Health IT and Electronic Health Activate your FREE membership today |  Log-in

Community Blog

Dec 16 2015   1:44PM GMT

Protecting health IT data at rest



Posted by: adelvecchio
data encryption, Encryption, health data security, PHI

Dr  Mathews (2)Guest post by Dr. Michael G. Mathews, president, COO, & co-founder, CynergisTek, Inc.

In prior segments of this series, I touched on the fundamentals of encryption using symmetric (shared secret), asymmetric (public-key), and combinations of the two to get a hybrid approach to keeping data confidential. I also explained the concepts of data integrity (knowing a message has not been changed) and non-repudiation (verifying the sender is authentic), as well as ways to secure data in motion. In this final segment on encryption within the healthcare setting, I turn my focus to protecting health IT data at rest.

With as many breaches as there have been in recent years, it’s not uncommon for there to be an immediate cry to “encrypt everything” without knowing exactly what that means. As mentioned in my previous segment, the first step to knowing the right solution is understanding the location and type of data in question; email is different from data living in structured databases, and those types of data are different from standalone files containing sensitive data. Likewise, the steps used to protect a mobile device (smartphone, tablet, laptop, etc.) that roams onto various networks differ from those taken for a workstation that lives on the internal managed local area network behind the perimeter firewall.

In general, given the maturity and availability of full disk encryption options, it should be considered a best practice to deploy full disk encryption for any workstations or mobile devices that have a reasonable expectation of being exposed to sensitive data. This protects those devices against any sensitive files that get saved there, any cache or temporary files from connections that handle sensitive data, as well as covering locally-stored emails that might have personally identifiable information (PII) or protected health information (PHI) in them. In addition, this addresses the safe harbor requirement that pertains to unauthorized disclosure in the event of the theft or loss of a mobile device.

Database servers with PHI/PII in them present a significant challenge to health IT. It’s easy for people to say “encrypt it all,” but it’s not practical to do so because of performance, key management and access control issues. In many cases, encrypting certain data — usually those data elements that tie the data to an individual — within a relational database construct ensures the data is protected and still accessible to those that need it, without resulting in a significant hit to performance. In response to industry feedback and meaningful use requirements, electronic health record manufacturers have added roadmaps toward ensuring data integrity within the databases by using cryptography.

A major hurdle to protecting sensitive health IT data at rest is ensuring it stays where it should and is used as it should be. While data loss prevention tools are not encryption tools, they can be used to trigger encryption and are now generally available to help ensure data at rest is used appropriately and is encrypted when put in motion. Using a combination of pattern matching and metadata cataloging, these tools inspect data as it goes from at rest to in motion and evaluates whether that specific activity should be allowed and whether the data should be encrypted prior to going in motion. This can include simple moves of data to a local machine’s storage system all the way to emails being sent with data that might be sensitive.

Encryption is one of many tools available to information security professionals to protect data both in motion and at rest. More often than not, though, “the right answer” is a combination of many of those tools, not just encryption. Finding the right combination of tools to help ensure the security of health IT data requires a strong vision of the overall information security program and a commitment by the organization to find a skilled and visionary chief information security officer.

Comment on this Post

Leave a comment:

mathewfott  |   Jan 22, 2016  10:40 AM (GMT)

Thanks for let us being aware of the importance and security by encryption of health data. I have read all the series of encryption technique that you have shared here. I think it would become better if every organization utilize this useful way of securing data. As securing the premises of an organization with ip camera kopen, this will work better to secure the entire data of the organization as well. Once again, I would like thank you on behalf of many people for this great contribution.


 

sarobal2  |   Aug 26, 2016  3:50 AM (GMT)

this is a very nice article. It is good to visit here in this blog for such a good article. Thank you.


 

juliacharles  |   Dec 19, 2016  12:59 AM (GMT)

Different organizations
such as Wal-Mart, Coca Cola and Nike are the best examples of those
organizations that largely incorporate 
thesis writing service in
their corporate social responsibility. As recognized of Wal-Mart that has
employed a strategy of making logistical processes to make it more economically
friendly.


