THE TECHNOLOGIES AND METHODOLOGIES THAT RENDER PROTECTED HEALTH

greasyservantInternet and Web Development

Jul 30, 2012 (4 years and 8 months ago)

531 views

Cerner Corporation

Confident
ial Information


Cerner Corporation. All rights reserved. This document contains confidential information which may not be
reproduced or transmitted without the express written consent of Cerner.




DEPARTMENT OF HEALTH AND HUMAN SERVICES GUIDANCE SPECIFYING THE TECHNOLOGIES AND
METHODOLOGIES THAT RENDER PROTECTED HEALTH INFORMATION UNUSABLE, INREADABLE OR
INDECIPHERABLE

CERNER GUIDANCE

AND REFERENCE MATERIALS

CERNER CORPORATION

AUGUST 28
, 2009


Introduction

................................
................................
................................
................................
..................

1

Regulatory Background

................................
................................
................................
................................
.

2

Encryption

................................
................................
................................
................................
.............

3

Destruction
................................
................................
................................
................................
............

3

A Little Perspective


To Encrypt or Not To Encrypt

................................
................................
.....................

3

Cerner Guidance and Resources

................................
................................
................................
...................

5

Where to Go For More Information or Who to Contact If Interested

................................
........................

15


Introduction


The purpose of this document is to provide an outline of technical security capabil
ities,
recommendations or reference materials for clients to consider in their use of
Cerner Millennium

whether as a local implementation managed by a client or as hosted by Cerner through CernerWorks

in
order to comply with the guidance issued by the fede
ral Department of H
ealth and Human Services
(DHHS)

Specifying the Technologies and Methodologies That Render Protected Health Information
Unusable, Unreadable, or Indecipherable to Unauthorized Individuals for Purposes of the Breach

Notification Requireme
nts” of Section 13402 of Title XII (HITECH Act) of the American Recovery and
Reinvestment Act (ARRA) of 2009


see full text of
the original
guidance
issued in April, 2009
available at
the following link
-

http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/federalregisterbreachrfi.pdf
.

The
guidance was updated in the interim final rule for breach notification from electronic health
records
issued by DHHS on August 19, 2009. The updated guidance may be found in Section II of that rule
available at
http://www.federalregister.gov/OFRUpload/OFRData/2009
-
20169
_PI.pdf
.
The scope of this
Cerner Corporation

Confident
ial Information


Cerner Corporation. All rights reserved. This document contains confidential information which may not be
reproduced or transmitted without the express written consent of Cerner.




white paper are those technical computing infrastructure components that Cerner hosts, installs or
provides guidance on as to installation and maintenance for local client managed installations.
These
materials
are provided for
consideration by clients in their efforts to secure electronic personal health
information in compliance with the

safe harbor

requirements of the federal Breach Notification rules
under the H
ITECH provisions of ARRA

2009

as specified by the DHHS guidance d
ocument.



Regulatory Background


Under the Breach Notification rules for breach of electronic Personal Health Information (ePHI)
developed by the Federal Trade Commission (FTC) for Personal Health Records (PHRs) and by the
Department of Health and Human
Services (DHHS) for Electronic Health Records under ARRA 2009,
there is a safe harbor available to regulated entities/covered entities directly subject to the notification
requirements of both rules. The safe harbor is available to those affected entities
subject to regulation
to be exempt from breach notification requirements if any ePHI under the control of those entities has
been appropriately secured by technical security measures specified by DHHS. DHHS developed their
initial guidance for appropriate
technical security measures in April 2009. In that guidance,
DHHS
focused on the following key points



o

The guidance focuses on the appropriate technical security measures HIPAA covered
entities and business associates along with PHR vendors, PHR related
entities and third
party service provides can follow to ensure that they are appropriately securing
electronic personal health information that they may collect, record, store, access, use,
maintain, dispose, transmit or otherwise process, use and disclose

o

If an entity follows the guidance, they can avoid breach notification requirements for
unauthorized acquisition, access, use or disclosure of electronic PHI as is subject to rule
making by HHS (for HIPAA covered entities and business associates) and the F
TC (for
PHR vendors, PHR related entities and third party service providers)

o

The guida
nce focuses on data at rest,
data in transit

and proper disposal of data

o

The guidance suggests encryption is required for data at rest and data in transit

o

The guidance o
utlines requirements for proper disposal and destruction of hardcopy
and soft media types that contain or are produced from electronic PHI


The guidance distinguishes particular states or conditions during which PHI can be vulnerable to a
breach including:



Data in motion (moving through a network including wireless transmission)



Data at rest (resident in databases, file systems and other structured storage methods)



Data in use (data in the process of retrieval, update, creation or deletion)

Cerner Corporation

Confident
ial Information


Cerner Corporation. All rights reserved. This document contains confidential information which may not be
reproduced or transmitted without the express written consent of Cerner.






Data disposed (d
iscarded paper records or recycled electronic media)


The guidance focuses on methods of encryption and destruction for data in motion or data at rest.

