Encryption Whitepaper

advertisement
This document is Copyright  2010 by the HIPAA Collaborative of Wisconsin (“HIPAA COW”). It may
be freely redistributed in its entirety provided that this copyright notice is not removed. It may not be
sold for profit or used in commercial documents without the written permission of the copyright holder.
This document is provided “as is” without any express or implied warranty. This document is for
educational purposes only and does not constitute legal advice. If you require legal advice, you should
consult with an attorney. HIPAA COW has not yet addressed all state preemption issues related to this
document. Therefore, this document may need to be modified in order to comply with Wisconsin law.
The Basics of Encryption
Purpose
The purpose of this document is to provide a high level overview of encryption, and some of the
standard techniques in which it is used to protect information. This includes such topics as encryption
types, hashing, email, data transfer, remote access, key management, and securing portable devices
like laptops, blackberry's, smartphones, etc.
This document does not intend to recommend or promote any particular product or technology. Where
specific brands or products are mentioned, they are used as examples only. There are many solutions
available, and this paper makes no attempt to recommend any one solution over another.
Definition
So what is encryption? Simply defined, encryption is:
"…the process of transforming information (referred to as plaintext) using an algorithm
(called cipher) to make it unreadable to anyone except those possessing special
knowledge, usually referred to as a key." (Wikipedia, 2009)
The Breach Notification Rule under section 45 CFR 164.402 defines:
"Unsecured protected health information means protected health information that is not
rendered unusable, unreadable, or indecipherable to unauthorized individuals through
the use of a technology or methodology specified by the Secretary in the guidance
issued under section 13402(h)(2) of Public Law 111-5 (American Recovery and
Reinvestment Act of 2009 (ARRA) on the HHS Web site."
The “Secretary” of the U.S. Department of Health and Human Services (HHS), according to ARRA,
Title XIII – Health Information Technology of Economic and Clinical Health Act (HITECH), Subtitle D,
Part 1, Improved Privacy Provisions and Security Provisions, Section 13402(h)(2), is supposed to:
“…. after consultation with stakeholders, issue (and annually update) guidance
specifying the technologies and methodologies that render protected health information
unusable, unreadable, or indecipherable to unauthorized individuals, including the use of
standards developed under section 3002(b)(2)(B)(vi) of the Public Health Service Act, as
added by section 13101 of this Act.”
…and finally, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), states:
"A covered entity must, in accordance with §164.306… Implement a mechanism to
encrypt and decrypt electronic protected health information."
(45 CFR § 164.312(a)(2)(iv))
1
Asymmetric vs. Symmetric Encryption, and Hashing
“Are there different kinds of encryption? And how do I know if they are truly safe?”
There are a few things about encryption that are important to understand. There are many books and
other publications on the subject of encryption that go into much more detail, but here are the basic
things that everyone should understand:
Symmetric Encryption
Cryptographic solutions fall into one of two types. Symmetric encryption requires that each party who
wants to decipher the encoded message (cipher text) must have the secret key (or password). So if
Bob wanted to send Alice his grandmother’s secret recipe for chocolate chip cookies, he could encrypt
the message and use the key “My dog has fleas” to do so. Now for Alice to decrypt that message, she
would need to know the passphrase (or “key”). This works well when the intended recipients are few or
when there are only a small number of secret messages that will be delivered over time. However, the
management of secret keys for each message becomes complicated real fast especially as the number
of intended recipients grows. This can become a key management nightmare. The other issue is, how
do you deliver the secret keys to each recipient securely?
Asymmetric Encryption
Not long ago, some real smart people from MIT developed a system known as Public Key encryption.
Simply described, each person has two keys. One is a secret (or Private) key, and the other is a Public
key. Public keys can be stored in a public database (often online) for anyone to see. If Bob wants to
send Alice a secret message, all he needs to do is to encrypt that message with Alice’s Public key and
send her the message. The trick is that ONLY Alice’s Private key can decrypt the message. Now Alice
and Bob do not need to worry about sending the private keys to anyone, because they only need to
know each other's Public keys, and can keep their private keys to themselves.
Additionally, Bob can encrypt a message with his Private key knowing that anyone can decrypt it with
his Public key. Now why would Bob want to do this? Because anyone who used Bob’s Public key to
decrypt the message would KNOW that only Bob could have encrypted it (remember that Bob used his
Private key that only he knows). This process is referred to as “Digitally Signing” and it is used to prove
the Origin of the message. In this manner, a digital signature is much more reliable than a written
signature which can often be easily forged.
Hashing
Another clever use of encryption is to create a unique fixed length string of characters from a selected
text (such as the entire document). This string is called a HASH. If anything at all changes within that
document (or file) then the HASH is completely different. This process is used to verify the INTEGRITY
of the file. As an example, if you were to create a hash of the entire Library of Congress you could have
a hash that looks like this:
31a8b73156f221bfa56529145b608687
Now if I change only one comma in that entire collection of data, the hash produced would create a
completely different string, like this:
30d9e3bd5acd2036f4d0d7b19837269d
Using this hashing process, and by comparing the hashes of the original and received messages or
files, Alice could tell immediately if anything had been altered within the message.
