The volume of medicinal information has increased drastically today. Consequently, protecting this information has become paramount. The current changes in technology have also influenced the sharing, storage, and management of health records. For these reasons, health organizations have seen the need to employ electronic means to protect this massive data. Protecting patients’ privacy and their medical records requires a robust security infrastructure and effective security policies. The security infrastructure should cover issues dealing with cryptography, access control, login authentication, auditing, as well as disaster recovery. A healthcare security policy should clearly define the policies, standards, procedures, and guidelines in creating, accessing, and maintaining the confidentiality and integrity of e-health data. For this report, the main focus is on cryptography access control as part of the security infrastructure in a health organization.
Cryptography-based access control in healthcare is a control function used to share resources and access medical records, reports, and related data appropriately. It is an access control mechanism that heavily relies on cryptography to ensure the confidentiality, integrity, and availability of data management in the health system. Controlling access through cryptography and ensuring proper management of encryption keys ensures patient’s safety by preventing the violation of patient’s privacy. This report will focus on how cryptography can be implemented in healthcare organization. The report will address the requirements of encryption in the healthcare information system to develop an efficient policy for its use. Likewise, the range of documents to be protected and their requirements will be discussed. The objectives of cryptosystem in healthcare systems and the cryptographic keys will also be addressed. Finally, the paper will address the possible future development of the organization of the cryptosystem deployed as well as how to effectively monitor and assess the cryptosystem deployed in the healthcare organization.
Electronic Documents to be Encrypted and their Requirements
Electronic Health Records (EHR) are secure, real-time, patient centric information resources available to clinicians (Omotosho, 2017). EHR contains information regarding patients identifying information, lab data, hospital visitations, surgeries, allergies, immunisations, vital signs, sexual preference, and physician progress reports among other relevant data. The data in EHR is quite critical and sensitive to patients and require protection by managing its access. Healthcare organizations need to protect this information by implementing measures that comply with privacy and security standards to safeguard personal health information. This information requires proper encryption to achieve privacy and security, and to enable data management by patients and clinicians to enhance workflow, timeliness and the delivery of quality healthcare services.
Healthcare Web Services are also platforms that need protection. The privacy policy related to these platform must cover every security principle. The services should be protected in a secure manner to ensure data confidentiality, integrity and availability (Al-Hamdani, 2010). Also, in order to maintain data quality, the security system should enable correction of inaccurate information. The communication flow should also be protected by implementing a communication-level security protection. This will ensure data is transported in a secure way to achieve the confidentiality, integrity and authenticity of services, users and systems. The healthcare web service must also include the consent requirement principle. The owners of personal health information (PHI) must give consent for the collection, use, retention, and disclosure of their PHI. They should also be allowed to review their information and how it is used by another party, and they are allowed to limit the release of their PHI.
Objectives of the Deployed Cryptosystems
Privacy and confidentiality is the main objective of deploying cryptosystem. Privacy is defined as the right of a person to maintain and control information about themselves and to keep the information from disclosure, interference or surveillance by other individuals, organizations and the government as well (Harman, Flite, & Bond, 2012). Information shared by patients and clients to clinicians in health organizations is considered private and confidential. This information can come in various forms, and can be stored in various media forms such as paper, electronic file or video. The cryptosystem deployed will ensure this information is protected, by upholding its privacy and confidentiality.
The cryptosystem also aims to ensure access control of this information. Controlling access of these medical records involves limiting who can see and access records, and it begins with user authorization. This requires pre-establishing role-based privileges to control user access. For instance, nurses and receptionists in the healthcare organization have different responsibilities and functions. Thus, they do not need to access the same information. Therefore, user privilege is a practical measure to ensure security of medical records, whereby users only have access to the information they require to carry out their tasks, while they are subject to accountability for any misuse of the information that they can access (Harman, Flite, & Bond, 2012).
Security of health information is another objective of the cryptosystem. Information security in health organization is fundamental according to the General Data Protection Regulation (GDPR). This act requires organizations to protect their personal data and should follow specific security guidelines when permitting access of the data to third parties (Harman, Flite, & Bond, 2012). Concerns of information security of the health information system has been triggered by the increased use of EHRs. The health records can now be accessed via mobile phones and other mobile devices. The exchange of data between clinicians, patients and other organizations has also being made easier with the use of these devices. While this is true, threats such as medical identity theft, data loss, fraud, and other cyber-attacks have become a significant problem in healthcare organizations. EHRs contain PHI that is susceptible to various cyber-attacks, where data can be hacker, altered, manipulated or destroyed by adversaries or internal users (Harman, Flite, & Bond, 2012). Internal users are employees who have access to information, and they may intentionally or accidentally manipulate or destroy data, thus causing disruptions in the health organization. These medical records need to be secured to gain the patients’ trusts thus allowing them to be forthright with the physicians. Therefore, the cryptosystem aims to provide security to the information system of the organization, to preclude the event of a cyber-attack.
