As our healthcare systems become increasing connected and interdependent, protecting the privacy and integrity of patient data is critical. As health information exchanges (HIE), regional HIEs (RHIE) and health information service providers (HISP) become more prevalent, the importance of following best practices implementing security for the exchanging of data with external partners should be a key objective. Public Key Infrastructure, or PKI, is the technology used to ensure that healthcare data is protected while being transported between partners over the Internet.
Following are the three functions provided by PKI encryption/decryption services for the secure exchange of health care data:
- Encryption/decryption of the document being exchanged – This is the encryption of actual data being exchanged. This could include a Word document, txt note, HL7 message or JPG.
- Encryption/decryption of the transport – The transport is essentially the pipe that the data is sent over. This is the layer that would contain login information, cookies and other environment information that would otherwise be exposed if the transport were not secure.
- Verification that data received was not altered in transit – The sender of the document will generate what is called a ‘hash’ that will be included within the encrypted document that provides verification that the document was not altered.
PKI is the technology that provides the security foundation for internet-based services such as online banking and shopping. Prior to the adoption of PKI, most EDI transactions were sent through a value added network (VAN). In the “old days” before the internet, there were dial up connections where partners would exchange X12 EDI data with each other through a VAN intermediary. As the internet came of age and security technology and practices evolved, the VANs faded away much like the vinyl record and partners began connecting directly over the internet.
All of this is based around the PKI “trust” model. If Alice wants to exchange electronic documents with Bob, both parties need to establish their identities with a third party called a certificate authority, or CA. This third party CA establishes that both Alice and Bob are who they claim to be. In addition, Alice and Bob trust the CA so that by abstraction, they trust each other. Now when Alice sends a document to Bob, she also includes the credentials of her CA along with her credentials. Bob’s system will verify the validity of both Alice’s and the CA’s credentials to determine that the document was in fact sent by Alice.
When Alice sends a document to Bob, she will first generate a “hash” that is mathematically linked to the document being sent. The document and hash are encrypted and sent via an encrypted transport to Bob over the internet. When Bob receives the document and hash he will decrypt the document then evaluate the hash and verify that it matches the document received. If he hash calculated by Bob and the one provided with the document sent by Alice match then the document has not been altered.
To deliver the encrypted document from Alice to Bob there are many different mechanisms that could be used. For instance, the encrypted file could be sent via secure FTP, secure HTP or over a VPN connection. The important aspect here is that the encrypted data, when transmitted over the internet, must be sent over an encrypted transport. Each of the transports referenced above provide for encryption of the data transport. This protects any secure information that the sender may provide that is required by the receiver for authentication and authorization of access to the remote system such as password, user names and IDs.
The three key PKI elements required for enabling secure healthcare data exchange over the internet are described above and should provide a basic understanding of the core principles around PKI. While this is a high level description of encryption/decryption, a basic understanding of these components is important. If any one of these three components is omitted the security and integrity of the healthcare data being protected could be jeopardized. It can be very easy in today’s fast paced technology-driven environment to be lulled into a false sense of security by implementing a technical solution that fails to address the complete scope of the necessary requirements. At a minimum, the risks of excluding a necessary component should be understood so that the appropriate business decision can be made.