2
A hash is a one way process and is impossible to reverse. That means that in no possible way could
you create all of the data in the Library of Congress with only the hash that was created. Because of
this, hashes can be posted publicly, or delivered without any concern of privacy or security shortcomings. In fact, many people will post the hashes for their applications on the same page as the
download so you can tell if the application has been altered in anyway.
As you can see, encryption is very useful in ensuring the confidentiality and integrity of data as well as
proving the point of origin (which serves to prove non-repudiation)
Algorithms
An algorithm is simply the mathematical formula used to encrypt the data. For example, in the following
illustration the sentence fragment is encrypted using a simple substitution algorithm:
Plain Text: The quick brown fox
Algorithm: A=1, b=2, c=3, d=4, etc… <space>=255
Cipher Text: 20 8 5 255 17 21 9 3 11 255 2 18 15 23 14 255 6 15 24
Over the years there have been many algorithms developed: DES (Data Encryption Standard), 3DES
(running data thru DES multiple times), AES (Advanced Encryption Standard), Blowfish, and others.
Many of the older algorithms have been broken, or ‘cracked’, and are now useless. The current federal
standard is AES.
Encryption algorithms are rated on several factors, most importantly the key length – the longer the key,
the stronger the encryption. DES and 3DES, for example, were originally created to use a 56-bit key.
Data encrypted with DES can now be cracked in a matter of hours on a moderately powerful computer.
The AES algorithm is available is 3 key strengths: 128-bit, 192-bit, and 256-bit; obviously, the 256-bit
key is the strongest. It is estimated that, on a machine that could crack a single DES key in one second,
it would take 149,000,000,000,000 (149 trillion) years to crack the AES128 algorithm; by comparison,
the age of the universe is currently estimated to be less than 20 billion years (NIST, 2000).
The federal FIPS 140-2 standard “specifies the security requirements that will be satisfied by a
cryptographic module utilized within a security system protecting sensitive but unclassified information”
(NIST, 2002). When choosing an encryption product, look for those that are certified to be compliant
with this federal standard – this ensures that it will meet any criteria specified by federal law, either now
or in the foreseeable future, and will be more than sufficient to pass an audit.
HIPAA and Encryption
The HIPAA encryption standard specified in the security rule is deemed "addressable" meaning that the
covered entity (CE) must either implement encryption or come up with a 'reasonable and appropriate'
solution to meet the regulatory requirement. As encryption technology has developed and become
more affordable, it is becoming more difficult to take the position that there are any 'reasonable and
appropriate' alternatives to encryption.
To add to the already complicated interpretation of the rule(s), the recent HITECH Act specifies severe
penalties for breaches of unsecured PHI, and further states that these penalties do not apply if data is
encrypted or otherwise rendered unusable, unreadable, or indecipherable.
Taking all this into consideration, the practical implication is that CEs will have exposure to regulatory
penalties unless data is encrypted. Recent audits by OCR, OIG, and other agencies indicate that these
agencies will not hesitate to impose sanctions for noncompliance involving a failure to encrypt. In short,
it is much safer to encrypt than to attempt to create an alternative solution.
3
But… what to encrypt, and how? Data (ePHI) may be stored and/or transmitted in many ways; are we
to believe that we must encrypt the data all the time, in all its forms?
Simply... no. As the result of a proper risk analysis, we can identify the specific areas requiring
encryption and implement the appropriate measures to safeguard the data. Some of these major areas
are illustrated in the following pages, with guidance on when and how to encrypt.
Common Uses
Email Encryption
“Okay, so we need to encrypt email – what does that mean, and how do we do it?”
While the above analysis would apply to both data in motion and data at rest, email presents one of the
most likely vehicles for breach, and is the first area to address when implementing encryption. As an
example, most patients have access to email, and it is a well understood technology; it is also one
common area likely to be investigated by an auditor.
The protocols used for sending email were created a long time ago when there was little if any concern
for privacy of the information being sent. Because of this, standard email is inherently not secure. The
data being delivered is transmitted in what is commonly referred to as “Plain Text”. What this means is
that a person could intentionally intercept data flowing between the sender and the receiver without
much effort, and could read the entire message. In this manner, this person could be copying the data,
or changing it at will. So how can you protect yourself and that information which could be leaked from
sending or receiving protected information in an email?
Public Key email encryption is generally managed in one of three ways:



At the desktop (local level)
At the gateway (network perimeter)
From a secure server outside of your network (in the “cloud”)
The encryption process is roughly the same in each case, although the steps necessary may differ. The
diagrams on the next pages explain the email encryption process in more detail:
4
Encryption is done using ‘Encryption Keys’ - these keys
are used to both encrypt and decrypt messages. Each
user has two keys – a Public Key and a Private Key. As
the names suggest, the Public Key is exchanged with
other users or gateways, while the Private Key is not. To
send an encrypted email, the sender encrypts it using the
recipient’s Public Key; only the recipient’s Private Key is
able to decrypt the message.
Encryption
Gateway
Private Key
Public Key
Private Key
User
Public Key
INTERNET
For every pair of users who need to exchange encrypted
email, each user must have the other person’s public key.
