Spring 2003

How does MACGN secure personal data?

Have you ever wondered what happens with all the questionnaire information you have provided the MACGN? Are you concerned about not only the confidentiality of this information but also its security? Well, we are too so please read on….

Keeping your information secure is a high priority for us and it is mandated by the Health Insurance Portability and Accountability Act (HIPAA). This legislation mandates that health care providers and private health practices assure their customers of the confidentiality and privacy of all healthcare information that is collected, maintained, used, or transmitted. This article summarizes how we use security technologies to implement the layered system necessary to ensure your data’s confidentiality, integrity and availability.

Data confidentiality

Data confidentiality is generally threatened by the risk of unauthorized access to stored sensitive information as well as the risk of interception while such data is in transit. We protect the confidentiality of MACGN participants in four ways:

1. Physical (paper) and electronic data with different sensitivities are stored separately. Data, like a participant’s name and address, are separated from the other questionnaire data.

2. Only MACGN staff has access to the data.

3. Data, like a participant’s name and address, are stored locally at MACGN. Any information sent to the national Cancer Genetics Network (CGN) registry at the University of California in Irvine (UCI) is identified by a unique study ID number only, not the participant’s name.

4. Secure data transmission methods are always used when data are transferred to UCI.

Data integrity

Data integrity is generally threatened by unauthorized users who might modify or corrupt the data stored at our site, or as it is transmitted across the internet. Therefore, the integrity of the data is protected in three ways:

1. All paper questionnaires and the database server are stored in locked areas at the Johns Hopkins Medical Institutions.

2. Only MACGN staff with valid user IDs and passwords have access to the data.

3. Data are encrypted (scrambled) when transferred to the national CGN registry at UCI.

Data availability

Data availability is generally threatened by natural threats like fires, floods, or hurricanes, which can result in data loss. Data availability is ensured in four ways:

1. MACGN database servers and workstations are physically located in two different buildings.

2. MACGN database servers are located in a fireproof server room.

3. Full backup is applied daily to all data.

4. A disaster recovery plan is in place.

Data Security Solutions

Physical Security

Physical risks most often involve access to computer or paper documents. A number of measures are used:

1. MACGN database servers and backup systems are placed in a locked room. Users must have a photo ID badge to enter the building and only authorized users (MACGN staff and system administrators) with keys have access to the server room.

2. All paper questionnaires are locked in cabinets.

3. The sections of each questionnaire that contain a participant’s name and address are physically separated from the remaining questionnaire and stored in a different locked cabinet. Only MACGN staff with keys has access to these cabinets.

4. Sensitive documents, including paper documents and/or those stored electronically, are destroyed (i.e. deleted, shredded) when they are no longer used.

User Authentication

Proof of identity is an essential component of our security system. It differentiates authorized users from intruders. Our authentication methods consist of two elements:

1. What the user knows (user ID, passwords)

2. What the user has (photo ID badge, keys)

So, only users who have photo ID badges have access to the buildings where our data is stored. Only users who have keys have access to the data storages and/or servers. Users need their network accounts to log on to the Hopkins local area network (LAN). Only users whose network accounts are added to the MACGN database server access list have access to the database server. Only users who know the database password can open the specific database.

Network Security

All the MACGN database servers and workstations that store participant data are located behind the Hopkins firewall. A firewall is a group of systems (hardware and software) that protect an internal trusted network from an external un-trusted one. It usually serves as the first line of defense of an organization’s LAN. A firewall offers a number of security benefits. It provides a centralized “check point” to help keep unauthorized users out of the protected network. It generates security alarms and provides a centralized location for monitoring and logging all traffic to and from the Internet that passes through the firewall.

No MACGN database servers can be remotely accessed. In other words, the database servers that are located behind the Hopkins firewalls are only accessible to the internal authorized users. No remote access mechanisms are activated on these servers.

The database servers and workstations are installed with virus scan software to protect them from malicious attacks generated from viruses, worms or Trojan horses. New security patches are fully tested and installed on the servers and workstations as needed and available from the software vendors.

Database Security

The MACGN databases that contain participant questionnaire data are stored on a dedicated database server. Only MACGN staff and system administrators can logon to the server. Separate database passwords are created for each individual database. Only MACGN staff who know the passwords can open them.

Data, like a participant’s name and address, are stored in a separate database. This separate database is encrypted using a public key encryption algorithm. By using public key encryption, each MACGN staff possesses a private key and a public key. MACGN staff use their public keys to encrypt the database. Only the MACGN staff listed as receivers and who have the appropriate private keys can decrypt (unscramble) data.

Secure Data Transmission

Data collected at the MACGN registry is regularly sent to the national CGN registry at UCI. Secure measures are used to protect the data transmission:

1. All personal identifying information like name and address are removed during data transfer.

2. Only authorized users with valid web accounts have access to UCI’s secured data transfer website.

3. A digital certificate is installed on UCI’s web server to ensure the data were transmitted to the correct server.

4. While the files are transported, the data are encrypted with the content of this digital certificate. As a result, only the UCI web server can decrypt the data.

Conclusion

Layered protections are implemented by MACGN for achieving information assurance in today’s highly networked environment. We recognize that information security is an ongoing process. We regularly review and reassess our security measures and solutions to keep up with evolving threats and technologies.

By Kelly Q. Qu BS, Research Data Manager/Programmer.