Gotcha! Securing Records on a NetworkBy Baselinemag | Posted 2002-01-01 Email Print
Think your medical information's secure? Here are some potential pitfalls on the road to online data exchange.
Did you know that:
Just because it's in your data center doesn't mean it's safe
"Nearly every corporate Web site that's ever been hacked was in a data center," says security consultant James Foster of Guardent. "And every credit card record ever compromised was in a data center."
While data centers guarantee the physical security of assets, they don't necessarily offer complete protection to the data that lives on them. Make sure there are firewalls, secure lines and encryption, where practical (if not all the time).
Records are only as secure as the network they travel over
A private network doesn't necessarily mean a secure one.
Locking up the data in transit doesn't protect it on either end of the wire. "I haven't seen too many people deal with the entire life cycle of the data," says Peter Giannacopoulos, president of Myrmidon Networks in Norwood, Mass., who did work for health portal provider MedicaLogic. Data often isn't secured in databases or stored in encrypted file formats.
While a medical network could use private frame relay networks to connect providers and insurers, connections to back-end applications and its Web interface might still be vulnerable.
"(NEHEN) has an interface to a legacy application that talks directly to the e-Gateway (transaction routing application), and the traffic between the two isn't encrypted or authenticated," says Jonas Hellgren of Guardent. That leaves the data vulnerable to an insiderpresumably knowledgeable and disgruntledusing a "sniffer" application to read data being passed between them. Unless all the systems connected to a private network are physically isolated from other networks with connections to the outside, that isn't secure.
Securing Web traffic doesn't necessarily require more programming
Web-based access to medical records on many systems can be protected with encryption over the Internet by using the Secure Socket Layer (SSL). That's enough to prevent casual hacking of information passing over the wire, but the security can easily be beefed up by using a virtual private network (VPN) connection based on IPSec (Internet Protocol Security).
Validating data fields in Web applications is more than a good coding practiceit's a security must
This can be exploited by "cross-site scripting," which can redirect Web users to another site, forcing them to reveal their user names and passwords. The site doesn't have to be external to be a threatit can be another computer on the network that's controlled by a hacker or malicious employee.
Systems locked only by a text password can be easily compromised
An unauthorized user can easily "shoulder surf" and gain someone's passwordas a child molester working at a medical office did. "One thing that I've seen is a failure to think through how you authenticate people who view records adequately," says Giannacopoulos. "For the level of security required by HIPAA (the Health Insurance Portability and Accountability Act of 1996), passwords aren't enough."
Giannacopoulos recommends any medical record system be protected at a minimum by some sort of certificate-based authentication, and at a minimum by public-key infrastructure (PKI) encryption to prevent unauthorized access through interception of files or e-mail. He strongly suggests smart-card based systems, which carry security certificates and encryption keys on a readable card, adding a physical element to data security.
"For someone the size of Kaiser Permanente, [smart cards] might be cost-prohibitive, but for smaller organizations, I'd strongly look at them. "says Giannacopoulos.
Smart cards can be tied into not only electronic records security, but also physical security and access to virtual private networks.