It becomes obvious that the more people a user needs to
communicate with, the more keys he/she must maintain.
Public Key
Private Key
User
Local Solution
Figure 1
5
Encryption is done using ‘Encryption Keys’ - these keys
are used to both encrypt and decrypt messages. Each
endpoint has two keys – a Public Key and a Private Key.
As the names suggest, the Public Key is exchanged with
other users or gateways, while the Private Key is not. To
send an encrypted email, the sender encrypts it using the
recipient’s Public Key; only the recipient’s Private Key is
able to decrypt the message.
Encryption
Gateway
Private Key
Public Key
Private Key
Encryption
Gateway
Public Key
INTERNET
Public Key
For every pair of users who need to exchange encrypted
email, each user must have the other person’s public key.
With a gateway system, this key exchange is automated.
Private Key
User
Gateway Solution
Figure 2
A cloud-based solution works similarly to the gateway solution shown above, but does not require
hardware or software, and there are fewer key management considerations.
There are advantages and disadvantages to each solution...
As the diagram on the next page shows (figure 3), the local solution encrypts the message from the
point of origin (Outlook, or some other email program), meaning it is encrypted over the local network
as well as over the Internet. A gateway solution leaves the message in plain text on the local network,
encrypting it only when it leaves the organization. However, management of the encryption keys is
automated with a gateway or cloud-based solution, while it is mostly a manual process with local
encryption.
The selection of an encryption solution MUST take all these factors into account. Also, gateway
solutions may ensure that encrypted emails can be sent to anyone, regardless of whether the recipient
has their own encryption solution; local solutions require the recipient to have a compatible encryption
solution as well.
6
Private Key A
Public Key B
Private Key B
User A
User B
Encrypted
Email
Message
Encrypted
Email
Message
Plain Email
Message
Plain Email
Message
INTERNET
Public Key B
on Gateway
Private Key A
on Gateway
Encrypted
Email
Message
Encrypted
Email
Message
Private Key B
on Gateway
Encryption
Gateway B
Encryption
Gateway A
Local Process
1) User creates email message and selects to encrypt
2) User checks for recipient’s Public Key
3) If key exists, message is encrypted and sent
4) If key does not exist, user must request (message NOT SENT)
5) Once keys are exchanged, message is recreated, encrypted and sent
6) If recipient does not support encryption, no communication is allowed
7) All key management is handled by the user(s)
8) Communication is only available if the recipient’s key is available
Gateway Process
1) User creates and sends email message normally
2) Gateway checks for recipient’s Public Key
3) If key exists, message is encrypted and sent
4) If key does not exist, encrypted message is stored on server
5) Recipient is notified (by plain email) that an encrypted message is waiting
6) Recipient logs onto server and retrieves encrypted message
7) All key management is handled by the gateway
8) Communication is always available
Figure 3
Cost is another factor that must be considered, and not just the amount of money spent to purchase a
solution; ongoing maintenance and support costs must be considered as well. Generally speaking, the
larger an organization, the more cost effective a gateway solution becomes.
Another option is to encrypt the message and/or data and include it as an attachment in an otherwise
unencrypted email. SecureZip, WinZip and PGP are examples of applications that have this capability –
they will compress the data into a smaller file, and apply an encryption algorithm. These are usually
protected by a password that controls the decryption process – without the password, the file is unable
to be opened and read. This method also has the advantage of being able to combine several data files
into a single encrypted-compressed object for emailing as a single attachment.
The danger of using this method is that a single password is the sole mechanism protecting the data
from unauthorized access; the weaker the password, the less secure the data. There are many utilities
available today that can crack a password-protected ZIP file; in many cases, only an hour or two may
be required to crack the password and access the data.
Having decided to implement an email encryption solution, regardless of whether it is local or gateway
based, the next question is, "What do I encrypt? …all email? …only PHI?" Well, it depends…
If PHI is to be sent outside the entity (i.e. to an external recipient) via email, it must be encrypted – that
much is indisputable. But what about non-PHI - corporate confidential data, such as accounting records
or employee files? In most cases, these are items that the CE would not want made public if they were
to be obtained by someone other than the intended recipient. There are many examples of non-PHI
data that should most likely be encrypted; only a complete risk assessment can determine which emails
7
need to be encrypted and which need not. Most encryption solutions – both local and gateway – have a
mechanism for applying policies on what and when to encrypt.
As a general rule, err on the side of encryption! While encryption is not explicitly required by the HIPAA
regulations, there is very little room (if any) for alternative safeguards.
Data Transfer
“We can’t afford to implement an email encryption solution, but we still need to transfer
patient data to and from our payers and other business associates. What can we do?”
Often, protected data (including ePHI) must be transferred to/from other entities or business associates
by a means other than email; File Transfer Protocol (FTP) is a common data transfer method. There
are several means of securing data over an FTP connection – the data itself may be encrypted
(protecting the data itself), the FTP connection may be secured (protecting the communication path), or
a combination of both may be used.
There are two common methods to secure the standard (and insecure) File Transfer Protocol (FTP).
