THCS And Tovaris

939 views

Published on

I created and presented this several times in regards to the selection and implementation of a secure e-mail solution.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
939
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

THCS And Tovaris

  1. 1. HIPAA Success Story How Texoma Healthcare System Identified & Addressed its Secure E-mail Requirements 21 August 2003 Presented by Texoma Healthcare System & Tovaris
  2. 2. Agenda An Overview of E-mail in Healthcare The Obligatory HIPAA Review E-mail Encryption and HIPAA Compliance The THCS Experience The Highlights and “Take-aways” Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  3. 3. Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. S, All All Rights Reserved. ES sT All Rights Reserved. Rights Reserved. se lea re ail ris m E- va To cure d se ate nd 2001 ma diu m on nd me pti c ry s a ns En es tio sin ica bu un us mm ed ito co 2000 iqu al as Ub rson ele )r pe cy iva Pr od Go ty Brief History of E-mail ret (P s, P tie PG rsi ive t un en in m se ern 1990 d u gov rea d sp , an ide rch W ea se d res ea rel PC IB M ted lga mu 1980 pro rds da an St ” ted en y rch inv d b ea 1970 il “ he Res ma nc E- au ed T l anc NE dv cy PA e A gen AR fens ts A De ojec 1960 Pr
  4. 4. The Obligatory HIPAA Review Defining Covered Entities The Privacy Rule and Security Rule – 164.530(c)(1) and (2) a.k.a. “Mini-Security Rule – Security Rule, Technical Specifications 164.312 (a)(2)(iv) (Addressable) – Security Rule, Technical Specifications 164.312 (e)(2)(ii) (Addressable) April 14, 2003 and April 21, 2005 Reasonable Effort Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  5. 5. E-mail Security Vulnerabilities Alice, Sender Here is John Recipient Smith’s lab result. -Bob Internet Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  6. 6. Potential Attacks at Each Stage • Mail server hack • Internet sniffing • Mail server hack • Malware install • DNS spoofing • Malware install • Intranet sniff • Mail router hack • Intranet sniff • Unencrypted E-mail • Unencrypted E-mail • Unencrypted E-mail Internet Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  7. 7. Encryption is a Solution • Mail server hack • Internet sniffing • Mail server hack • Malware install • DNS spoofing • Malware install • Intranet sniff • Mail router hack • Intranet sniff • Unencrypted E-mail • Unencrypted E-mail • Unencrypted E-mail Internet Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  8. 8. The THCS Experience Our decision-making team – CIO and CFO – HIPAA Compliance Officer, CPO – Operations – Decision Support – Network Manager – IS Support Services Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  9. 9. The THCS Experience Requirements Analysis – Ease of use – Zero client footprint (senders and recipients) – Key distribution and management – Proven encryption technology – Control of message store Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  10. 10. The THCS Experience Three Challenges THCS users can’t use encryption—it’s too difficult! How do we send secure messages to recipients with no digital certificate? Manual certificate exchange is impossible to manage with our business partners. Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  11. 11. The THCS Experience Minimum system requirements for SecureMessenger message retrieval – Message retrieval is intuitive – Message links are common industry practice (airlines, banks, greeting cards) – Works with AOL, Yahoo!, Hotmail Can’t assume recipients will be able or willing to download, install, or use a plug-in or separate secure E-mail application – Individual recipients – Physicians – Business associates Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  12. 12. The THCS Experience Product Review and Selection – Concentrated on secure messaging vendors – Avoided complicated PKI vendors – Understood HIPAA regulations – Demos – In-house trials Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  13. 13. The THCS Experience Implementation and Integration – Well-documented install preparation and process – Drop it in and go – Excellent training Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  14. 14. SecurE-mail Gateway™ E-mail security appliance component of TESS that provides seamless E-mail encryption and decryption services to THCS employees, clinicians, and other enterprise users, and remote recipients. 2. Content filtering system 1. Internal email filters messages, forces communications encryption where required as usual Corporate Outer Firewall Firewall Desktop User 2 Content Mail Server 3 Filtering 1 4 SecureMail Web User Gateway Internet 3. SecureMail Gateway  encrypts all messages that have been flagged 4. SecureMail Gateway  for encryption either by sends mail OR forwards Mobile user, policies, or content encrypted mail to MTA Device User filtering system for Internet delivery Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  15. 