Stand Alone: PGP keys created and stored locally. Keys can also be exportedPGP Universal: Adds a configuration and management server to the desktop software.Server can be used to pre-configure the desktop softwareServer provides key storage functionalityAdditional decryption key (key recovery!)
AMC 9.26.05
-
Investigating Encryption Technologies:UCONN Health CenterPGP: Limitations:Geared toward email encryption Disk encryption appears to be viewed as an ancillary benefitNo Linux SupportExpensive
Looks like well be moving in this direction!
AMC 9.26.05
-
At NYU Medical CenterCurrent encryption usages are:Emailing PHI outside the institution
Data transmission over open or untrusted networks (i.e., SSL, Citrix, SSH, and 802.1x/EAP)
Data exchanges between established business associates (i.e., VPN)
AMC 9.26.05
-
NYUMC Email EncryptionTwo approachesSecure messaging portal S/MIME between trusted affiliates (tbd)
On the secure messaging portalIntegrated with our electronic health record systemAlmost seamless with our current email systemAllows internal physicians to be in control of the communication with their patients
AMC 9.26.05
-
NYUMC Next StepsContinue to deploy encryption between network devices (i.e., IPSEC, VPN)
Continue to deploy encryption at the gateways and proxies tier (i.e., S/MIME, PGP)
Look into leveraging files system encryption (i.e., EFS)
AMC 9.26.05
-
Childrens Hospital at Montefiore(CHAM)Approximately 450,000 children live in the Bronx, some of whom are the most medically underserved and at risk in the nation.
AMC 9.26.05
-
Interactive Bedside Environment(Carl Sagan Discovery Program)Every child, parent, and family member who stays in the hospital gets his/her own smart card. Readers at 120 locations around the hospital.Connections to a customized virtual portal for information, entertainment, and communication. More advanced than any other patient-oriented commercial application on the market, the system can instantly switch from broadband video on demand to Gigabit Ethernet.
AMC 9.26.05
-
Smart Cards at CHAM128 bit encryptionUsed for access, communications, entertainment
Future Plans:Integration with wireless, paperless order-entry system/medical records system
AMC 9.26.05
-
Encryption Issues for Healthcare Providers What is the organizations encryption strategy?
How does the organization use open networks (now and in the future)?Email Internet Wireless
AMC 9.26.05
-
Encryption Issues (contd)What are reasonable and appropriate measures for the encryption of ePHI during transmission over electronic communications networks?
ProvidersPatientsIT professionalsVendorsBusiness AssociatesThird PartiesTrading Partners
AMC 9.26.05
-
Encryption Issues (contd)How much encryption is enough?
Strong enough to resist attack (too costly/time sensitive)Algorithms may need to be replaced as CPUs get faster and advances are made in cracking technologies. For example:DES (Data Encryption Standard) was compromised in 1997First compromise took 96 daysSecond challenge 41 days (Distributed.net) 1998Third challenge 56 hours (DeepCrack)Fourth compromise 22+ hours (Distributed.net and DeepCrack) January 1999DES Replaced by 3DES and then AES as the US Federal Encrytion standards
AMC 9.26.05
-
Encryption Issues (contd)When should encryption be used?Whenever there is a chance for interception or exposure by an individually who does not have a need to know
AMC 9.26.05
-
Encryption Issues (contd)What is the Risk/Reward Equation for encryption?Risks are high for encrypting stored data Loss of key generally = loss of dataOffset by the recent string of incidents where PCs/laptops containing sensitive info have been stolen. Info that was not encrypted must be assumed to have been disclosed.Risks are high for not encrypting data in motion Plaintext messages can be analyzedHard to tell if unencrypted data has been viewed or altered
AMC 9.26.05
-
Encryption Issues (contd)Encrypting data transferred over open networks masks the contents from detective controlsProvides assurance that if the data is intercepted it is less likely to be altered or disclosedOther:Implementation, support and CPU costs associated with encrypting data Must balance against likelihood and impact of disclosureLatency must be evaluated for impact, particularly in clinical systems
AMC 9.26.05
-
Encryption Issues (contd)How can encryption help solve healthcare security problems?Primarily addresses out of band disclosure of informationLeveraged for authentication and non-repudiation
What are the limits to using encryption to solve healthcare problems?Encryption does not help with auditing or access controlsComplexity is introduced when monitoring email or network traffic to identify ePHI that may have been transmitted
AMC 9.26.05
-
Encryption Issues (contd)Should encryption be hardware-based and/or software-based?