Encryption



Encryption under the HIPAA Security rule is described as use of an algorithmic process to
tra
nsform data into a form in which there is a low probability of assigning meaning without use
of a confidential process or key, and such confidential process or key that enables decryption
has not been breached.

o

Valid encryption for data at rest is consiste
nt with NIST Special Publication 800
-
111,
Guide to Storage Encryption Technologies for End User Devices

o

Valid encryption for data in motion complies with Federal Information Processing
Standard (FIPS) 140
-
2 including as appropriate those contained in NIST
Special
Publication s 800
-
52,
Guidelines for the Selection and Use of Transport Layer Security
(TLS) Implementations
and 800
-
77,
Guide to IPsec VP
Ns or 800
-
113,
Guide to SSL VPNs.

Destruction



Destruction includes disposal of media on which PHI is stored in

the following ways:

o

For paper, film or other hard copy media


shredding or destruction in such a way that
the PHI cannot be read or otherwise reconstructed

o

For electronic media that has been cleared, purged or destroyed


by a means
consistent with NIST
Special Publication 800
-
88,
Guidelines for Media Sanitization

A Little Perspective


To Encrypt or Not To Encrypt


Encryption under the original HIPAA Security rule is an “addressable” requirement, and
DHHS is clear in
their updated guidance issued on Augu
st 19 that the guidance does not change the status of encryption
as an addressable requirement. DHHS also was clear in stating that an entity can comply with the HIPAA
Security rule without implementing encryption. Compliance with the technical security gu
idance issued
by DHHS for safe harbor purposes under the Breach Notification rules is voluntary for the purpose of
regulated entities under those rules being able to qualify for the safe harbor.
Cerner recommends that
clients give serious thought about how

to apply the technical security guidance to their operating
situation. Cerner does not recommend clients immediately leap to the conclusion to “encrypt
everywhere”, but to evaluate encryption in light of their own security risk assessment. The original
HI
PAA Security rule offers this guidance relative to addressable requirements

(See text of the Security
Rule at 45 CFR Parts 160, 162 and 164 [CMS
-
0049
-
F] III.A.3)



final Security rule can be accessed at
http://www.cms.hhs.gov/SecurityStandard/Downloads/securityfinalrule.pdf
:

Cerner Corporation

Confident
ial Information


Cerner Corporation. All rights reserved. This document contains confidential information which may not be
reproduced or transmitted without the express written consent of Cerner.




“In meeting standards that contain addressable implementation specifications, a covered entity will
ultimately do one of the following:

(a)

Implement one
or more of the addressable implementation specifications;

(b)

Implement one or more alternative security measures;

(c)

Implement a combination of both;

(d)

Not implement either an addressable implementation specification or an alternative security
measure


In all case
s, the covered entity must meet the standards, as explained below. The entity must decide
whether a given addressable implementation specification is a reasonable and appropriate security
measure to apply within its particular security framework. This deci
sion will depend on a variety of
factors, such as, among others, the entity’s risk analysis, risk mitigation strategy, what security measures
are already in place, and the cost of implementation. Based on this decision the following applies:

(a)

If a given add
ressable implementation specification is determined to be reasonable and
appropriate, the covered entity must implement it.

(b)

If a given addressable implementation specification is determined to be an inappropriate and/or
unreasonable security measure for th
e covered entity, but the standard cannot be met without
implementation of an additional security safeguard, the covered entity may implement an
alternate measure that accomplishes the same end as the addressable implementation
specification. An entity tha
t meets a given standard through alternative measures must
document the decision not to implement the addressable implementation specification, the
rationale behind that decision, and the alternative safeguard
implemented to meet the
standard.

(c)

A covered en
tity may also decide that a given implementation specification is simply not
applicable (that is, neither reasonable nor appropriate) to its situation and that the standard can
be met without implementation of an alternative measure in place of the address
able
implementation specification. In this situation, the covered entity must document the decision
not to implement the addressable specification, the rationale behind that decision, and how the
standard is being met.”


Cerner expects that clients will un
dertake risk assessments as required by the HIPAA Security Rule, and
especially in light of the breach notification requirements that are in place under the rule making to
implement those provisions of ARRA 2009
, make their decisions on encryption as i
nfor
med by the
security risk assessment each client should be performing. That risk assessment should highlight risk
areas that warrant encryption to be considered for particular segments or component areas of the
overall technical computing environment. Cerne
r also encourages clients to think in terms of what
makes sense given the costs and benefits of encryption when the relative risks are identified across
Cerner Corporation

Confident
ial Information


Cerner Corporation. All rights reserved. This document contains confidential information which may not be
reproduced or transmitted without the express written consent of Cerner.




different parts of the computing environment based on the risk of theft or loss of data. Those risks ar
e
going to be significantly higher for end user computing, mobile devices, removable media for download
of electronic data in the hands of end users and patients and for remote access to the electronic health
record by physicians and other users.

Cerner a
lso appreciates that should the unfortunate circumstance of a breach of privacy occur that
involves the theft, loss or unauthorized access and acquisition of ePHI, the expectation by both HHS and
the FTC will be that corrective and preventive action be tak
en appropriate to the manner and nature of
the breach. This still may not mean “encryption everywhere” without due recognition of other technical
security measures a client may undertake, but it does at least mean that the lesson should be learned
relative

to any other similar vulnerabilities a regulated or covered entity may have and that manner of
breach should be prevented in the future for the particular kind of breach experienced.

