Use Case - HIPAA/HITECH

File-GENERAL™ and HIPAA/HITECH Act
A Packet General Networks Brief

 

Abstract
This brief describes the impact of Health Information Technology for Economic and Clinical Health (HITECH) Act issued in 2009 on the IT organizations of HIPAA covered entities and their business associates. A use case is presented, in which an affected HIPAA covered entity uses File-GENERAL™ to protect health information, thereby providing a comprehensive security measure against security breaches, which could make the organization liable to the breach notification provision of HITECH act. Furthermore, it can expose the organization to civil action, damage its reputation, and potential penalties. Also, pursuant to section of 13407 of the HITECH Act, the Federal Trade Commission (FTC) has been tasked to enforce similar breach notification provisions to vendors of personal health records and their third party service providers.

Motivation
The Health Information Technology for Economic and Clinical Health (HITECH) Act, was enacted on February 17, 2009. The main goal of the act is was to ensure privacy of the "Electronic Patient Health Information" (EPHI) and it requires that HIPAA covered entities must:
  • "Ensure confidentiality, integrity, and availability of EPHI that it creates, receives, maintains, or transmits; 
  • Protect against any reasonably anticipated threats and hazards to the security or integrity of EPHI; and 
  • Protect against reasonably anticipated uses or disclosures of such information that are not permitted by the Privacy Rule." 
The breach notification provisions apply to not only to HIPAA covered entities but also to their business associates that "access, maintain, retain, modify, record, store, destroy, or otherwise hold, use, or disclose unsecured protected health information". The covered entities are health plans, health care clearinghouses, or health care providers that transmit any health information electronically. Any business associate who performs functions or activities on behalf of a covered entity is also covered by this act. Finally, the ‘‘protected health information’’ is defined as the individually identifiable health information. 

The act requires that a breached HIPAA covered entity must inform the Secretary of Health and Human Services (HHS) about the incident. If the breach resulted in disclosure of “unsecured protected health information” of more than 500 individuals, the HHS must post the name of the breached entity on its website. In some cases the breached entity is also required to inform the media. So it's obvious that a data breach of EPHI can not only tarnish the reputation of the breached entity but may also expose it to civil action, fines, or both. 

File-GENERAL™ Use Case 
Acme Medical Services (Acme), a fictitious company, utilizes a leading medical program to keep track of patient records that includes names, addresses, and other pertinent medical information to facilitate web transactions. 

The Problem 
Acme uses a centralized SAN device for storage. All servers including the one that runs the medical application, have been allocated a slice of the centralized storage. The data generated by the application is stored unencrypted on the disk. Hence the EPHI is vulnerable to the following attack vectors:
  • Physical theft of media 
  • Unauthorized access by a privileged insider 
  • Information theft 
  • Data tampering 
Without additional security measures, the company would be vulnerable to attacks that could compromise the EPHI. Upon a breach, Acme Medical Services would be subject to any/all of the terms of section 13402 of HITECH Act, which include potential liabilities, penalties for non-compliance, costs for notification, damage to reputation, etc. Acme stands to lose business due to lost goodwill. Potential litigation stemming from such breaches could result not only in financial losses but also in defocussing of corporate resources. Acme is unable to claim protection under the Safe Harbor, because the EPHI is being stored in an unencrypted manner.

The Solution
Acme Medical Services deploys File-GENERAL™, a secure file repository. The server that runs the medical application gets its storage from File-GENERAL™ which transparently encrypts EPHI before storing it on the disk. Since the encryption process is transparent, Acme doesn't need to change the medical application. By utilizing File-GENERAL™, which uses industry-standard, strong encryption, Acme Medical Services has taken a qualifying measure to protect EPHI and hence is now qualifies for relief under Safe Harbor. Complementing the data encryption capabilities, the security features of File-GENERAL™ protect data from any privileged insider attacks, integrity attacks, snooping and physical media theft as well as providing alerts and notification in the event of attempted breaches. By providing comprehensive security measures for EPHI stored in File-GENERAL™, Acme Medical Services operates in compliance with HITECH. 

