SlideShare una empresa de Scribd logo

What You Need to Know About Securing Healthcare Information Exchanges Security Guide

SafeNet
SafeNet

Healthcare Information Exchanges (HIE) provide the capability to electronically move clinical information among different healthcare organization like hospitals, physician offices, pharmacies, and health insurance companies. HIEs are quickly emerging since they facilitate access to clinical data allowing healthcare professionals a more efficient and simple way to access patient data. This movement to electronic access of such pertinent data for healthcare affiliates has many benefits for all parties involved—physicians, patients, health insurance companies and hospitals.

1 de 5
Descargar para leer sin conexión
What You Need to Know About Securing Healthcare Information Exchanges SECURITY GUIDE Table of Contents Introduction ........................................................................................................................ 2 Security Considerations for HIE ......................................................................................... 2 Data Protection Solution Offerings for HIE Network Security .............................................. 3 The SafeNet HIE Security Advantage ................................................................................... 5 About SafeNet..................................................................................................................... 5 HIE - Healthcare Information Exchanges Security Guide 1
Introduction Security Considerations Healthcare Information Exchanges (HIE) provide the capability to electronically move clinical • Security Management information among different healthcare organization like hospitals, physician offices, • Interoperability pharmacies, and health insurance companies. HIEs are quickly emerging since they facilitate • AccessControl access to clinical data allowing healthcare professionals a more efficient and simple way to • Data Integrity access patient data. • Central Storage This movement to electronic access of such pertinent data for healthcare affiliates has many benefits for all parties involved—physicians, patients, health insurance companies and hospitals. • Physicians can easily exchange information between secondary care takers or additional providers while saving time and money doing so electronically. • Healthcare insurance companies can reduce expenses with paper and ink, avoiding duplicate tests, scanning, printing, faxing of documents, and physical mailing of associated documents. • Pharmacies can reduce cost and time by electronically receiving prescriptions reducing paper costs, time and dollars spent. • And finally, patients will benefit in many ways since there will be a centralized location of all their medical information and can be easily accessed by any necessary healthcare professionals, speeding up critical diagnoses and treatments. Studies in the industry indicate that a doctor’s practice spends over $10,000 per year in exchanging just one patient’s healthcare data. Federal and State Governments are still scrambling to finalize legislation for these exchanges, but what is clear to all parties involved is the crucial need for security of this sensitive data. In addition, once legislation and compliance laws hit the healthcare market, all organizations in the healthcare field will have to comply with those stipulations much like PCI compliance in the financial industry. Security Considerations With different types of networks and different ways to exchange and store information, several security policies and security methods must be implemented to ensure integrity of these networks and meet future compliance needs. With these different factors coming into play, healthcare providers must meet many challenges in securing data moving across these HIE networks including: • Security Management - With patients being able to opt-in and opt out at different levels, a security management system must be implemented to manage the different layers of security required for different patients. Many current HIEs already have policies in place where patients can choose what types of information in their medical records should be shared—this will require the implantation of different security policies. • Interoperability - Interoperability between all different participating parties including different hospitals, private practices, pharmacies, physician offices, ambulatory centers, and specialty offices. HIEs must use security vendors whose products work seamless together with one another. • Internal and External Access Control - With different participants opting in to the HIE as well as different size organizations, different levels of access will be required for the many different parties in the system. This will require access control but more importantly, a customized approach to access control. For example, a large hospital may use a hardware security module for the large amounts of data entering and leaving their building where an ambulatory care center may only need USB authentication for data received and sent out. Providers must be able to have a scalable solution for access control as well as a management system to manage who can access the system as well as control the different levels of administrator access. HIE - Healthcare Information Exchanges Security Guide 2
• Going hand in hand with access control is identity management. Employees involved in an HIE Network Security HIE must have a way to prove who they are before accessing such sensitive data. This can Offerings also be done through smart cards and tokens, which will also require a central management • Transaction and Application system to implement policies on identity management. Security • Key Management and Data • Patient Information and Transaction Integrity - Data integrity is extremely significant for not Protection only securing that sensitive data but also to use encryption to ensure message authenticity and delivery of messages and patient data to the proper destination. Using encrypted • Secure Network Communications networks can secure data and ensure the authenticity and proper delivery of patient records. • User Authentication • Central Storage - Lastly, many of the HIEs will have a central repository of patient data stored in one location. Providers must make sure that those repositories are not accessed by unauthorized users. By deploying database encryption solutions, users of the HIE network can be assured that the applications, servers, and databases containing patient information and critical to their operations remain encrypted and protected. With the proper system in place, only authorized users may gain access to this sensitive