Cerner
Guidance

and Resources


Cerner has worked to identify available m
aterials from Cerner and non
-
Cerner sources to help clients
assess their current deployments of
Cerner Millennium

whether locally installed and managed by clients
or as hosted by Cerner through CernerWorks.

The table below breaks out the various aspects o
f the technical computing infrastructure typically
involved in the day to day production use of
Cerner Millennium

and supporting storage systems

where
data may be stored or data may be communicated and in transit. The capabilities are summarized and
refere
nce links provided to reference documents or materials that explore those capabilities more fully.

AREA

SUMMARY OF CAPABILITY

REFERENCE MATERIALS

CernerWorks
Hosted
Client
Production
Domains

CernerWorks provides clients with
guidance on HIPAA Security rul
e
requirements and the measures
taken within its operations to assure
the security and integrity of ePHI.
The reference materials provided
represent a matrix of those
requirements and measures
followed including for relevant
requirements such as transmissi
on
security, system backup, physical
security and other measures.

http://my.cerner.com/org/CernerWorks/KM/Ctr
lDocs/Documents/Standard_H
IPAA_Security_Re
sponse
-
18WP000010.pdf


Middle Tier


Cerner’s middle tier consists of
h瑴p:IIw睷⹣敲湥爮comIm敭b敲猯C敲湥牟3⹡獰
Cerner Corporation

Confident
ial Information


Cerner Corporation. All rights reserved. This document contains confidential information which may not be
reproduced or transmitted without the express written consent of Cerner.




AREA

SUMMARY OF CAPABILITY

REFERENCE MATERIALS

Ports,
Network
Protocols and
Services used

services that are configured
particular to the ports and protocols
Cerner Millennium


application
s
make

use of for normal op
eration

to
manage requests and replies
between the end user application
and the database
. Cerner uses a
common service architecture and
configuration that
most application
services share. These services are
configured to use specific ports and
protocols, a
nd registered recognized
services authorized to converse with
the backend.

Aside from shared
services, s
pecific configurations are
used for
other services such

as
multi
media services, print services
,
system integration services, medical
device services

or
drug information
database services
.
Each of these
services
is

also configured to use
specific ports and specific protocols.

?id=25213


Reference mat
erials on this web page available
on cerner.com cover configuration guidance for
services related to shared services, print
services, MQ and other middle tier components.
Within each guide, the system settings for
definition of protocols and minimal privil
eges for
running the service is addressed.


http://www.cerner.com/clientresources/cmsgs/
details.aspx?SolnID=267&ReleaseID=5&TypeID=
1


Reference materials

on this web page available
on cerner.com cover configuration guidance for
application servers that utilize shared services.
Within each guide, the system settings for port
and privilege requirements are discussed.

Middle Tier


啳攠o映
坥b印h敲攠
J慶愠卥av
敲e

坥b獰s敲e⁊慶愠S敲e敲猠慲攠u獥搠
景爠慰r汩捡瑩on⁳敲e敲猠睩瑨楮
䍥牮敲C
M楬汥ln極m
⸠周攠s敲e敲猠獵ppo牴ru獥
o映fomp汩慮琠汥v敬ef⁓散 牥r卯c步t
L慹ar
卓L⤮
印散楦楣⁳散畲etX
m慴敲楡e猠畳敤s景爠坥b印h敲攠Jav愠
卥牶S牳⁡牥⁡ 慩a慢l攠楮⁴he
To捵c敮瑳e汩nke
T⁴o⁩渠瑨攠
剥晥牥r捥cco汵mn

坁P⁶7⁓散畲 瑹 䝵楤攠
h瑴p:IIw睷⹲敤eoo歳⹩km.捯mI慢s瑲慣瑳I獧247
660⹨瑭l

坁P⁶6⸱.S散畲e瑹⁈慮Tboo欠
h瑴p:IIw睷⹲敤eoo歳⹩km.捯mI慢s瑲慣瑳I升246
316⹨瑭l



M楤T汥⁔i敲e


啳攠o映
坥b獰s敲e


印散楦楣⁳e捵c楴i ma瑥物r汳lu獥搠景爠
坥b獰s敲e⁍儠
睨楣w⁩ ⁵ 楬楺敤⁢礠
䍥牮敲CM楬汥ln極m
’s application
獥牶楣敳e
慲攠av慩a慢汥⁩渠瑨攠
To捵c敮瑳e汩nk敤⁴o⁩渠瑨攠
R
敦e牥r捥cco汵mn
⸠.M儠獵ppo牴猠
瑨攠畳攠o映卓L.

WebSphere MQ Security

http://publib.boulder.ibm.com/infocenter/wmq
v6/v6r0/topic/com.ibm.mq.csqzas.doc/sy
10120_
.htm


Enabling SSL in an existing WebSphere MQ
cluster

http://www.ibm.com/developerworks/websphe
Cerner Corporation

Confident
ial Information


Cerner Corporation. All rights reserved. This document contains confidential information which may not be
reproduced or transmitted without the express written consent of Cerner.