The first method is to use Secure Shell (SSH) to copy the data from one location to another; this
method is generally referred to as SFTP. Setting up and configuring an SSH server is relatively easy
and inexpensive, and many companies currently support using this technology. The second method is
to use Secured Socket Layers (SSL) to protect the connection of a standard FTP transmission. This is
referred to as FTPS and is also very common.
And, as with email, the data itself may be encrypted; again, there are many utilities that can be used to
secure the data before sending.
For added protection, the two methods may be combined – sending an encrypted file over an encrypted
connection. The benefit to encrypting both the data and the communication path is to mitigate the risks
that each one has separately. For example, only protecting the communication path (data in transit)
may mean that unencrypted data is sitting on your internet facing server or the recipient’s internet
facing server for extended periods of time. If there were to be a breach of that system, there would be
no protection of the data that was delivered. If you only send encrypted data (data at rest) over a
standard unencrypted FTP connection, then the credentials that you are using to log in (or the ones
used to connect to your server) are being transmitted openly. A malicious person could capture these
credentials and log into the server themselves, altering the encrypted data file, or making a copy for
later use. As technology advances, it is very likely that the encrypted file captured today could be easily
decrypted in 5 years; most ePHI will still be as relevant and useful in 5 years as it is today.
“This would require us to learn something new - aren’t there any websites we can use?
That would be really easy, and we already know how to use the Internet.”
In addition to SFTP/FTPS, there are many Internet-based file transfer, or file storage and retrieval sites
which use SSL to protect the data transfer. The sender simply needs to set up an account with one of
these providers, create user accounts for those people with whom they need to share data, and copy
the data to the site. While this method is generally secure, extreme care should be taken when initially
choosing a provider for this service. Things to consider include system availability, system security,
what provision will be taken in the event that you wish to terminate your relationship, or if they go out of
business, etc.
8
Questions that should be asked include:






Do they employ redundant systems to ensure availability?
Do their servers need to be encrypted or have they determined through their risk analysis that
other compensating controls are sufficient?
Is the upload/download process secure (SSL / HTTPS / SFTP / SSH)?
Have they been certified to use the level of encryption that you or your business partners
demand (FIPS 140-2 compliant)?
Are their controls regularly audited?
Will they guarantee appropriate destruction methods of hard drives or backup tapes which may
contain your data?
“Well okay then, we can’t afford and don’t have the expertise to implement and support a
technical solution. We’ll just use a courier service and send copies of the data on CD.”
BZZZZZZZZT – not so fast! What happens if the courier loses the CD? ...or delivers it to the incorrect
place, or person? ...or, worse yet, makes a copy to sell to the highest bidder? The data must still be
protected; encrypting the data file(s) on the CD is the only way to ensure that. The methods presented
in this paper for encrypting data at rest will insure that your data is secure no matter what method is
used for transfer.
Remote Access
"We're trying to cut costs, and help the environment. I've heard about telecommuting;
how can I let my employees work from home?"
Telecommuting, or working from a remote location, is becoming a common method for controlling
expenses, and helps the environment by putting fewer cars on the road. Remote access systems allow
employees or other users to securely connect to applications and data as if they were in the office.
There are several means of granting access to applications and data from remote locations; one of the
most common is with a Virtual Private Network, or VPN. As the name suggests, the VPN creates a
temporary encrypted connection into the host network that exists only for as long as needed. There are
two types of VPN – either is just as secure.
The standard VPN requires a client utility to be installed on the remote workstation, and creates an
encrypted connection, or tunnel, into the company's network. This method uses keys (similar to the
keys used in email encryption) to authenticate the remote computer, and the IPSEC protocol to create
and secure (encrypt) the tunnel. One advantage to this is that the connection can be better controlled
by the company – connections are only allowed for computers with the appropriate client utility. Most
firewalls (you do have a firewall, don't you?) have the ability to deploy and establish VPN tunnels, using
their own client utilities. Remote users must still supply their ID and password to connect, just like they
were in the office.
Recently, a new type of VPN has become very popular – the SSL VPN. Instead of having an installed
client utility, the SSL VPN is set up as a secure website (similar to how banks provide online banking
services). Because there is no client to install, this has the advantage of being available to anyone,
from anywhere, and not just from a specific computer.
In either case – SSL or IPSEC – any/all client applications would need to be installed on the remote
computer in order to be accessed and used.
9
"Well that's no good – we don't have enough licenses to install our applications on every
computer that could be used to access our systems. How do we get around that?"
Another option – available with some SSL VPN solutions – is to make the applications available on the
website. After the user connects and logs into the network (oh yes, they still have to log in – again, think
online banking), the applications are published as icons on the web page. Citrix, with their Citrix Access
Gateway product, is probably the best known solution of this type.
"Our software vendor needs to access our server to update their application, but they
want to charge us for travel, food, and lodging. Can they use remote access instead?"
Absolutely! This is a great use of remote access technology, and can help offset the costs associated
with implementing such a solution. It also allows for faster response, and decreased downtime in the
event of a software problem.
"Our vendor says they want to establish a 'Lan-to-Lan' VPN – that sounds complicated
and expensive. What is it, and how does it work?"
