Skip to main content /TECH with /TECH

Securing patient privacy


By Brian Fonseca

(IDG) -- As medical professionals move their daily practices further and further into the electronic world, so too has the mandate grown to protect the privacy of patient information. U.S. government regulations such as HIPAA (Health Insurance Portability and Accountability Act) hold health care facilities responsible for bringing legacy IT systems into stringent compliance and ensuring the security of patient records.

And as a direct result of ensuring that security, some health care professionals are seeing danger in places they never would have dreamed to look before.

"One day we were tracing a port sniffer [coming] all the way from Azerbaijan in the former Soviet Union. It was bizarre," says Dr. Alex Golin, vice president of marketing at Roseland, N.J.-based Hamilton Scientific. "[In the realm of network security], it's what you don't know that can hurt you."

Founded by physicians and engineers in 1998, Hamilton Scientific offers a Web-based solution allowing doctors, medical office staff, insurers, and billing parties to access and contribute to a single online chart bearing patient information. INFOCENTER
Related Stories
Visit an IDG site search

Delivered via the ASP model, Hamilton Scientific's system is based on its core module, called myPatientCharts. The centralized patient record provides each treating physician with his or her own consolidated chart. The point-and-click data collection application features customizable, preformatted menus built on Java and XML that run on Windows. Hamilton Scientific hosts its application through its own datacenter and employs a local caching system.

"In terms of our success as a company, we need to be sure that our clients feel they can trust us with this information. In health care in general, the whole notion of competence and trust is critical," Golin says.

Golin says his company broke down its security needs into two components: network and authentication. To address the authentication issue, Hamilton Scientific uses digital certificates, SSL (Secure Sockets Layer) 128-bit encryption, and password protection. The ASP is also investigating the possibility of adding biometrics technology for remote authentication using fingerprint scans to log in to the application.

Due to the vast territory to cover in the network, Golin says Hamilton Scientific brainstormed on several possible security scenarios. Ideas that fizzled included a honey-pot approach and other diversionary tactics, as well as a fake server to trap and prevent attacks. But it was decided that monitoring was pivotal to knowing what areas of the network drew attention.

Hamilton Scientific turned last year to Monmouth Junction, N.J.-based Niksun and its NetDetector and NetVCR appliances to keep customers' virtual medical records private. Golin says the products allow Hamilton Scientific to know exactly what is happening at all times in the network, and to take appropriate action if an event occurs.

"This is literally like a security camera in a convenience store, so we know who's been [inside] and who's looking around. It allows us to see what we need to protect against; otherwise, without this type of monitoring defense, we wouldn't ever have known [possible security breaches] were happening," he adds.

The Niksun solution, which cost approximately $100,000, according to Golin, combines hardware and software and sits outside the firewall near a customer's servers.

"It was an incredibly easy implementation. [Niksun] came over and after a short time we flipped the switch and it was ready to go," Golin says.

NetDetector time-stamps and records data sessions and tracks IP-related activity for suspicious activities, keeping administrators abreast of any changes in the network through real-time alerts and forensic snapshots for event reconstruction. The appliance is capable of retracing an intruders exact steps even if all file logs are wiped clean.

By contrast, NetVCR enforces QoS (quality of service) and SLAs (service-level agreements) by monitoring network performance issues to ensure IP traffic for the enterprise customers, carriers, and service provider networks runs smoothly. The remote monitoring and playback features of NetVCR present off-site fault-diagnostic and post-event analysis options to administrators.

Golin says Niksun's products gives Hamilton Scientific the crucial lead time to shut down its system to thwart hostile intent or attacks in a means completely transparent to customers.

"It's great, if nothing else, to know what's going on over the network [and] who your adversaries are. The ROI here is not a dollar value so much as piece of mind. We haven't had any successful hacking attacks, even prior to using Niksun, [but the product] did raise our eyes as to how many people were trying to hack in. You have to have the ultimate in security; if you don't, it's unconscionable."


• Medical privacy rules to take effect
April 12, 2001
• Expanded privacy rules perpetuate debate
January 2, 2001
• Hospital hack points to need for standards
December 20, 2001

• Health Insurance Portability and Accountability Act
• Hamilton Scientific

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top