Institute:Office of National Coordinator (ONC) Workforce Training Curriculum
Component:The Culture of Health Care
Unit:Privacy, Confidentiality, and Security
Lecture:Tools for protecting privacy and confidentiality
Slide content:Standards for Encryption and Related Functions Advanced Encryption Standard (AES): NIST-designated standard for encryption/decryption ( Daemen & Rijmen , 2002) Transport Layer Security (TLS) and predecessor, Secure Sockets Layer (SSL): Cryptographic protocols that provide security for communications over all points on networks ( Rescorla , 2001) Internet Protocol Security (IPsec): Protocol for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream Part of IPv6 but also added as standalone on top of IPv4 Secure Hash Algorithm (SHA): Protocols that ensure integrity of transmitted information and documents (NIST, 2002) Security flaws have been identified in SHA-1, so SHA-2 family of protocols has been developed For more: Secure Hash Algorithm https://en.wikipedia.org/wiki/Secure_Hash_Algorithm N ISTs Cryptographic Toolkit http://csrc.nist.gov/groups/ST/toolkit/ 13
Slide notes:A number of important standards related to encryption and other functions are listed on this slide. Not everyone in the informatics field needs to become an expert, but it is important to know how these standards are applied in different rolesfor example, how they will be mandated in the Health Insurance Portability and Accountability Act or in the HITECH [high- tech ] criteria for the meaningful use of electronic health records. First, there is the encryption standard itself, the advanced encryption standard, or AES [ay- ee - ess ], that has been designated by the National Institute for Standards and Technology, or NIST [ nihst ], as the standard for robust enough encryption and decryption to be used in computer systems for securing information such as health information. Of course, information is not just encrypted and decrypted on individual machines; it moves across networks, so the movement of data from point to point also requires a process that not only encrypts the data but also make sure that it stays secure as it moves across those connections. The emerging standard is transport layer security, or TLS , which succeeds a standard that was a very prominent route in the early days of the World Wide Web, the secure sockets layer, or SSL . Of course, information moves according to a protocol, such as IP [eye-pee], so there is an Internet Protocol Security, or IPsec [eye-pee-sec]. This is part of the IP Internet protocol communications process that was developed for the new version of IP, version 6, but it has been pulled from that version and added to version 4, which is what most people use when they connect to the Internet. In addition to making sure information is secure from one point to another across a network, the system needs to ensure the integrity of the informationthat it has not been altered either by transmission errors or by malicious users. Secure hash algorithms, or SHA [ ess - aych -ay], ensure the integrity of transmitted information documents. The original SHA protocol was found to have some security flaws, so SHA-2 [ ess - aych -ay-two] has emerged and is the more robust way of ensuring the integrity of data transmission across networks. Wikipedia provides a nice overview of these standards, as does the NIST website, listed on this slide. 13