Preventing HIPAA Violations with KMIP Encryption
A Health Sector Use Case: Integrating Systems for Exchanging Information and Preventing HIPAA Violations
Over the last several weeks, we’ve been discussing different issues related to key management and the benefits of KeyNexus products. Now we want to turn to specific use cases, in which we expand on applications for these products. This week, we’re going to look at how KeyNexus can help to integrate different data sharing systems – be they newly acquired components of your organization or simply partners that operate separately – using our Unified Key Manager (UKM) and KMIP Server. More specifically, we want to look at this in the context of the health care industry. Whether you’re preventing HIPAA violations or facilitating a safe exchange of information, there are plenty of reasons for health sector employees to use our UKM.
Let’s take the hypothetical example of a regional health/hospital group (RHG) that operates five hospitals. Recently, it has acquired four more hospitals that expand its footprint across the state. In acquiring these new hospitals, RHG wants to setup an electronic health information exchange (HIE). An HIE allows for the safe, efficient and quick transfer of patient information, as well as forms of operational and public health data, between the hospitals that are part of the RHG network. The easy transferability of this information via an HIE creates operational efficiencies, increasing quality and safety while decreasing the cost of patient care. Of course, this involves the transfer of sensitive (and often legally protected) data, making security a serious concern. As we’ll touch on later, preventing HIPAA violations and data breaches needs to be a top priority in the health sector. Because of this, the RHG technology team implementing the HIE wants to encrypt the electronic health records utilizing a proprietary encryption tool. But they also need a centralized key management server to handle encryption key operations and to harmonize the communication lines between the different parts of the pre-existing technological infrastructure of each hospital.
KeyNexus takes a one-stop approach to key management. To facilitate this, our UKM has a flexible, highly adaptive architecture, with the ability to integrate encryption use cases across all apps and domains, both in the cloud or on-premise. This includes scalability and, as the organizational need for encryption key management grows, KeyNexus’ centralized approach scales alongside your needs. In this specific use case, our KMIP server allows for the simple integration of RHG’s encryption infrastructure: KMIP is a universal language for key management, which allows for compatibility between different systems, applications and clients that employ strong encryption methodologies.
Our KMIP server allows for standardized communication between all the systems in each of the hospitals that are part of the RHG network. In turn, this significantly simplifies key management and ensures a smooth interchange of encrypted data using our UKM as a centralized key manager. Our UKM also easily supports a multi-dimensional deployment environment that can include Hardware Security Modules (HSMs) as well as cloud and hybrid environments. Moreover, it would allow RHG to manage all elements of the key management lifecycle, including users, authentication, and policies, including automating nearly any key management workflow from end-to-end.
While this shows how KeyNexus can help to connect the separate environments that make-up RHG’s network and facilitate secure information exchanges of their sensitive data, within the purview of the health sector, our system has further benefits. Prime among these is its compliance with HIPAA and Hitech regulations governing data security in the health sector in the United States. HIPAA and Hitech carry penalties of between $50,000 and $1.5 million per violation. With such major penalties, preventing HIPAA violations should be a principle concern of anyone in the health industry. Fortunately, KeyNexus UKM meets strict compliance regulations, including: certification under FIPS 140-2; the ability to automate key management, thus removing humans from the equation; and easy auditing, which can allow RHG to keep up with any future changes to HIPAA and Hitech.
While we’ve used the specific example of the health sector, this use case is applicable to many other sectors and situations. For more information on how KeyNexus can fit your specific use case or industry needs, contact us or request a demo.