Threats to Electronic Protected Health Information
1. Data Theft due to Unauthorized Privileged Access
Unauthorized ‘root’ or privileged insider access to the file server can expose sensitive health information. Additionally, unauthorized ‘root’ or privileged users can read the files containing health information directly. This technique can be used by untrustworthy systems administrators, or by an attacker who has gained root access.

2. Data Integrity Attacks
‘Root’ or compromised root can alter the data stored in a file server or alter the function of the file server so that sensitive health information is revealed. In the case of an integrity attack, users and administrators are unaware that the data containing sensitive health information has been modified without altering the expected behavior.

3. Insider Attacks
A malicious insider can disguise his/her attempts to copy the files as innocent mistakes. Incorrect file permission settings can provide an opening for such an attack. More importantly, such attempts may indicate some other behavioral problems, which must be curbed. A successful snooping attack that results in the copying of files amounts to theft of physical media.

4. Theft of Physical Media
Once off the premises, any stolen physical media, such as backup tapes, USB drives, or other removable media can be interrogated for any data to be used for further attacks.

File-GENERAL™ Response
 Threats  Solutions
 Data theft due to unauthorized privileged access.  Strong data encryption and access control. 
 Data Integrity Attacks  Data verification using checksums. 
 Insider Attacks   Extended file access controls. 
 Theft of Physical Media   Strong data encryption with FIPS compliant key management. 
   


The core File-GENERAL™ components are the data encryption engine, key management engine, extended access control engine, and reporting engine. Each component performs a critical function in securing File-GENERAL™, and collectively they provide comprehensive protection for enterprise file data by providing active countermeasures against each of the threat techniques.

1. Data Encryption Engine 
File-GENERAL™ includes a high-performance Data Encryption Engine, which provides strong encryption for all writes, and decryption for all reads. The Data Encryption Engine protects against the theft of physical media, data images – even if intruders are able to obtain physical or electronic copies of the file data, the data would be unusable without the decryption keys. Any probing of files would only yield blocks of ciphertext. 

2. Access Control Engine 
The Access Control Engine provides an industrial-strength identification and authentication mechanism that provides in reduction of the ‘trust domain’. Only the authorized File-GENERAL™ administrators are able to access the administrative functions of File-GENERAL™: this is one measure that reduces the risk posed by rogue systems administrators (or any other entity that has progressed beyond perimeter security). Eliminating unnecessary administrative access is the first step in providing ‘protection from the protectors’. 

3. Integrity Engine 
The most important component of File-GENERAL™, the Integrity Engine, provides the key to protecting sensitive personal information. All data sent to the disk for writes are check-summed transparently by the File-GENERAL™ Integrity Engine using industry standard checksum algorithms. For each write and read from the disk, the Integrity Engine verifies that the data stream has not been tampered with by matching the expected checksum values against the actual checksum values stored in a secure location. File-GENERAL’s high-speed algorithms perform these verification functions without degrading performance. 

4. Reporting Engine 
The File-GENERAL™ Reporting Engine provides detailed and summary information for usage, access, and breaches. Data from these reports is crucial for security audits as well as proving compliance for regulatory requirements. An external or malicious internal user may gain unauthorized access to the data and server processes – then perform acts to conceal the breach by removing or editing existing audit logs. The File-GENERAL™ Reporting Engine encrypts all logs and provides “on-demand” access to log data only to authorized personnel. 

Summary 
All of these techniques, when used individually or together, represent a comprehensive barrier to compromising File-GENERAL™, which stores sensitive information. File-GENERAL™ defeats attacks by providing specific countermeasures against each technique. File-GENERAL™ provides these enterprise-strength security measures unobtrusively – it was designed with this goal in mind. After, the simple installation process, there is no on-going maintenance required. 

File-GENERAL™ safeguards EPHI and answers the HITECH Act.