A.    Security and Privacy Measures

HIEs should takes security and patient privacy requirements seriously both for legal compliance as well as patient trust. Issues surrounding these are handled at multiple levels using the mechanisms described in this chapter.

1.      HIPAA: Physical Security

The HIE and its participants should not maintain any Protected Health Information (PHI) in any of its premises except at secure data centers that are under strict operational control. The datacenter security is maintained by the selection of a location where the actual physical servers are located. Typical, secure datacenters maintain data behind multiple layers of physical security with each layer requiring permission to move forward. HealthUnity, a leading organization in the HIE business has three layers of physical security.

Here is a sampling of physical security measures that are considered best practice…

·         Entry to the building is restricted to authorized personnel, this is enforced by a security guard.

·         Entry to the server room is restricted by a second guard, and requires a badge to gain entry. Every entry into the server room is logged in a logbook for tracking

·         All hardware assets are housed in a secure cage within the server room for additional protection. The physical access to the cage is through a key which is held only by a limited set of the most trusted persons in the organization.

·         Any removal or addition of hardware assets into the cage is monitored and logged at the data center.

2.      HIPAA: Technical Security

Following are some of the measures that a HIE should take for enabling the safety of patient data.

·         All data and logs in the datacenter machines may be maintained on an Encrypted file system

·         Backups will be taken regularly and will be preserved within the cage. No protected health information will leave the premises physically.

·         Off-site backups will be taken only through a disaster recovery site which is linked to the main site through a VPN-secured line.

·         Standard operating practices are maintained in ensuring the security of the processes, machine accounts and passwords.

·         Remote access to the data center is allowed only for authorized personnel for debugging and troubleshooting purposes only. Even in such situations two factor authorization mechanisms are put in place.

3.      HIPAA: Operational Security

The HIE maintains standard operations procedures for each and every critical operation relating to the datacenter and the associated nodes that hold patient information.

These procedures are laid down for the following scenarios

·         Server upgrades

·         Regular server maintenance, Backups and restore procedures

·         Scheduled downtimes

·         Processes for managing unscheduled downtimes

·         Planning for disaster recovery

·         Security patch application

·         Intrusion detection and counter measures

·         Audit logging for internal operations

·         Archival and purging of historic data

4.      Node level Security

In order to create “secure trusted network” the security of all nodes communicating in the HIE network should be ensured using digital certificates with the means to quarantine any nodes which are suspected to be compromised. A well designed network would employ mechanisms that ensure that only nodes that are explicitly permitted to join the system and is allowed to communicate with others that are already part of the network. Further control may be given to each node to also permit communication to occur with only nodes it explicitly trusts within the secure trusted network thus enabling a further later of control over communication.

5.      Document Sharing Security

The HIE network should employ mechanisms for multidimensional rules around document sensitivity, document type, patient preferences and practice preferences to ensure that patient documents are not shared with practices which are not allowed to see them.. This provides the administrator of the system with complete control of the types of documents that may be distributed from or accepted into his/her respective practice.