15. Unified Secure Messaging Platform Product Description SecureMail Gateway™ • Plug-and-play email security appliance S/MIME • Automatic certificate lookup and harvesting Appliance • Automatic encryption and decryption • Digital signatures SecureMessenger™ • SecureMail Gateway™ universal secure messaging feature Universal • Enables secure email to any recipient, Secure requiring only: Delivery – Web browser (SSL-capable) – Email address and application SecureTier™ • Scalable backbone network Global • Connects SecureMail Gateway appliances Certificate • Management and distribution of standard Network X.509 digital certificates (public keys) • Automatic certificate lookup on every message Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  16. 16. The THCS Experience Authentication of Non-S/MIME Recipients – Establishing a pass phrase – Communicating the pass phrase Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  17. 17. SecureMessenger™: Manual Message Flag All communications with the system are initiated via E-mail; no plug-ins needed Simply type “secure-” in front of the recipient address or in the Subject line, and security is assured. Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  18. 18. SecureMessenger™: Encrypt Customizable interface SECURE MESSAGE CENTER 1. Enter clue (challenge) 2. Enter password (response) 3. Establish message lifetime 4. Request real-time message tracking/delivery receipt 5. Click button to always use this clue/password and other settings for this recipient Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  19. 19. SecureMessenger™: Notify Link will invoke web browser and establish the secure SSL connection for the recipient. Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  20. 20. SecureMessenger™: Decrypt Recipient authenticates him/herself to receive secure SECURE MESSAGE CENTER message: • Password • Account number • Provider number • Shared secret Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  21. 21. SecureMessenger™: Pickup Recipient sends a secure reply with attachments View security level and digital signature Tovaris user views message reply in her inbox, securely Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  22. 22. SecureMessenger™: Verify Recipient verifies encryption, signature integrity, originator identity, and certificate validity Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  23. 23. SecureMessenger™: Reply Recipient can reply securely back to sender, with unlimited file attachments. Original sender receives secure message in his own inbox when message has been replied to by recipient. SecureMessenger™: Track Sender receives instant, secure notification by E- mail when SecureMessenger message has been retrieved by recipient. Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  24. 24. Simple Web Administration Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  25. 25. The THCS Experience Usage and Maintenance – What maintenance? – Measuring usage – Assuring usage Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  26. 26. Addressing User Compliance Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  27. 27. Addressing Three Secure Messaging Challenges THCS users can’t use encryption—it’s too difficult! No client application or plug-in—SecurE-mail Gateway is a fully integrated E-mail security device How do we send secure messages to recipients with no digital certificate? SecureMessenger Web delivery to all recipients with no remote storage of keys or messages Manual certificate exchange is impossible to manage with our business partners. Certificate harvesting and SecureTier automate certificate distribution, retrieval and management activities Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  28. 28. Texoma’s Key “Take-aways” “Reasonable effort” toward HIPAA compliance Able to send secure E-mail to any recipient Turn-key E-mail security with little user overhead Little to no ongoing management burden Able to find and retrieve recipients’ certificates by default on every message sent Able to integrate secure E-mail with mail system, anti-spam/virus and content scanning systems Plug into existing corporate data sources for seamless Web delivery authentication Copyright ©2002 Tovaris, Inc. Copyright ©2003 Tovaris Copyright ©2002 Tovaris, Inc. All All Rights Reserved. Rights Reserved. All Rights Reserved.
  29. 29. HIPAA Success Story How Texoma Healthcare System Identified & Addressed its Secure E-mail Requirements 21 August 2003 Presented by Texoma Healthcare System & Tovaris

×