information, while those not authorized, can still perform business operations without bogging down their system. Protecting these records against potential hacks. Data Protection Solution Offerings for HIE Network Security There are several areas in HIE’s where security is a critical factor—security of issued certificates and other stored data, encryption of data moving along the exchange, and authentication of users onto the exchange. SafeNet can address all of these issues with its Data Protection Products. By providing multi-factor authentication technologies, hardware security modules (HSMs), high-speed encryptors (HSEs), and data encryptions solutions, SafeNet can secure HIEs at all necessary junctures. • Transaction and Application Security Hardware Security Modules (HSMs) provide reliable protection for applications, transactions, identities, and information assets for HIEs. Compared to software based alternatives, only HSMS can provide the utmost security and highest performing solutions for the protection of cryptographic keys, the provision of encryption, decryption, authentication and digital signing services. SafeNet offers a broad portfolio of HSM products to meet the needs of any size healthcare organization. SafeNet HSM solutions can be used at larger locations in healthcare exchanges like hospitals and healthcare organizations while token-based technologies could serve smaller offices and buildings like pharmacies and smaller physician practices. • Key Management and Data Protection The strongest, most effective security solutions rely on cryptographic processes at their core. Key management ensures the secure storage and protection of private keys integral to the security of a PKI. If someone other than the actual holder of the key gains access to a private key, the PKI security model is compromised. Therefore, in a PKI environment, particularly one critical to HIE business processes, it is essential that private keys be guarded with a reliable key management solution. SafeNet data encryption and control solutions focus on sensitive patient records and data— ensuring information is protected at every moment—when it is created by a healthcare employee on a company laptop, shared with a HIE network partner, stored in an database, processed by an application, and accessed by a medical employee on a mobile device. Source: Anti Phishing Working Group HIE - Healthcare Information Exchanges Security Guide 3
• High-Speed Encryption between Parties Since critical information will be exchanged back and forth between hospitals, physicians, pharmacies, and insurance organizations, encryption and protection of these communications is vital. SafeNet’s complete family of network security devices provides the fastest and easiest way to integrate robust, FIPS-certified network security to protect mission-critical data. Offering maximum bandwidth efficiency ideal for the HIEs, as well as disaster recover sites, site to site networks, data centers, and storage area networks. • User Authentication The final piece in securing Healthcare Information Exchanges includes the authentication of users onto the exchange. There are several different options for the different parties using password protection, software authenticators, and token-based authentication (USB and smartcards). SafeNet authentication products will allow implementation of straightforward out-of-the- box packages for remote access, or mix and match from a broad selection of certificate-based, one-time-passwords (OTP) and hybrid hardware and software authenticators to meet an organization’s specific risk profiles. SafeNet’s advanced security applications include solutions for password management, network logon, single-sign-on (SSO) and web sign-on (WSO). They offer quick and simple authentication for VPN remote access – crucial for doctors, practitioners who travel to different offices, and with multiple certificate-based security solutions in a single token, it is convenient and portable for health professionals. Pharmacy Insurance Company Health Information Exchange 4 SafeNet solutions can 3 1 equip all parties involved in HIEs with the agility they need to adapt to change and act on opportunity. 2 Hospital 1. The user is authenticated into the HIE using a strong authentication token. Physician 2. The patient information is sent over to the HIE through a secure Ethernet pipe. 3. Patient information and applications are encrypted in the HIE database and servers without bogging down critical operations. 4. Sensitive certificates are issued and protected, as well as electronic documents signed using hardware-based encryption. SafeNet Data Protection products offer the most-complete, standards-based security options for Healthcare Information Exchanges including key management and protection, PKI architecture, protection and authenticity of data, and user authentication. HIE - Healthcare Information Exchanges Security Guide 4
The SafeNet HIE Security Advantage SafeNet solutions can equip all parties involved in HIEs with the agility they need to adapt to change and act on opportunity. SafeNet’s wide-range of products for all areas of information security networks provide for a saleable solution depending on the size and location of each entity participating in the HIE. SafeNet delivers persistent protection of information at critical points in its lifecycle, wherever and however that information gets used. SafeNet delivers these comprehensive capabilities: • Strong authentication and identity management solutions that protect identities for users and servers • Industry-validated, hardware-based encryption platforms that protect transactions, ensure data integrity, and maintain an audit trail • Data encryption and control solutions that protect and maintain ownership of data throughout its lifecycle—from the data center to the endpoint and into the cloud • High-performance communications encryption solutions that persistently protect information ensures control beyond location or boundary, streamlines operations, and reduces compliance cost. About SafeNet Founded in 1983, SafeNet is a global leader in information security. SafeNet protects its customers’ most valuable assets, including identities, transactions, communications, data and software licensing, throughout the data lifecycle. More than 25,000 customers across both commercial enterprises and government agencies and in over 100 countries trust their information security needs to SafeNet. Contact Us: For all office locations and contact information, please visit www.safenet-inc.com Follow Us: www.safenet-inc.com/connected ©2010 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. ScG (EN)-12.1.10 HIE - Healthcare Information Exchanges Security Guide 5