AREA

SUMMARY OF CAPABILITY

REFERENCE MATERIALS

re/library/techarticles/0608_vanstone/0608
_van
stone.html



Planning for SSL on the WebSphere MQ
network

http://www.ibm.com/developerworks/websphe
re/techjournal/0901_mismes/0901_mismes.htm
l


End Use
r
Computing


卥獳楯n
M慮慧em敮e

䍥牮敲⁵獥猠䍩瑲s砠景爠獥s獩on
m慮慧em敮e⁦ ro獴⁰ 牰o獥猠fo爠
晲fn琠敮e⁣ompu瑩tg


䍩瑲C砠敮慢汥猠
捯mp汩慮琠m整hoT猠o映f敳獩on
敮捲祰瑩on
汥v敲慧楮g⁓卌
to⁰牯瑥c琠
p慴楥湴⁤慴a⁴h慴a楳⁢敩 g⁡捣c獳敤e
慮T⁰牥獥湴敤 睩瑨楮

瑨攠enT⁵獥爠
獥獳楯n
.

䥮景牭a瑩tn on⁴h攠u獥映䍩瑲C砠慮T⁓散畲 瑹
䍯n獩s敲慴eon猠so爠卥獳楯n M慮慧em敮琠maX⁢
景unT⁡

h瑴p:IIw睷⹣敲湥爮comIm敭b敲猯C敲湥牟3⹡獰
?楤㴲5232


䝥湥牡G⁲敳eu
牣攠楮fo牭慴aonn⁴h攠S散畲e瑹
捡c慢楬楴楥猠睩瑨tn⁃楴物 慹ab攠founT⁡


h瑴p:IIw睷⹣.瑲楸⹣omI䕮E汩獨⽓匯獵spo牴周楲T.
慳a?獬sM㴱62512&瑬䥄t162513



䕮E⁕獥爠
䍯mpu
瑩tg


Mob楬e
Mev楣敳

䙯爠灡瑩敮琠T慴愠瑨慴tmaX⁢攠獴o牥搠
on mob楬e
or⁰ 楮琠o映捡牥c
T敶楣i猠
牥捯mm敮e敤⁦o爠畳攠睩瑨
䍥牮敲C
M楬汥ln極m

Mob楬攬e瑨攠摥v楣敳
獵spo牴ru獥f⁓卌Ⱐs散畲攠坩䙩
p牯瑯捯汳
敳e散楡汬X⁦ r⁗M5+
T敶楣i猩Ⱐlo捫co睮wm敮e猠瑯
p牥r敮e⁴
amp敲楮g⁡湤⁥nc特灴楯n
o映灡瑩敮琠摡瑡⁴h慴amaX⁢ ⁳ or敤e
on⁴he⁤敶i捥⸠周T琠T慴慢a獥s楳i
敮捲祰e敤⁵獩ng⁡ h慲a⁣oT敤eX
慮T⁡ 䝕GM⁴h慴a捡cnlX⁢攠
慣捥獳敤⁵獩ng⁴h攠us敲湡m攠慮T
p慳獷a牤 慰p牯p物rt攠fo爠rh攠T敶i捥c
瑯⁵ 敮捲Xp琠瑨攠晩汥⁴h慴acon瑡楮猠
瑨攠䝕tM⸠䅅.⁳瑡湤慲a⁥n捲cp瑩on
楳⁵獥i⁴o⁥n捲cp琮

卥捵S楴i 䍯n獩s敲e瑩tns⁦ r
䍥牮敲CM楬汥ln極m

Mob楬e⁡牥 慶慩a慢汥⁩渠瑨 景汬o睩湧楮欠
-

h瑴p:IIw睷⹣敲湥爮comIm敭b敲猯睥b晩f敤o睮w
o慤⹡獰?楤=1232♣m獧䥄=24107♣m彩_㵁=001
001䄰6䈱5B52404䄶1421


卥捵S楴i 䍯n獩s敲e瑩tns⁦ r⁵獥 o映坩f敬敳e⁌o捡氠
䅲敡eN整睯r歳k(坌䅎猩⁡ 攠cov敲敤⁩e⁴h攠
景汬o睩湧楮欠




h瑴p:II歲灲o01IA捴conIMoc䙲慭攮慳e?䙎㴳3174


剥Rov慢汥l
M敤ea

䍥牮敲⁤o敳eno琠T楲散elX⁰ ov楤e
gu楤慮捥c景爠row⁴o m慫a u獥sof
P牥r敮瑡瑩on⁧ v敮⁡琠瑨攠2008⁃䡃 on
敮捲祰瑩on o映fPH䤠Io睮汯慤敤⁴漠䍄
u獩sg
Cerner Corporation

Confident
ial Information


Cerner Corporation. All rights reserved. This document contains confidential information which may not be
reproduced or transmitted without the express written consent of Cerner.




AREA

SUMMARY OF CAPABILITY

REFERENCE MATERIALS

removable media for download of
ePHI such as to a CD
-
ROM or to a
thumb drive. Cerner is looking at
develo
pment of guidance in this
area, but commercially available
packages can be used to encrypt
files stored to removable media with
appropriate password protections to
secure access to the encrypted files.
One such method was presented at
the 2008 Cerner Healt
h Conference
by UPMC which is available in the
Reference Materials column.