A Lan-to-Lan (or L2L) VPN is very similar to the client-based IPSEC VPN discussed earlier. However,
instead of requiring a client utility, this solution creates a permanent encrypted tunnel between the two
networks. Again, many firewalls have this capability, and there are dedicated VPN solutions available
from companies like Cisco, Juniper, and others.
While there are many advantages to using this technology, VPN's can be expensive to implement and
maintain – only a complete risk assessment can determine whether this technology is appropriate for
any particular organization. The important point to remember is that if you decide to allow access
remotely, you must ensure that the connection and/or the data is encrypted.
Portable Devices
Laptops
"I've heard a lot on the news about laptops being stolen, and patient or employee
records being exposed. Some of our employees have laptops – what do I need to do?"
With many of today’s laptop computers providing portability as well as being suitable replacements for
desktop computers, more and more users have laptop computers. The result is increased risk to an
organization’s data which resides on the laptop, since laptop computers are more susceptible to being
lost or stolen. The best way to protect sensitive data is to not store it on the laptop hard drive in the first
place; through the use of remote applications (i.e. web applications, Citrix, etc.). However, if sensitive
data must be stored on the laptop computer hard disk drive, the best way to protect it is by use of
encryption. There are generally two ways to encrypt data on a laptop hard disk drive, full disk
encryption and file/folder level encryption, or some combination of the two methods. In any case,
properly centralized, IT managed data backup and key management are extremely important, since a
lost or damaged encryption key could result in permanent data loss. It is also important to consider your
requirements related to eDiscovery when looking at laptop data encryption (i.e. disk drive imaging,
recovery, archival, etc.). There are several types of encryption products available and the cost of
encrypting data on a laptop computer is generally quite small when compared to the risk of exposing
sensitive data.
10
File and Folder Level Encryption
File/folder level encryption is typically selective, being performed manually under direct user control, or
via an automated program. Some file/folder level encryption products can encrypt files automatically,
based on specific configuration for file encryption by file location (e.g., folder), file type (e.g.,
spreadsheets), or source application (e.g. Excel).
The Windows Encrypting File System (EFS) is one example of a basic file/folder level encryption
product. It can be centrally activated by using Active Directory Group Policy Objects to encrypt
specified files or folders. However, like all file/folder level encryption products, it relies on users to
properly write sensitive data into predefined protected folders, and cannot stop users from copying
sensitive data, which is supposed to be encrypted, to unencrypted locations (either on the hard disk
drive or on removable/portable media).
There are more sophisticated file/folder level encryption products which do more, and some offer
stronger policies and enforcement which make it less likely that sensitive data will go unencrypted on
the laptop hard disk drive or on removable/portable devices (e.g. USB drives).
Full Disk Encryption (FDE)
Full disk encryption (FDE) does just what the name implies; it encrypts everything stored on a physical
disk or a logical volume. The purpose of FDE is to ensure that all data written to the hard disk drive is
always encrypted. This includes not only sensitive data and files, but also application and operating
system files (i.e. page files, data caches, etc.). By applying encryption to the disk drive(s), any/all data
is encrypted the moment it is written to the drive, and it is completely inaccessible if the drive is
removed or is accessed externally. The only way to access the data on a FDE disk is to use the
approved, predefined access methods (usually the application used to create and manage the data).
How does it work? Just like other encryption schemes, a key is used to convert the data to an
unreadable form, and to convert it back into something readable when needed. An example of one type
of FDE encryption is the BitLocker feature in Windows 7. The BitLocker tool encrypts entire disk
volumes and utilizes security features of the laptop computer hardware and operating system (i.e.
Trusted Platform Module (TPM) chip, USB keys, etc.). Since it encrypts by disk volume, any data
written to unprotected volumes will be unencrypted.
There are FDE products which are more comprehensive and encrypt the entire contents of the hard
disk drive, sector by sector, and bit by bit (including boot sectors, swap files, OS files, and user data).
Most FDE products provide additional protection through the use of Pre-Boot Authentication (PBA),
authenticating the user before the operating system starts. The authentication, encryption, provisioning,
and reporting capabilities vary for each FDE product, but enterprise FDE products typically provide
features like Windows single sign-on, centralized administration (i.e. password resets), centralized
logging for security audit and compliance reporting, and features like a remote kill switch if a laptop
computer is reported lost/stolen or doesn’t periodically check in with the organization’s FDE server.
Comparing FDE and File/Folder Encryption
"I'm confused... what are the pros and cons of file and full disk encryption?"
The main drawback of file/folder level encryption is the possibility of sensitive data not getting encrypted
due to the selectivity of this method. Also, since individually encrypted files, or groups of files, can
migrate throughout the organization (i.e. onto file servers, as email attachments, etc.), use of
centralized key management and proper key archiving is imperative, to ensure these files can be
decrypted in the future.
11
A drawback with FDE is that initially encrypting an entire laptop disk drive can take hours, not including
the time necessary to ensure there is a full backup of the laptop disk drive before starting the encryption
process. Also, due to the way FDE works, encrypting every bit of the hard disk drive, FDE products
have a tendency to find bad laptop hard drives more quickly than they would otherwise be discovered
(if ever). In addition, proper procedures must be put in place since some FDE pre-boot authentication
methods can interfere with other programs used by the organization to manage the laptop computer
(i.e. asset tracking, sign-on processes, desktop administration, patching and auditing tools, etc.), since
they cannot remotely reboot the computer without the user’s credentials. Another consideration is the
potential impact to data recovery if a FDE laptop computer hard disk drive is corrupted or damaged.
