Encrypting PHI for HIPAA Compliance on IBM i HelpSystems LLC. All rights reserved. All trademarks and registered trademarks are the property of their respective owners.
Introductions Bob Luebbe, CISSP Chief Architect
Today s Agenda Cybersecurity Threats to PHI data Overview of HIPAA Requirements Why Is Encryption Important? Encryption on IBM i Simplified Encrypting data at rest Encrypting data in transit Questions & Answers
UP NEXT... Cybersecurity Threats to PHI Data
Cybersecurity Threats to PHI Data Nearly 90% of healthcare organizations have experienced a data breach in the past 2 years 45% percent have had more than 5 data breaches in the past 2 years Source: Ponemon Institute s Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data
Cybersecurity Threats to PHI Data Protected Health Information (PHI) is more valuable than credit card numbers. Social security numbers, account numbers, and medical device serial number can t easily be changed PHI can be used to commit identity theft and insurance fraud On the black market, demand for PHI is high
Cybersecurity Threats to PHI Data Total cost of data breaches to the just the healthcare industry: $6.2 billion per year Incident response Class action lawsuits HIPAA fines Number of records breached: 113 million in 2015 (a 10x increase over 2014!)
UP NEXT... Overview of HIPAA Requirements
Overview of HIPAA Requirements Health Insurance Portability and Accountability Act applies to: Health plans Healthcare providers Healthcare clearing houses (organizations that process health info, including billing services) Business associates Some subcontractors of business associates
Overview of HIPAA Requirements Fines for non-compliance can reach millions of dollars Breach notification is required when unsecured PHI is exposed: Individuals affected Media outlets Government Customer lawsuits
Overview of HIPAA Requirements Conduct a vulnerability assessment Regularly review audit logs and access reports Guard against malware Limit data access to only authorized persons and programs Protect PHI from improper changes Encrypt PHI whenever appropriate
UP NEXT... Encryption of PHI Data
Why Is Encryption Important? Encrypted data is considered secured and does not fall under the requirements to notify of a data breach. Encrypted data isn t useful to criminals. Multiple layers of defense There are weak points on every system. Even though you have implemented other security solutions and have configured your system properly, there are ways for hackers to get to your data (phishing, malware, etc.). The only way to have secured data is to encrypt your data. This is the last layer of defense.
Encryption Overview Encryption is the process of encoding information to protect it from unauthorized access Encryption hides the meaning of the message, but not its existence. Data is encrypted using an encryption algorithm and a key. The output is called Ciphertext. The quick brown fox jumped over the lazy dog. Œ \ËKä BBY ý\åê Ñ C Ÿ^{F+rÀJ [1]Ï(54Y3s3s874s Encryption Plaintext (before) Ciphertext (after)
UP NEXT... Encryption on IBM i Simplified
ENCRYPT Encryption on IBM i Simplified Protect confidential information in IBM i database fields and IFS files including PCI, PII and PHI data. 1234 New Data (Insert/Update) Through Authorization Lists, users can be granted access to the fully decrypted field values, restricted to the masked values or can be completely denied access. r3vs#45zt!j9*k93 DB2 AUTO ENCODING/DECODING Key Management AES Encryption READS Auditing FULL DECRYPTION MASKED/PARTIAL DECRYPTION FULL ENCRYPTION Security Policies 1234 1**4 **** User A User B User C
Encryption on IBM i Simplified Crypto Complete demo
Encryption on IBM i Simplified IBM i, Linux, AIX MFT
Encryption on IBM i Simplified GoAnywhere demo
Next Steps If you need additional help navigating HIPAA requirements: Download How IT Pros Can Navigate HIPAA Compliance from HelpSystems.com Request a compliance assessment from HelpSystems Perform a Database scan for unprotected data
Questions?
Thank you for your time! Please visit www.linomasoftware.com to access: Free Trials Product Details and Brochures White Papers and Webinars Case Studies