Posted by: adelvecchio
data integrity, Encryption, ePHI, HIPAA, hipaa security rule
Guest post by Dr. Michael G. Mathews, president, COO, & co-founder, CynergisTek, Inc.
This second installment in a four-part series examines non-repudiation and data integrity healthcare; some of the lesser-known, fringe benefits of cryptographic algorithms that can help reduce fraud of e-prescribing medications and computerized physician order entries. The final two pieces in the series will focus on data in motion and at rest within healthcare.
In my previous article, I touched on the fundamentals of encryption using symmetric (shared secret) cryptography, asymmetric (public key) cryptography and combinations of the two to create a hybrid approach to keeping data confidential. Simply being able decode a message doesn’t guarantee the message wasn’t altered en route, nor that came from where it appeared to have originated.
Confidentiality of data was clearly the primary reason behind the initial implementations of encryption methodologies. Using crypto hash functions we can get a “signature” for any data set so that if it changes in any way — either in transit or while at rest — the changes will be known, making the data suspect. Drawing a parallel to the postal service, envelopes are designed to provide confidentiality over a postcard and the fact that the envelope is sealed is an indicator of data integrity. If an envelope arrives either unsealed or opened, it’s a visible sign that the contents could have been altered in some way or potentially disclosed.
For healthcare IT, the HIPAA Security Rule identifies integrity controls in the technical safeguards part of the rule with a focus on the unauthorized alteration or destruction of electronic protected health information (ePHI). Implementing a tool that uses of crypto hashes to keep track of the generated “fingerprints” of ePHI allows the tool to track any changes to that ePHI up to, and including, deletion. The rule is particularly broad here as it only identifies ePHI in general and stops short of calling out whether the scope in question is related to an EHR or all-encompassing within the environment. It also doesn’t identify any distinction between ePHI at rest and ePHI in transit.
Non-repudiation (digital signature) adds authentication and identification to the integrity controls within cryptography. It identifies if an encrypted message is really from the purported sender by confirming the message is unchanged from its original form after it was received and read. Returning to the postal analogy, think back to wax seals with signet rings. The wax seal served triple duty in this case, offering assurances of confidentiality, integrity, and non-repudiation of the message, at a somewhat reduced standard of assurance unlikely to be endorsed today.
Mechanically, a digital signature is very similar to a simple crypto hash for basic integrity controls as mentioned above. However, digital signatures make use of public key encryption and the user’s private key to generate the crypto hash so when the recipient verifies the message –using the user’s public key — the message is both verified for integrity (confirming that it’s unchanged) and authenticity (that it’s from whom it claims to be from). Digital signatures have evolved to take a much more prominent place in IT and help protect data integrity in healthcare. Within healthcare IT, electronic prescriptions allow physicians to attach electronic signatures for proof of authenticity, smart cards are used to grant access to workstations and restricted areas within the hospital and encrypted emails sail through the cloud into inboxes with digital signatures intact to ensure the recipient knows the message is authentic.