Other Portable Media
"Many of our employees have Blackberry's, or some other kind of smart phone that
could allow them to take data with them on the road. Do these need to be encrypted?
And if so, how do we do it?"
Portable devices include Blackberry's and other mobile phones that support wireless access, and have
the ability to store messages and other data; this category also includes CD's, DVD's, USB or “thumb
drives”, iPod's, and similar devices. All of these devices have the capability to store confidential or
sensitive information that creates an increased risk of an intentional or accidental loss of confidential
patient or business information.
There are several controls that an organization could implement to address this risk:





Have a policy that forbids storing data on the device.
Deploy technology to limit what information is stored on the device.
Enable built-in functionality, i.e.,passwords, that controls access to the device.
Deploy technology to encrypt any data stored on the device.
Implement some combination of these controls.
The first control has a number of shortcomings, the least of which is how to measure compliance. This
approach does nothing to address the risk of a confidentiality breach if a device is lost or stolen.
The second control relies on technology to examine all data as it moves from corporate data storage to
a portable device. This approach typically uses a lexicon of sensitive words, phrases or other word and
number patterns to control the transfer of data. While this will reduce or control the type of data
transferred, it will not eliminate the risk of a confidentiality breach if a device is lost or stolen.
Many of these devices have built-in functionality that requires the entry of a password in order to use
the device. This feature would control access to the device and by extension limit access to all stored
data. However unless a strong password is used, one not easily guessed, there is still a considerable
risk that a lost or stolen device would result in a breach of confidential data.
Finally, data encryption delivers a high degree of confidentiality and provides a safe harbor if there is a
breach of patient information when a device is lost or stolen. Encryption renders the information
unreadable and unusable unless the encryption key is available.
Many of these devices offer encryption solutions already that should be explored. For example,
Blackberry Enterprise Server (BES) offers data encryption using the AES256 algorithm. Also, by
default, the BES Solution generates the master encryption key and message key that the BES and
BlackBerry devices use to encrypt and decrypt all data traffic between one another.
12
By using a combination of the last two control options, password controlled access and data encryption,
the risk of a breach of confidential information is significantly reduced. Adding the second control will
further lessen the risk by limiting what information can be transferred to the device. There are several
commercial security applications available that will enforce encryption and other controls on devices
that do not natively have this functionality, including the ability to bit-wipe the device (delete all data)
after a defined period of inactivity (days or weeks), or after a set number of failed password attempts.
Each business entity needs to determine which controls are appropriate. What is the risk associated
with information leaving the organization? What is the risk of the information falling into the wrong
hands - monetary fines, legal action, loss of intellectual capital, and loss of business reputation? Each
business has to decide what information needs to be protected. Each business has to consider the cost
of the control(s) and the value of the information needing protection. At the end of the day it boils down
to a business decision that is implemented with technology.
As discussed previously, SecureZip, WinZip, PGP, and other utilities can encrypt and passwordprotect data; once the data is encrypted you can deliver it by email, over an FTP (or similar) connection,
or on some other form a media (e.g., DVD, CD or USB Drive, etc). One of the most common
disadvantages with this method is in key management. It can become difficult to manage all of the keys
and passwords that belong to each file and for each intended recipient. You also need to ensure that
you are delivering the key in a secure manner.
Data at Rest
"I suppose now you're going to tell me that we need to encrypt our servers too? You
wouldn't really do that, would you?"
Data at rest is data that is stored on the disk drives of your servers and computers, on backup tapes, or
elsewhere, when it is not in use. You may ask why data that is safely locked away in your server room
needs to be encrypted; there are several reasons:



Virtually any server can be accessed from anywhere by someone who knows what they are
looking for and is motivated to get it. That means that unencrypted data could be available to
anyone who knows how to access your systems (yes, that includes employees)
Disk drives fail and are replaced; servers grow old and slow and are retired. These all need to
be properly disposed of - until a disk drive is totally destroyed the data on it is accessible. In
many cases failed drives are no longer locked in your server room, but rather are kept at the
desk of the IT person where the cleaning staff could simply walk away with it
Not all servers are kept in locked rooms, safely hidden away in a hospital’s basement.
Especially with small offices, often the only lock is the lock on the office door
The solution again is full disk encryption (FDE). By applying encryption to the disk drive(s), any/all data
is encrypted the moment it is written to the drive, and it is completely inaccessible if the drive is
removed or is accessed externally. The only way to access the data on a FDE disk is to use the
approved, predefined access methods (usually the application used to create and manage the data).
How does it work? Just like other encryption schemes, a key is used to convert the data to an
unreadable form, and to convert it back into something readable when needed. There are many
available options for implementing full disk encryption; users of newer Microsoft operating systems
even have a disk encryption program called Bit Locker built in and ready to use at no additional cost.
13
"We back up our servers to tape every night, and store the tapes off-site. Do we need to
encrypt them too?"
We all know that tapes wear out and get thrown away. Tapes are often stored off-site for safety, are
shipped from one building to another, or are even transferred across the country. With all this tape
movement, it is not uncommon for them to be lost. It is a trivial matter for someone to retrieve data from
a backup tape. Most vendors of tape backup solutions offer encryption as a standard part of their
product; use it - it is an inexpensive way to apply protection to the data stored on tape. If your tape
backups cannot be encrypted you should either not be sending tapes anywhere outside your facility, or
you should be looking for an alternative that supports encryption.
To dispose of old tapes, you could take them to an MRI unit and fire up the magnet, run them through a
trash compactor, burn them, or otherwise destroy the tape. For old hard disk drives, drilling a hole thru
the disk housing (and thru the platters inside) will render the disk permanently unreadable. In either
case, destroying the medium (disk, tape, etc) is the only sure way to prevent access to the data.
Securing The Keys
"As we encrypt more and more of our data, what happens if the keys get lost or a user
forgets a password?"
Key management can be a challenge – this section deals with the subject in detail.
Proper key management is probably one of the most important aspects of data encryption. The loss or
corruption of cryptographic keys can lead to the loss of access to systems and data. The larger and
more diverse your environment, the more distributed your keys can become. You will need to pay
particular attention to the importance of key lifecycle management. Key lifecycle management refers to
key management, generation, usage, storage, archival, and destruction.
Key Management
The proper management of cryptographic keys is essential to the effective use of cryptography for
security. Ultimately, the security of information protected by cryptography directly depends on the
protection afforded the keys. All keys need to be protected against modification, and keys used for data
encryption and digital signatures need to be protected against unauthorized disclosure. All users (end
users and administrators) need to be aware of their liabilities and responsibilities with respect to
properly managing cryptographic keys, and need to understand the importance of keeping their
cryptographic keys secure at all times. Managers and administrators should be prepared for the
possibility of cryptographic key compromise and should have proper controls in place to adequately
manage this type of situation. Whenever possible, organizations should utilize centrally stored and
managed cryptographic encryption keys. User generated and managed encryption keys require much
greater vigilance of key lifecycle management procedures, as the organization could lose access to
data if something were to happen to an employee or they were to leave the organization without
divulging the keys used to encrypt sensitive or mission critical company data.
Passwords are generally used to protect (encrypt) cryptographic keys used for data encryption and
digital signatures. Passwords are also keys, but are typically much simpler than the mathematically
generated cryptographic keys, and sometimes the cryptographic encryption key is derived from a user
entered password. As a result, data encryption systems are only as strong as their weakest link, which
is usually the password used to protect the cryptographic keys.
There are several different types of encryption keys; the National Institute of Standards and Technology
(NIST) defines about 20 different types. However, for data encryption, one can generally think of two
14
types of applications, applications which encrypt data in transit using short-term keys (i.e. FTP, SSL,
etc.), and applications which encrypt data at rest using long-term keys (i.e. WinZip, email, backup
systems, etc.). As one would expect, the key lifecycle management requirements will be different for
short-term and long-term keys.
Key Generation
The generation of keys is the most sensitive of all the cryptographic functions, and any inadequacies in
the implementation of the key generation function can seriously undermine the integrity of the system.
Security measures should be in place to prevent unauthorized disclosure, modification, or replacement
of keys. Depending on the key management implemented, some applications will locally generate keys
(e.g. using WinZip to encrypt files) and other applications will generate and distribution keys from a
central authority (e.g. centrally managed FDE). In either case, company employees must maintain
complete control of generated keys from the time of generation and throughout their lifecycle.
Key Usage
The use of cryptographic keys in applications may require special handling and protection practices to
ensure the confidentiality and integrity of the keys. You will need to establish procedures to ensure the
protection of sensitive cryptographic keys, and use of physical devices (i.e. portable USB drives, etc)
may be necessary to protect the keys. Authentication timeout features should be used to protect
cryptographic keys from compromise or misuse and key recovery mechanisms should be implemented
for cryptographic keys that are used to encrypt sensitive data.
Key Storage
The proper storage of cryptographic keys is critical to ensure the confidentiality and integrity of keys
used by end users, administrators, and automated applications. You will need to ensure that
appropriate storage methods are used whenever storing cryptographic keys. The two most common
ways to store cryptographic keys are software storage and hardware storage. Procedures are
necessary to manage software stored cryptographic keys due to greater vulnerability from key
exposure; if using passwords, strong passwords should be chosen for providing access to the keys.
There should also be adequate access controls for the encrypted key data file, to prevent theft or
misuse. If storing cryptographic keys in hardware storage, you will need procedures to provide for the
initialization, distribution, replacement, and destruction (as necessary) for the hardware token.
Key Archival
As part of the key lifecycle, archival of cryptographic keys is vital to ensuring that any data encrypted
with those keys is always available to authorized parties. Sensitive user or centrally managed
cryptographic keys should be archived for time periods which align with the data which has been
encrypted by those keys. This will ensure that encrypted data can always be decrypted for as long as
the encrypted data exists in the company’s data archives. For keys associated with digital signatures,
key archival times will determine the timeline for signature validation.