Medical Record Publishing)




h瑴p:
IIw睷⹣敲湥爮comIpub汩振䍥牮敲弳⹡獰?楤
㴳2432


卹獴em
䉡捫異

M慮X⁢慣歵k⁳ 獴sm猠桡ve
敮捲祰瑩on⁣慰慢楬楴楥猠sv慩污l汥l
p牯v楤敤e慤T楴楯n慬⁢慣歵k
m慮慧em敮e⁳ s瑥m moTu汥猠lh慴
敮慢汥⁥n捲Xp瑩on⁡牥 慣au楲敤⁡湤
p污捥搠楮瑯⁵獥⸠ 敲湥爠灲ov楤敳e
慣捥獳⁴
o⁲ f敲敮捥慴a物慬猠晲am
p慲瑮敲猠汩k攠噥物瑡猠慮T⁉ M
fo爠
呩To汩⁓ o牡r攠M慮慧敲e⁴h慴a楮捬cT攠
To捵c敮瑡瑩on on⁴h敳攠晥慴畲敳e

䥦I
瑨攠摡瑡⁢t捫異⁰ X獩捡slX 汥慶e猠
瑨攠摡瑡t捥湴敲Ⱐ䍥牮敲e
牥捯mm敮e猠瑨慴⁣汩敮瑳econ獩s敲e
u獥sof⁥n捲Xp瑩tn 捡c慢楬楴i敳

瑨慴
m慹⁢攠p牥獥湴s楮 瑨攠t瑯r慧攠
m慮慧em敮e⁳ 汵瑩on⸠.敲n敲e慬獯
敭ph慳楺敳⁡灰牯p物rt攠hanT汩ng映
瑨攠tn捲Xp瑩oneX猠慬so⁢e
慤T牥獳rT⁳o⁴ha琠瑨tX⁡ 攠牥慤楬X
慶慩a慢汥⁩渠瑨攠ta獥so映f⁲ 獴sr攮e
䕮捲祰瑥搠扡捫異猠s慮no琠b攠
牥獴o牥搠睩瑨wut⁴h攠敮捲
Xp瑩tn敹.
䥦⁢慣歵a猠慲s⁳ o牥搠rhX獩捡s汹l楮⁡
獥su牥rv慵汴lo爠r瑯r慧攠慲e愠a楴i楮
瑨攠摡瑡t捥湴敲Ⱐ䍥牮敲etXp楣慬汹l
牥捯mm敮e猠瑨慴⁣汩敮瑳epl慣攠
牥汩rn捥con⁴he⁰ X獩捡s⁳ cu物瑹Ⱐ
汥慳琠慣捥cs⁰物v楬敧敳efo爠rX獴sm
Materials for Cerner’s Storage System Partners is
慶慩a慢汥l瑨牯ugh⁴he⁦ 汬o睩湧楮欠




h瑴p:IIw睷⹣敲湥爮comIm敭b敲猯C敲湥牟3⹡獰
?楤㴲61



Cerner Corporation

Confident
ial Information


Cerner Corporation. All rights reserved. This document contains confidential information which may not be
reproduced or transmitted without the express written consent of Cerner.




AREA

SUMMARY OF CAPABILITY

REFERENCE MATERIALS

administrators responsible for the
s
torage and strong authentication
for access to the storage vault as the
primary means of securing backups.
Encryption may be considered, but
may not be necessary if the tapes
are kept under a high degree of
control such that theft or loss is
strongly mitig
ated short of
necessitating the use of encryption.

Image
Archive

CareAware MultiMedia Archive
(CAMM) is typically contained on a
secure Local Area Network (LAN).
For objects transferred to the
archive, DICOM based storage
supports encryption in transit. For
non
-
DICOM images, SSL can be
enabled for tr
ansactions inbound,
but it is up to the source to send the
image inbound as encrypted. Short
term storage of the images for a
temporary cache is typically on the
client SAN space (see discussion of
SANs below), and not controlled by
CAMM. For permanent sto
rage
within CAMM, the storage is
typically a slower SAN than the
cache, and is not encrypted. For
sending objects to consuming client
applications, if the consuming
application is a Cerner viewer, it has
the ability to be SSL encrypted in
transit. Non
-
DICO
M transmissions
can also use SSL encryption
depending on the consumer
application and how the data is
requested. The object backups are
typically done to tape and backup
SANs via 3
rd

party technologies such
as TSM. Many of these technologies
support encryp
tion (See SAN

Cerner Corporation

Confident
ial Information


Cerner Corporation. All rights reserved. This document contains confidential information which may not be
reproduced or transmitted without the express written consent of Cerner.




AREA

SUMMARY OF CAPABILITY

REFERENCE MATERIALS

discussion below). Deletions are
made both from the permanent
storage and the cache. For any
entities to communicate with
CAMM, CAMM uses node
configuration or username
configuration, and all
communication is audited.


Business
Objects

(Po
werInsight
)

Business Objects is typically
contained on a secure Local Area
Network (LAN). Business Objects has
a proprietary security layer for
authentication and authorization.


Business Objects report output is
stored in a Business Objects file type
that

is proprietary.


These files can
be viewed, but the data is
obfuscated.


In addition, Business
Objects can be configured to purge
all reports so that no data is stored
in the report file and forcing the
user to “Refresh on open” which will
慰p汹l慮X 數瑲
a⁳ 捵c楴X⁡ p汩敤⁡琠
牥灯牴敶敬⁡湤⁲e
-
牵n⁴h攠牥灯牴r


周楳⁡汬ev楡瑥i⁴h攠po獳楢楬楴Xf⁡
u獥爠op敮eng⁡渠數楳瑩tg⁲ po牴r慮T
獥s楮g⁤慴愠晲om⁡⁰牥 iou猠
數散畴eon.