Recomendados

Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetSafeNet
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementSafeNet
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSafeNet
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2SafeNet
 
eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference GuideSafeNet
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlSafeNet
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldSafeNet
 

Recomendados

Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetSafeNet
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementSafeNet
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSafeNet
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2SafeNet
 
eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference GuideSafeNet
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlSafeNet
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldSafeNet
 
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilityNot Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilitySafeNet
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelCloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelSafeNet
 
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeNet
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
 
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...SafeNet
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...SafeNet
 
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...SafeNet
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementSafeNet
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
Building Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesBuilding Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesSafeNet
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...SafeNet
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...SafeNet
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
 
Building Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesBuilding Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesSafeNet
 
Secure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSecure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSafeNet
 
An Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementAn Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementSafeNet
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
Securing the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSecuring the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSafeNet
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 

Más contenido relacionado

Más de SafeNet

Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilityNot Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilitySafeNet
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelCloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelSafeNet
 
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeNet
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
 
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...SafeNet
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...SafeNet
 
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...SafeNet
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementSafeNet
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
Building Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesBuilding Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesSafeNet
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...SafeNet
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...SafeNet
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
 
Building Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesBuilding Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesSafeNet
 
Secure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSecure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSafeNet
 
An Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementAn Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementSafeNet
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
Securing the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSecuring the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSafeNet
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 

Más de SafeNet (20)

Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilityNot Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
 
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelCloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
 
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise Applications
 
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
 
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk Management
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling Business
 
Building Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesBuilding Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and Strategies
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server Encryption
 
Building Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesBuilding Trust into DNS: Key Strategies
Building Trust into DNS: Key Strategies
 
Secure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSecure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the Web
 
An Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementAn Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key Management
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
 
Securing the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSecuring the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMs
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_web
 

What You Need to Know About Securing Healthcare Information Exchanges Security Guide

