How Should DoD Secure Health Records?
Data Protection Strategies for New EHR Mega-Project
… “Several security and privacy challenges exist as the DoD transitions from its old EHR to the new system,” says Keith Fricke, principal consultant at consulting firm, tw-Security.
“Migrating from one EHR to another often involves importing historical data from the old system to the new one. The data set may be rather large,” he notes. “Extracting data from the old EHR will likely result in a large interim database or data file. The database may need to be sent to the new vendor for data field mapping or importing.”
Yet, it is not practical to send data extracts this large over a data connection. “Instead, it is better to send the data sets on an encrypted external hard drive, tracked via shipping provider,” he says.
Data integrity issues are among the biggest challenges involved with such massive EHR undertakings, says Tom Walsh, founder of tw-Security. “Often times, the data mapping between an old system and new systems misses something. The only thing worse than no patient data is the wrong patient data.”
To counter those problems, the data extraction process must include mechanisms to validate the data ultimately imported into the new EHR exactly matches the data stored in the old EHR, Fricke advises.
Another factor that needs close oversight is ensuring that role-based access controls to patient data are maintained from the old system to the new, especially where highly sensitive information, such as behavioral health data, is involved, Fricke says.
… However, often a test environment must have real patient data in order to perform a true functional test, Walsh notes. “Security controls for test environments can often be less stringent. People using the test environment may forget that the data they are working with represents a real patient. Generic user accounts with easy to remember passwords may be set up to help facilitate functional testing.”
So, to avoid possible breaches or unauthorized access to PHI, the test environment needs to have security controls set to the same level as the production environment, Walsh recommends.
Because there will be thousands of people involved with the project – including individuals working for contractors and subcontractors – another danger is a watering down of security measures and practices that should be in place throughout the project, at all locations, for all personnel involved with the work.
“A front line worker may honestly say, ‘I didn’t know,’ and it is a true statement,” Walsh says. “Privacy and security education must be conducted for everyone involved.”
As for securing data during project stages, Fricke recommends that data be stored on servers located in a secure data center and accessed via virtual desktops. “Doing so significantly reduces the likelihood that data is being stored on contractors’ laptops or hard drives of workstations,” he says.
“If storing data locally on laptops and desktops is required, these devices must be using encryption.”
In addition, Fricke suggests that two-factor authentication be used for any remote access to the data being worked on for the migration. “We’ve seen news stories in the past year about foreign countries targeting US government systems for hacking and exfiltration of data,” he says. “The vendors involved in this EHR migration must ensure that all systems involved in the process have proper security patching levels, well-maintained malware protection, and 24×7 audit log monitoring.”
…Because the DoD EHR systems contain healthcare data for U.S. military personnel, then the information potentially could be a hot target of the most devious cyberattackers, Walsh notes.
“The data in these systems are not just any patient. This is the patient data of the men and women who willing chose to serve our country,” he says. “Our military personnel are prime targets for domestic and foreign terrorists. Workforce clearance will have to be strongly enforced for anyone involved, but especially far more rigid for any person with elevated privileges, such as system administrator, super user, etc.”
Finally, because the DoD project will last at least a decade, maybe two, it’s vital that all project work is thoroughly documented, Fricke says.
“It is important that from a project management perspective, the project managers ensure all project documentation is kept very current,” he says. “There is always staffing turnover of project managers and contractors in a project this large and with the long timelines expected. Gaps in documentation will cause potential delays, potential rework and possible lapses in security practices as turnover occurs.”