 

rambabusharma  |   Dec 21, 2016  5:31 AM (GMT)

Wearing comfortable tees and shorts that allow you to flex your muscles and move around the ground freely is what we staunchly believe in. Choose from the wide range of tees that we have to offer exclusively for you from our collection. You bring out your best while looking your best, isn’t it?


 

mainaradit  |   Jan 19, 2017  8:40 PM (GMT)

Health is an important issue these days. We should be extra conscious about this. It matters a lot for us. Exclusive offers at jabong


 

elton  |   Feb 21, 2017  1:21 AM (GMT)

I liked the information you have.View this site Write My Essays as the data available will give you a helping hand when you agree to order essays online and to achieve the highest results when it comes to custom essay writing service.


 

johnythomas  |   Mar 14, 2017  5:49 AM (GMT)

It’s contains very useful information which i need and i want to see more top quality content in this website so please upgrade your weblog site. Thanks for discussing.
PhD Dissertation Writing Services


 

mostom  |   Mar 16, 2017  12:26 PM (GMT)

We are leaves in digital world. Lots of IT equipment around here. We have careful about our health. You also care lawn around you. You need to clean your lawn with lawn mower self propelled machine. You can get easily here.


 

laurendesouza  |   May 2, 2017  7:10 AM (GMT)

Thank you Dr. Michael G. Mathews for your guest contribution here. And you raised very good topic as data integrity which is most essential part in every field whether it is health or any other business. And I think that it is very important and useful data for the all people who are connected to Health department who are also taking medial CV writing help from the CV Folks CV writers at CV Folks where I am helping professionals to portray their best skills & achievement in their CV in proper manners.


 


kaplaymunessa  |   May 24, 2017  2:57 AM (GMT)

I liked the information you have.View this site Academic Writing Services
 as the data available will give you a helping hand when you agree to order essays online and to achieve the highest results when it comes to custom essay writing service.


 

anjelinarose  |   Jun 9, 2017  2:32 AM (GMT)

I liked the information you have.View this site Dissertation Writing Services as the data available will give you a helping hand when you agree to order essays online and to achieve the highest results when it comes to custom essay writing service


 

meeid  |   Jul 31, 2017  11:25 PM (GMT)

Hi,

The Staff Selection Commission (SSC) has released the admit card for candidates appearing in the Combined Graduate Level Tier 1 (CGL Tier 1) examination 2017 from all the regions.

Candidates can download the admit card for CGL tier 1 examination from SSC’s official website. Click on the link for admit card on the top nav bar of the home page. Click on the link for the region from which you have applied. This will take you to the regional websites of SSC from where you can download your admit card. Key in the required details and your admit card will be displayed on the screen. Take a printout and keep the admit card safely.

Or

Click on the links given below to go to the login page of the regional websites for downloading the admit card:

Eastern Region:Admit card

Western region (Mumbai): Admit card

Madhya Pradesh Region:Admit card

Central Region:Admit card

North Western region:Admit card

Kerala Karnataka region:Admit card

North Eastern region:Admit card

Southern Region:Admit card

Northern Region:Admit card

The SSC CGL Tier 1 exam will be held from August 5 to August 24 this year. The exam is being conducted to fill up different categories of posts in various ministries, departments, and organisations in the government.

SSChttp://www.ssc.gov.in
Indjobsites


 

brianmichal  |   Aug 10, 2017  1:28 AM (GMT)

Get the dissertation writing service students look for these days with the prime Solidworks Project Help focus being creating a well researched and lively content on any topic.

 

garywilson0018  |   Sep 12, 2017  6:49 AM (GMT)

Trekking gears is a site for all the frequent trekkers who love to go on treks with their family, friends or colleagues. You will find all the latest information regarding the best back packs, trekking shoes, handy gadgets which you may take with you on treks and many more Just follow the link here

 

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: