Encrypting PHI for HIPAA Compliance on IBM i. All trademarks and registered trademarks are the property of their respective owners.

Transcription

1 Encrypting PHI for HIPAA Compliance on IBM i HelpSystems LLC. All rights reserved. All trademarks and registered trademarks are the property of their respective owners.

2 Introductions Bob Luebbe, CISSP Chief Architect

3 Today s Agenda Cybersecurity Threats to PHI data Overview of HIPAA Requirements Why Is Encryption Important? Encryption on IBM i Simplified Encrypting data at rest Encrypting data in transit Questions & Answers

4 UP NEXT... Cybersecurity Threats to PHI Data

5 Cybersecurity Threats to PHI Data Nearly 90% of healthcare organizations have experienced a data breach in the past 2 years 45% percent have had more than 5 data breaches in the past 2 years Source: Ponemon Institute s Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data

6 Cybersecurity Threats to PHI Data Protected Health Information (PHI) is more valuable than credit card numbers. Social security numbers, account numbers, and medical device serial number can t easily be changed PHI can be used to commit identity theft and insurance fraud On the black market, demand for PHI is high

7 Cybersecurity Threats to PHI Data Total cost of data breaches to the just the healthcare industry: $6.2 billion per year Incident response Class action lawsuits HIPAA fines Number of records breached: 113 million in 2015 (a 10x increase over 2014!)

8 UP NEXT... Overview of HIPAA Requirements

9 Overview of HIPAA Requirements Health Insurance Portability and Accountability Act applies to: Health plans Healthcare providers Healthcare clearing houses (organizations that process health info, including billing services) Business associates Some subcontractors of business associates

10 Overview of HIPAA Requirements Fines for non-compliance can reach millions of dollars Breach notification is required when unsecured PHI is exposed: Individuals affected Media outlets Government Customer lawsuits

11 Overview of HIPAA Requirements Conduct a vulnerability assessment Regularly review audit logs and access reports Guard against malware Limit data access to only authorized persons and programs Protect PHI from improper changes Encrypt PHI whenever appropriate

12 UP NEXT... Encryption of PHI Data

13 Why Is Encryption Important? Encrypted data is considered secured and does not fall under the requirements to notify of a data breach. Encrypted data isn t useful to criminals. Multiple layers of defense There are weak points on every system. Even though you have implemented other security solutions and have configured your system properly, there are ways for hackers to get to your data (phishing, malware, etc.). The only way to have secured data is to encrypt your data. This is the last layer of defense.

14 Encryption Overview Encryption is the process of encoding information to protect it from unauthorized access Encryption hides the meaning of the message, but not its existence. Data is encrypted using an encryption algorithm and a key. The output is called Ciphertext. The quick brown fox jumped over the lazy dog. Œ \ËKä BBY ý\åê Ñ C Ÿ^{F+rÀJ [1]Ï(54Y3s3s874s Encryption Plaintext (before) Ciphertext (after)

15 UP NEXT... Encryption on IBM i Simplified

16 ENCRYPT Encryption on IBM i Simplified Protect confidential information in IBM i database fields and IFS files including PCI, PII and PHI data New Data (Insert/Update) Through Authorization Lists, users can be granted access to the fully decrypted field values, restricted to the masked values or can be completely denied access. r3vs#45zt!j9*k93 DB2 AUTO ENCODING/DECODING Key Management AES Encryption READS Auditing FULL DECRYPTION MASKED/PARTIAL DECRYPTION FULL ENCRYPTION Security Policies **4 **** User A User B User C

17 Encryption on IBM i Simplified Crypto Complete demo

18 Encryption on IBM i Simplified IBM i, Linux, AIX MFT

19 Encryption on IBM i Simplified GoAnywhere demo

20 Next Steps If you need additional help navigating HIPAA requirements: Download How IT Pros Can Navigate HIPAA Compliance from HelpSystems.com Request a compliance assessment from HelpSystems Perform a Database scan for unprotected data

21 Questions?

22 Thank you for your time! Please visit to access: Free Trials Product Details and Brochures White Papers and Webinars Case Studies