Key Destruction
As part of the key lifecycle, expiration is an important part of key management. Reasonable lifetimes for
keys should be determined, again aligned with the data encrypted with those keys. For keys associated
with digital signatures, procedures are needed for the deactivation/revocation of keys so that data
digitally signed prior to a compromise date (or date of loss) can be verified.
15
Summary
"That's way too much information to remember. How do I figure out what I need to do?"
The need for one or more encryption solutions in a healthcare setting is indisputable for all but the very
smallest of entities. There are several situations where encryption may be, and probably is necessary:


Data at rest
o Laptops
o Smartphones
o CDs / DVDs / Tapes
o Workstations / Servers
o iPods, Thumb drives, etc
Data in transit
o Email
o Data Transfer
o Remote Access
Of these, several are relatively easy and inexpensive to implement, and for smaller
organizations a single solution may provide security in multiple areas. For example, installing
PGP may allow you to do full disk encryption on laptops, create encrypted-compressed files for
transfer, and send / receive encrypted emails as well. As the size and/or complexity of the
environment increases, so does the difficulty and cost of implementing controls.
While it may be possible to protect PHI without implementing encryption, the risks associated
with such a non-solution are too great to ignore; the ARRA/HITECH breach notification
requirements alone are often a sufficient justification for encryption. So how do you determine
what to encrypt, when, and how? The following steps will help to answer those questions, and to
develop a solution:
1. Complete a risk assessment
a. Determine exposure to threats
2. Perform a full gap analysis
a. Current controls vs. risks vs. exposure
3. Determine residual risk
a. Actual exposure, and associated cost of non-compliance
4. Prioritize the findings
a. By exposure, by cost, or by some other appropriate comparison
5. Develop remediation plan(s)
a. Highest priority first
6. Implement solution(s)
a. Update your policies, if necessary
b. Don't forget to educate your users!
7. Document, document, document
a. All assessments, decisions, methods, etc, must be documented
b. Keep documentation for 6 years
8. Rinse, repeat
a. Security is not a goal, it is a process
Risk assessments are required by HIPAA anyway, so you're already doing the first step, right?
The gap analysis and residual risk determination steps are part of a complete risk management
strategy, so you should already be doing them as well. And, if the preceding statements are
correct, then you already know your risk exposure. All that remains is to assign the appropriate
priority to those risks, develop plans, and execute your strategy.
In most cases, the risks of not encrypting far outweigh the cost of implementing an encryption
solution. A risk assessment will help determine the areas of greatest need, and a well
16
documented plan will ease the deployment and management of the chosen solution and help to
make it more effective.
17
Appendix A
The links below are intended for reference only and are in no particular order. There are many
solutions available, from many vendors – the list below is a representative sampling of a few of
these solutions. The HIPAA Collaborative of Wisconsin (HIPAA-COW) neither endorses nor
recommends any individual company or product.
PGP Corporation – encryption solutions
http://www.pgp.com/index.html
WinZip – data compression and encryption
http://www.winzip.com/index.htm
Citrix Corporation – remote access solutions
http://www.citrix.com/English/ps2/products/product.asp?contentID=15005&ntref=prod_top
Checkpoint Corporation – firewall, VPN, and full disk encryption
http://www.checkpoint.com/products/index.html#gateways
http://www.checkpoint.com/products/datasecurity/pc/
Juniper Networks – firewall and VPN
http://www.juniper.net/us/en/products-services/security/
Cisco – routing, switching, remote access, and VPN
http://www.cisco.com/en/US/solutions/ns170/networking_solutions_products_genericcontent090
0aecd80511fa7.html
GNU GPG – encryption solutions
http://www.gnupg.org/
TrueCrypt – full disk encryption
http://www.truecrypt.org/
Guardian Edge – full disk encryption and endpoint protection
http://www.guardianedge.com/products/
WinMagic – full disk encryption and endpoint protection
http://www.winmagic.com/products
Barracuda Networks – VPN and gateway solutions
http://www.barracudanetworks.com/ns/products/sslvpn_overview.php
OpenVPN – VPN solutions
http://openvpn.net/
Credant – full disk and mobile device encryption
http://www.credant.com
Zix Corporation – email encryption
www.zixcorp.com
18
Blackberry
www.blackberry.com
SecureZip
www.pkware.com
Appendix B
The resources below are available for more information on many of the topics presented in this
paper. Again, HIPAA-COW makes no assertion or recommendation of any of the material
available via these links.
http://en.wikipedia.org/wiki/Encryption
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brguidance.html
http://www.hipaa.ihs.gov/index.cfm?module=use_of_encryption
http://en.wikipedia.org/wiki/Public-key_cryptography
http://otfedb.sdean12.org
http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software
http://csrc.nist.gov/publications/PubsSPs.html
http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
http://www.cnss.gov/Assets/pdf/cnssp_15_fs.pdf
http://hipaa-encryption.com/HIPAA-Compliance/phi-encryption/government-encryption-standardadvanced-encryption-standard-aes/
http://www.nist.gov/public_affairs/releases/aesq&a.htm
19
Download