What are the user issues associated with encryption (culture and behavior, balance safety with ease of use)?
AMC 9.26.05
-
Encryption Issues (contd)What are the interoperability issues associated with implementing encryption (ePHI in transit, ePHI at rest)?
How do the organizations encryption policies/procedures interface with overall security policies, training and audit functions?
AMC 9.26.05
-
Encryption Issues (contd)Are there any Best Practices for the use of encryption in healthcare? Regional standards?
What limits are/will be set on law enforcement access to encrypted records? (Trend is toward greater access.)
AMC 9.26.05
-
Future of Encryption in HealthcareEncryption will become important in future networks in healthcare:Practice Model (No provider/payer is an island.)Access must be controlledEmail must be confidential Stored data & data in transit must be protectedProviders and patients want to be able to access records whenever and wherever
AMC 9.26.05
-
Future of Encryption (contd)Encryption is a necessary component of securing email and intranets
Encryption is important regardless of HIPAA, JCAHO and other regulations
No one-size-fits-all compliance solution
AMC 9.26.05
-
Future of Encryption (contd)VPN model may proliferate?
Highly secure networks may use multiple layers of encryption (15 or more?)
States may enact stricter requirements for encryption and related standards than HIPAA
AMC 9.26.05
-
Legislative Trends & Remedies CA Privacy Bill to Require State Agencies to Encrypt Data Stored on Laptop Computers, May 27, 2005
California State Senator Jackie Speier, in response to the theft of a state contractors laptop computer containing 20,000 Californians Social Security numbers, announced that she will introduce a bill requiring all state agencies and their contractors to encrypt personal information stored or transported on laptop computers. According to the CA Department of Health Services (DHA), on April 15, 2005, a laptop computer containing 20,000 Medi-Cal beneficiaries sensitive personal information was stolen from the car of an employee of the states Medi-Cal claims contractor, EDS. The data on the laptop, which was not encrypted, contained the names, birth dates, and Social Security numbers of approximately 6,000 individuals.. SB 440, currently awaiting hearing in the Assembly..
AMC 9.26.05
-
Encryption is only as strong as its Weakest Link.Weakest Link is usually a human being.
Encryption cant stop an insider (employee, physician, vendor, business partner, etc.) from abusing privileges to access confidential information.
AMC 9.26.05
-
Audience ExperienceHow many have used encryption in your current environments?What form of encryption was used?How was it used?Internal communications?External communications?Both?
AMC 9.26.05
-
Audience ExperienceWhat was involved in the implementation?How long did the initial roll-out take?Was user training involved?What have been the successes/failures/issues?What are the lessons learned?Should there be a federal mandate involving ePHI?Use of standardized platforms?
AMC 9.26.05
-
Audience PollEven though encryption is now an addressable implementation specification, will the need to protect ePHI make it a mandatory requirement in your AMC?
1 - Strongly Disagree ___2 - Disagree ___3 - Neither agree not disagree ___4 - Agree ____5 - Strongly agree ____
AMC 9.26.05
-
What follow-up activities would be helpful to AMCs in dealing with this topic?{Audience/panelists responses}
AMC 9.26.05
-
Engagement Quality Instant PollThis session did a good job of engaging the panelists and the audience on the topic.
1 - Strongly Disagree ___2 - Disagree ___3 - Neither agree not disagree ___4 - Agree ____5 - Strongly agree ____
AMC 9.26.05
-
Thanks for Participating !
AMC 9.26.05