  • 1. What You Need to Know About Securing Healthcare Information Exchanges SECURITY GUIDE Table of Contents Introduction ........................................................................................................................ 2 Security Considerations for HIE ......................................................................................... 2 Data Protection Solution Offerings for HIE Network Security .............................................. 3 The SafeNet HIE Security Advantage ................................................................................... 5 About SafeNet..................................................................................................................... 5 HIE - Healthcare Information Exchanges Security Guide 1
  • 2. Introduction Security Considerations Healthcare Information Exchanges (HIE) provide the capability to electronically move clinical • Security Management information among different healthcare organization like hospitals, physician offices, • Interoperability pharmacies, and health insurance companies. HIEs are quickly emerging since they facilitate • AccessControl access to clinical data allowing healthcare professionals a more efficient and simple way to • Data Integrity access patient data. • Central Storage This movement to electronic access of such pertinent data for healthcare affiliates has many benefits for all parties involved—physicians, patients, health insurance companies and hospitals. • Physicians can easily exchange information between secondary care takers or additional providers while saving time and money doing so electronically. • Healthcare insurance companies can reduce expenses with paper and ink, avoiding duplicate tests, scanning, printing, faxing of documents, and physical mailing of associated documents. • Pharmacies can reduce cost and time by electronically receiving prescriptions reducing paper costs, time and dollars spent. • And finally, patients will benefit in many ways since there will be a centralized location of all their medical information and can be easily accessed by any necessary healthcare professionals, speeding up critical diagnoses and treatments. Studies in the industry indicate that a doctor’s practice spends over $10,000 per year in exchanging just one patient’s healthcare data. Federal and State Governments are still scrambling to finalize legislation for these exchanges, but what is clear to all parties involved is the crucial need for security of this sensitive data. In addition, once legislation and compliance laws hit the healthcare market, all organizations in the healthcare field will have to comply with those stipulations much like PCI compliance in the financial industry. Security Considerations With different types of networks and different ways to exchange and store information, several security policies and security methods must be implemented to ensure integrity of these networks and meet future compliance needs. With these different factors coming into play, healthcare providers must meet many challenges in securing data moving across these HIE networks including: • Security Management - With patients being able to opt-in and opt out at different levels, a security management system must be implemented to manage the different layers of security required for different patients. Many current HIEs already have policies in place where patients can choose what types of information in their medical records should be shared—this will require the implantation of different security policies. • Interoperability - Interoperability between all different participating parties including different hospitals, private practices, pharmacies, physician offices, ambulatory centers, and specialty offices. HIEs must use security vendors whose products work seamless together with one another. • Internal and External Access Control - With different participants opting in to the HIE as well as different size organizations, different levels of access will be required for the many different parties in the system. This will require access control but more importantly, a customized approach to access control. For example, a large hospital may use a hardware security module for the large amounts of data entering and leaving their building where an ambulatory care center may only need USB authentication for data received and sent out. Providers must be able to have a scalable solution for access control as well as a management system to manage who can access the system as well as control the different levels of administrator access. HIE - Healthcare Information Exchanges Security Guide 2
  • 3. • Going hand in hand with access control is identity management. Employees involved in an HIE Network Security HIE must have a way to prove who they are before accessing such sensitive data. This can Offerings also be done through smart cards and tokens, which will also require a central management • Transaction and Application system to implement policies on identity management. Security • Key Management and Data • Patient Information and Transaction Integrity - Data integrity is extremely significant for not Protection only securing that sensitive data but also to use encryption to ensure message authenticity and delivery of messages and patient data to the proper destination. Using encrypted • Secure Network Communications networks can secure data and ensure the authenticity and proper delivery of patient records. • User Authentication • Central Storage - Lastly, many of the HIEs will have a central repository of patient data stored in one location. Providers must make sure that those repositories are not accessed by unauthorized users. By deploying database encryption solutions, users of the HIE network can be assured that the applications, servers, and databases containing patient information and critical to their operations remain encrypted and protected. With the proper system in place, only authorized users may gain access to this sensitive information, while those not authorized, can still perform business operations without bogging down their system. Protecting these records against potential hacks. Data Protection Solution Offerings for HIE Network Security There are several areas in HIE’s where security is a critical factor—security of issued certificates and other stored data, encryption of data moving