䅳⁦ r⁲ po牴r數po牴r
景牭慴猠瑨慴⁡t攠PM䘬F䕸E敬Ⱐe爠䍓r
晩f敳Ⱐ瑨t獥s睯u汤⁢  ⁤
f晥牥湴f
瑨慮⁣on瑲o汬楮g⁡ p物rt敤⁲数e牴r


䙯爠r敢⁳erv楣敳ⰠT慴a⁣慮 b攠
捡捨敤⁴o⁳灥敤⁥硥捵瑩on.⁔o
慬a敶楡i攠con捥牮cn 瑨攠t慣a攬e瑨t
op瑩tn⁴o⁵獥 捡捨攠捡c⁢攠瑵牮敤e
o晦f


䉵獩s敳猠佢橥捴猠楳spl慮n楮g⁴o
敮捲祰琠瑨敳t⁣慣a攠晩f敳⁩渠瑨攠湥硴
m慪o
爠牥r敡獥
牥r敡獥 4⸰⤠數p散e敤e
楮⁦楲獴 h慬a o映f010.


H敡汴桥⁈eb
Cerner’s Healthe Hub supports
䥮景牭a瑩tn on⁴h攠conn散瑩t楴X⁡湤⁳ 捵c楴i⁦ r
Cerner Corporation

Confident
ial Information


Cerner Corporation. All rights reserved. This document contains confidential information which may not be
reproduced or transmitted without the express written consent of Cerner.




AREA

SUMMARY OF CAPABILITY

REFERENCE MATERIALS



呲慮獡s瑩tn
卥牶楣Ss

瑲慮獡捴son⁳ rv楣i猠so爠䡉P䅁⁅M䤠
獴慮s慲a⁴牡r獡捴son猬⁦o爠
捯nn散eion⁴o 敬散瑲tn楣⁰ 敳e物r楮g
n整wo牫猠慮T⁦ 爠o瑨敲epurpo獥猠


瑨攠tonn散eion猠so爠rr慮獡s瑩tg⁡牥
p牯瑥c瑥T⁢X⁵獥 o映獥su牥 䙔F
獥牶楣敳e慮T⁢X⁳ 捵c攠net睯牫
瑲慮獭楳獩on猠畳楮g⁣omp汩慮琠
瑲慮獭楳獩on⁳散畲etX
攮e⸠呌匩

T慴愠aommun楣慴ion⁦o爠䡉P䅁⁅M䤠楳⁣ov敲敤⁩e

瑨攠景汬o睩湧

h瑴p:IIw睷⹣敲湥爮comIm敭b敲猯睥b晩f敤o睮w
o慤⹡獰?楤=1232♣m獧䥄=29981♣m彩_㵁=001
001䄰7䘰6䈰1005M09072


䥮景牭a瑩tn on⁴h
攠conn散瑩t楴X⁡湤⁳ 捵c楴i⁦ r
T慴愠aommun楣慴ion⁦o爠rl散eron楣⁰i敳捲楢楮g⁩猠
捯v敲敤⁩e 瑨攠to汬o睩湧
-


䉡捫BnT⁡湤
M慴慢ase

周攠b慣a敮e⁦ r
䍥牮敲⁍楬汥ln極m

m慩a瑡楮敤⁩e 佲慣汥⁩猠u獵慬aX
m慩a瑡楮敤⁩e⁡⁰ X獩捡s⁣ompu瑩tg
敮e楲潮m敮琠瑨慴⁩猠瑩th
瑬X
phX獩捡s汹ls散畲攬⁩猠pro瑥捴敤⁢礠愠
T敤e捡瑥T⁦楲敷慬aⰠ灲ot散e敤⁢礠
n整wo牫⁳敧e敮瑡瑩onⰠ獵H橥j琠瑯
汥慳琠慣捥cs⁰物v楬敧敳efo爠rX獴sm
慤m楮楳瑲慴o牳r慮T⁡捣e獳sb汥n汹
bX⁤慴慢慳a⁳ rv敲e⁴h慴a瑲慮獡捴s
on汹l睩瑨⁲敧楳瑥r敤⁡灰汩c慴楯n
獥牶敲献⁁琠
pr敳ent⁴h攠bac步nT⁩猠
no琠敮捲cpt敤e⁃ 牮敲⁩猠con獩s敲楮g
捡c慢楬楴楥猠p牥r敮琠楮e佲慣汥‱1

瑨慴
睯u汤⁵獥⁡摶慮 敤
䥮癩獩b汥⤠
敮捲祰瑩on⁷h楣i wou汤⁡汬o眠
䍥牮敲CM楬汥ln極m 慰p汩捡c楯n猠so
b攠慢汥⁴o⁲敡搠瑨e⁤慴愬⁢u琠p牯t散e
瑨攠摡瑡⁦tom⁴h敦e o爠ro
獳s⡥⹧⸠.