Cryptographic Algorithms and Security Architectures Available
Cryptography Access Control Model
This model wholly relies on cryptography to ensure data confidentiality in the health organization servers. This model uses the access control list or the capability list that requires the identification of the authenticated identity request to access the documents. This model operates in an open network, where data is encrypted and stored in the network. The storage system is then designed to manage encrypted data. According to this model, read access rights are allowed to only the principals with symmetric keys able to decrypt the data from the server, while the decryption key should verify the signature to prove the data integrity. Write access rights are given to principals with symmetric key that can encrypt data before sending it to the server. The encryption key should also generate a signature to prove the integrity of the data. The model also provides services such as log file as the decryption key is required by the server to verify the signatures of any log entries to match the log entries with their right data files.
With this model, authorization is controlled by keys. This means that a user wishing to grant access to another entity must offer the entity a matching key. For full authorization, the user offers the entity the symmetric, public and private key. For read authorization, the user offers the entity just the symmetric and public key. Consequently, when a user issues a read request, the system returns data that is encrypted with the symmetric key associated with the file. The key is only stored on the machines of users authorized to read that file. Hence, the authorized user holds the key and is capable of decrypting the data. However, the key must be able to verify that the data being accessed is not tampered with either while on storage on in-transit. Accomplishing this requires the use of message digest, whereby when the server is servicing the user’s read request, it also returns the file’s hash that was signed with the encryption key associated with the file. This way, the user is able to create their hash, decrypt the hash sent by the server, and compare both digests. Of both hash match, then the integrity and authenticity of the data is confirmed.
The benefits of cryptography access control model are that the mechanism ensures the confidentiality of data, both in storage on in-transit. The technique also ensures data authenticity and integrity. The use of digital signatures and hash functions protects information from forgeries and spoofing, and assures the user about the integrity of the data. The mechanism also ensures non-repudiation of services to prevent disputes and disruption that can occur due to denial of data by the sender. The disadvantages of cryptographic assess control model are quite a number. A legitimate user can face difficulties while trying to access a resource that is strongly encrypted and is critical to the current task (Omotosho, 2017). This mechanism also comes at a cost in terms of money and time. These cryptographic keys require setting up and maintenance which can be quite expensive.
Public Key Infrastructure Access Control Model
Due to the dynamic nature of health organizations and the tasks performed, implementing access control can be quite difficult. The rule-based access control system used needs to be flexible to handle situations such as referrals, pre-treatment and post discharge access to data, second opinions as well as laboratory tests. One method that is often recommended is the use of public key infrastructure (PKIs) to support high level security among different medical institutions and to support and protect the transfer of medical reports, billing information and other factors. PKI simplifies and speeds up these processes and proves electronic approaches to processes that were paper-based before. PKI provides integrity and authenticity of data through binding a unique digital signature to a user and protecting the digital signature from being forged. Moreover, PKI can provide encryption services to health information to ensure privacy (Al-Hamdani, 2010). This model’s use on healthcare is limited to certification issues through payment transactions in healthcare. The model can also offer group access certification and cross-certification, non-repudiation using private key encryption, digital signatures, secure emails, software code signature, support of virtual private network, file encryption and file encryption among other traits (Al-Hamdani, 2010).
The benefits of PKI use in health organization is that it is cheaper and enhances certification and online authentication services. It offers significant benefits to e-health through its application in various e-health processes and services listed above. The model also provides passwords that are more secure. It also offers strong identity checking as well as non-interactive login. However, its processing speed of data is slowed by the use of the RSA technology.
Protection of Static Documents and Documents in Transit. Medical records and information can be exposed to risk both while at rest and while in transit. Encryption offers multiple approaches to protect data in both phases. Data in transit can be protected by the use of connections such as HTTPS, Virtual Private Network (VPN), Secure Socket Layer (SSL) and Secure Shell to protect its content. Data at rest can be protected through encrypting the files before storing them, or encrypting the storage drive. Types of encryption for data at rest are Full Disk Encryption (FDE), Hardware Security Module (HSM), Encrypting File System (EFS), and database encryption to protect structured data.
This concept introduces the need to protect health information exchange. Health information exchange is the process of health-related information sharing that is reliable and interoperable and conducted in a manner that upholds the confidentiality, security, and privacy of health information. Through encryption, the process of health information exchange is conducted in a protected way to assist in the secure collection of personal and professional report (Radhini, Ananthaprabha, & Parthasarathi, 2014).