along the exchange, and authentication of users onto the exchange. SafeNet can address all of these issues with its Data Protection Products. By providing multi-factor authentication technologies, hardware security modules (HSMs), high-speed encryptors (HSEs), and data encryptions solutions, SafeNet can secure HIEs at all necessary junctures. • Transaction and Application Security Hardware Security Modules (HSMs) provide reliable protection for applications, transactions, identities, and information assets for HIEs. Compared to software based alternatives, only HSMS can provide the utmost security and highest performing solutions for the protection of cryptographic keys, the provision of encryption, decryption, authentication and digital signing services. SafeNet offers a broad portfolio of HSM products to meet the needs of any size healthcare organization. SafeNet HSM solutions can be used at larger locations in healthcare exchanges like hospitals and healthcare organizations while token-based technologies could serve smaller offices and buildings like pharmacies and smaller physician practices. • Key Management and Data Protection The strongest, most effective security solutions rely on cryptographic processes at their core. Key management ensures the secure storage and protection of private keys integral to the security of a PKI. If someone other than the actual holder of the key gains access to a private key, the PKI security model is compromised. Therefore, in a PKI environment, particularly one critical to HIE business processes, it is essential that private keys be guarded with a reliable key management solution. SafeNet data encryption and control solutions focus on sensitive patient records and data— ensuring information is protected at every moment—when it is created by a healthcare employee on a company laptop, shared with a HIE network partner, stored in an database, processed by an application, and accessed by a medical employee on a mobile device. Source: Anti Phishing Working Group HIE - Healthcare Information Exchanges Security Guide 3
  • 4. • High-Speed Encryption between Parties Since critical information will be exchanged back and forth between hospitals, physicians, pharmacies, and insurance organizations, encryption and protection of these communications is vital. SafeNet’s complete family of network security devices provides the fastest and easiest way to integrate robust, FIPS-certified network security to protect mission-critical data. Offering maximum bandwidth efficiency ideal for the HIEs, as well as disaster recover sites, site to site networks, data centers, and storage area networks. • User Authentication The final piece in securing Healthcare Information Exchanges includes the authentication of users onto the exchange. There are several different options for the different parties using password protection, software authenticators, and token-based authentication (USB and smartcards). SafeNet authentication products will allow implementation of straightforward out-of-the- box packages for remote access, or mix and match from a broad selection of certificate-based, one-time-passwords (OTP) and hybrid hardware and software authenticators to meet an organization’s specific risk profiles. SafeNet’s advanced security applications include solutions for password management, network logon, single-sign-on (SSO) and web sign-on (WSO). They offer quick and simple authentication for VPN remote access – crucial for doctors, practitioners who travel to different offices, and with multiple certificate-based security solutions in a single token, it is convenient and portable for health professionals. Pharmacy Insurance Company Health Information Exchange 4 SafeNet solutions can 3 1 equip all parties involved in HIEs with the agility they need to adapt to change and act on opportunity. 2 Hospital 1. The user is authenticated into the HIE using a strong authentication token. Physician 2. The patient information is sent over to the HIE through a secure Ethernet pipe. 3. Patient information and applications are encrypted in the HIE database and servers without bogging down critical operations. 4. Sensitive certificates are issued and protected, as well as electronic documents signed using hardware-based encryption. SafeNet Data Protection products offer the most-complete, standards-based security options for Healthcare Information Exchanges including key management and protection, PKI architecture, protection and authenticity of data, and user authentication. HIE - Healthcare Information Exchanges Security Guide 4
  • 5. The SafeNet HIE Security Advantage SafeNet solutions can equip all parties involved in HIEs with the agility they need to adapt to change and act on opportunity. SafeNet’s wide-range of products for all areas of information security networks provide for a saleable solution depending on the size and location of each entity participating in the HIE. SafeNet delivers persistent protection of information at critical points in its lifecycle, wherever and however that information gets used. SafeNet delivers these comprehensive capabilities: • Strong authentication and identity management solutions that protect identities for users and servers • Industry-validated, hardware-based encryption platforms that protect transactions, ensure data integrity, and maintain an audit trail • Data encryption and control solutions that protect and maintain ownership of data throughout its lifecycle—from the data center to the endpoint and into the cloud • High-performance communications encryption solutions that persistently protect information ensures control beyond location or boundary, streamlines operations, and reduces compliance cost. About SafeNet Founded in 1983, SafeNet is a global leader in information security. SafeNet protects its customers’ most valuable assets, including identities, transactions, communications, data and software licensing, throughout the data lifecycle. More than 25,000 customers across both commercial enterprises and government agencies and in over 100 countries trust their information security needs to SafeNet. Contact Us: For all office locations and contact information, please visit www.safenet-inc.com Follow Us: www.safenet-inc.com/connected ©2010 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. ScG (EN)-12.1.10 HIE - Healthcare Information Exchanges Security Guide 5