瑲慮獩琠so⁡⁰ X獩捡slX⁳ p慲慴a
b慣歵a⁳ o牡r攠晡捩汩瑹)Ⱐ䍥牮敲e楳i
敶慬a慴楮g⁴h楳

敮捲Xp瑩tn

捡c慢楬楴i
景爠
楴i⁩ pa捴con⁳X獴sm
p敲景rm慮捥⁡湤⁳ s瑥m⁵獥⸠䅴s
p牥獥n琬tno⁤ 捩獩cn⁨慳⁢ 敮慤攠
瑯⁰ o捥敤⁷i瑨⁡捴楮g on u獥sof⁴h楳i
捡c慢楬
楴i.

䥦⁥I捲cp瑩on⁩猠u瑩汩z敤⁩e
瑨攠十t
獥攠b敬ow⤬)瑨t琠c慮⁳ 牶攠
瑯 m楴楧慴攠瑨攠n敥T⁴o⁥nc特灴r瑨t
T慴慢a獥s楴i敬昮


剥Rot攠
剥灯牴⁡湤
䍥牮敲⁳異por瑳tus攠of⁦慸 b慳敤a
瑲慮獭楳獩on⁩渠捵 r敮琠e瑡t攠
䍬C敮琠晡捩湧⁲敦e牥湣攠m慴敲楡e猠so爠rhe⁃ 牮敲
䥮瑥牣r慮g攠慲a⁵ T敲eTev敬epm敮琮eM慴敲楡e猠
Cerner Corporation

Confident
ial Information


Cerner Corporation. All rights reserved. This document contains confidential information which may not be
reproduced or transmitted without the express written consent of Cerner.




AREA

SUMMARY OF CAPABILITY

REFERENCE MATERIALS

Fax
Distribution
Services

Remote Report Distributi
on (RRD)
for distribution of clinical reports,
prescriptions and other
communications. The distribution
via this means relies on a dedicated
phone line for transmission of a
named file to the remote recipient
device. Cerner is moving away from
this technol
ogy to use the Cerner
Interchange as supported by the
Healthe Message Center to provide
a secure transport to send
information outside the provider
entity. The recipient is provided a
web application to access the
distributed material so they can be
printe
d on demand. The material
that is distributed is secured using
SSL
within the Healthe Message
Center’s mail server.

景爠剒M⁡ 攠av慩a慢汥⁡琠
h瑴p:IIw睷⹣敲湥爮comIm敭b敲猯睥b晩f敤o睮w
o慤⹡獰?楤=1232♣m獧䥄=29749♣m彩_㵁=001
001䄰7䔱6B23052䄹8983
.


剥Rot攠P敢e
䅣捥獳

Po睥牣r慲琠併瑲敡捨⁩e⁡ 慩a慢汥⁦
or
u獥sbX⁣ommun楴i⁢慳敤⁰hX獩捩sn猠
慮T瑨敲t⁦ r⁡捣敳猠to 捬cn楣慬
楮景牭a瑩tn m慤e⁡ 慩a慢汥⁶楡⁴h攠
睥b⸠.o睥牣r慲琠併瑲敡捨⁳異po牴猠
u獥sof⁓卌 汥v敲慧敤⁴桲ough⁴h攠
坥b獰s敲e‶⸱.砮⁉x景rm慴aonn
瑨t猠楳sav慩a慢汥⁴hrough⁴h攠䍍升
景爠Po睥牣r慲琠O
u瑲敡捨⁡猠湯t敤⁩e
瑨攠t敦敲敮e攠M慴a物rl猠so汵mn.

啳攠o映卓L⁢X Po睥牣r慲琠併瑲敡捨

h瑴p:IIw睷⹣敲湥爮comIm敭b敲猯睥b晩f敤ow

o慤⹡獰?楤=1232♣m獧䥄=24049♣m彩_㵁=001
001䄰6J24䈳4319M37976⍤づ1537


Mo睮瑩m攠
䅣捥獳

䅣捥獳A瑯⁥PH䤠楳⁦慣楬I瑡t敤⁴h牯ugh
Po睥牣r慲琠Lo捡c⁁捣 獳
P䍌䄩A⁆ r
汥l慣a PCL匬⁴桥⁰慴楥湴⁤慴愠楳
already encrypted at the desktop.
To be able to access th
e data, the
password for the view itself must be
broken. The client maintains these
passwords. For 724Access Level 1,
a full copy of the Cerner
Cerner
Millennium

database is used that is
typically housed in a client data
center or by CernerWorks. The
data
base itself is not encrypted. For
PCLA Reference materials

are pending update
for the replacement strategy discussed in the
previous column.

Cerner Corporation

Confident
ial Information


Cerner Corporation. All rights reserved. This document contains confidential information which may not be
reproduced or transmitted without the express written consent of Cerner.




AREA

SUMMARY OF CAPABILITY

REFERENCE MATERIALS

724Access Level 2 which will be
PCLA’s replacement strategy, the
passwords used to access the
solution will be encrypted.
For the
patient data that resides on the PC,
Cerner is rolling out encryption using
FreeOTFE (3
rd

pa
rty software) to
encrypt the data. This is targeted to
start in September 2009.
Until that
rollout is available to a given client
,
Cerner recommends clients consider
use of hardware based encryption of
the MySQL database

on the PC
.

Storage Area
Networks
(SANs)

Cerner does not
usually recommend
encryption within Storage Area
Networks (SANs), but t
here are
encryption technologies both with
the Storage A
rea Networks (SAN)
and Storage arrays to perform
hardware based encryption from
those technologies
.


Encryption for
data at rest in a backend database
or for data in transit for a variety of
uses is available at the SAN switch or
fabric, through storage ar
rays,
virtual tape libraries and physical
tape libraries and drivers and for
storage media. SAN/Storage based
does not provide end to end
encryption but affords protection
for what is managed within the
SAN/storage zone. For clients who
would consider use
of SAN based
encryption, the management data
(e.g. passwords, encryption keys,
etc) must be appropriately
protected as well. Most SANs use
secure protocols like HTTPS to
administrative management of the
storage system. Proper key
management allows for
main
tenance of the encryption keys
and for decrypting of the data as
IBM Tivoli Storage Manager (TSM)

TSM feature overview (including security
features like encryption, dat
a shredding, etc):

ftp://ftp.software.ibm.com/common/ssi/pm/sp/
n/tsd03066usen/TSD03066USEN.PDF


TSM administration guide (including detailed
discussions of the TSM se
curity features):

http://publib.boulder.ibm.com/infocenter/tsmin
fo/v6/topic/com.ibm.itsm.srv.doc/b_srv_admin_
guide_aix.pdf


Symantec (Ver
itas) NetBackup

NetBackup feature overview:

http://eval.symantec.com/mktginfo/enterprise/f
act_sheets/b
-
netbackup_6.5.4_DS_12995286.en
-
us.pdf


Net
Backup Security and Encryption Guide:

http://ftp.support.veritas.com/pub/support/pro
ducts/NetBackup_Enterprise_Server/290226.pdf



Here are some links/
references for the
SAN/storage paragraph:


SAN Security Links

NetApp (DeCru) DataFort:

http://www.netapp.com/us/products/storage
-
security
-
systems/datafort/

Cerner Corporation

Confident
ial Information


Cerner Corporation. All rights reserved. This document contains confidential information which may not be
reproduced or transmitted without the express written consent of Cerner.




AREA

SUMMARY OF CAPABILITY

REFERENCE MATERIALS

needed and should be part of any
security management procedures
for the storage syste
m.


Brocade Encrypti
on SAN Switch:

http://www.brocade.com/products
-
solutions/products/switches/product
-
details/encryption
-
switch/index.page


Cisco Storage Me
dia Encryption:

http://www.cisco.com/en/US/prod/collateral/ps
4159/ps6409/ps6028/ps8502/product_data_she
et0900aecd8068ed59.pdf


Stora
ge Array Security Links

IBM DS5000 and DS8000 (encryption performed
at drive level):

http://www.ibm.com/common/ssi/rep_ca/8/89
7/ENUS109
-
188/ENUS109
-
188.PDF

http://www.seagate.com/docs/pdf/whitepaper/
tp565_drive_trust.pdf


HP XP20000 and XP24000 (encryption
performed at processor level):

http://h71028.www7.hp.com/ERC/downloads/4
AA2
-
2629ENW.pdf


EMC Symmetrix:

http://www.emc.com/collateral/hardware/data
-
sheet/c1005
-
dmx
-
series
-
ds.pdf


Key Manag
ement Links

NetApp Lifetime Key Management:

http://www.netapp.com/us/products/storage
-
security
-
systems/lifetime
-
key/


IBM Tivoli Key Lifecycle Manager:

http://www
-
01.ibm.com/software/tivoli/beat/10212008.htm
l?ca=tivolid2w&me=web&met=feature&P_Site=
current


HP StorageWorks Secure Key Manager:

http://h18006.www1.hp.com/products/storage
Cerner Corporation

Confident
ial Information


Cerner Corporation. All rights reserved. This document contains confidential information which may not be
reproduced or transmitted without the express written consent of Cerner.




AREA

SUMMARY OF CAPABILITY

REFERENCE MATERIALS

works/secure_key/index.html



CareAware
MDBus

CareAware MDBus stores
identifiable personal health
information within a database that
is customa
rily deployed on a private
network for the purpose of
preserving patient to device
associations so that appropriate
associations can be preserved
historically with patient context
enabled. The device specific data
and the patient to device association
are
stored in distinct databases. For
data in transit between the device
and the bus, the transport is
protected by SSL 2.0, and any client
application consuming the data
through the bus can be similarly
protected for communication. The
data storage is usually

within a
secure LAN protected behind a
dedicated firewall.



Where to Go For More Information or Who
to

Contact If Interested


The federal guidance as
originally issued

by HHS may be accessed at

http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/federalregisterbreachrfi.pdf

The updated guidance issued with the DHHS breach notification rule may be accessed at

http://www.federalregister.gov/OFRUpload/OFRData/2009
-
20169_PI.pdf

If interested in exploring any of the methods of encryption or technical security discussed in this
document, please make contact

through your Cerner client relationship executive,
Cerner DeviceWorks
Cerner Corporation

Confident
ial Information


Cerner Corporation. All rights reserved. This document contains confidential information which may not be
reproduced or transmitted without the express written consent of Cerner.




contact, technical
engagement leader or log a Service Request with Cerner for the appropriate technical
support services area of interest.