Data security is important to you and TELCOR, too.

POC never stops. You need interfaces that are perpetual, notifications when things go wrong, and a reliable middleware solution that is always available. Your team needs access to patient data to provide the best healthcare outcomes, but you’re also tasked with maintaining data security. In this three-part email series, we’ll highlight how QML® addresses data security, encryption, and availability.

Part 2: Protecting Your Data with Encryption

Encryption is a process where data is converted into a cryptic or non-decipherable format to protect it from unauthorized access. Encrypting data at rest can be accomplished via either Full Disk Encryption or the SAP Sybase SQL Anywhere 17 database itself. Encryption for data in transit is accomplished via TLS and certificates.

Full Disk Encryption

Full Disk Encryption (FDE) renders all data on a storage drive unreadable by anyone who doesn’t have the decryption key. By encrypting your entire storage device, you significantly reduce the risk of unauthorized access to your information and help meet compliance requirements. FDE would be enabled by your IT team. Contact them if you have questions about FDE.

FIPS Database Encryption in SAP Sybase SQL Anywhere 17

FIPS-certified encryption technology refers to cryptographic modules or algorithms that have been evaluated and validated by an accredited laboratory against the requirements set forth in the Federal Information Processing Standard Publication 140-2 (FIPS 140-2). This standard, established by the National Institute of Standards and Technology (NIST), outlines rigorous security requirements for cryptographic modules used within the U.S. federal government and other regulated sectors.

  • Enhanced Security: FIPS encryption safeguards this data by transforming it into an unreadable format, rendering it useless to unauthorized individuals even if intercepted.
  • Regulatory Compliance: Many healthcare regulations, like the Health Insurance Portability and Accountability Act (HIPAA) in the US, mandate robust data security measures. FIPS compliance demonstrates that an organization adheres to these regulations and protects patient data according to established standards.
  • Enhanced Protection: FIPS-validated algorithms and implementations offer a stronger defense against cyberattacks and unauthorized access attempts.

The absolute minimum amount of protected health information (PHI) required for POC is stored in the QML database. Once the production database is encrypted, each backup is encrypted as well.

PHI for patients stored in the QML database:

  • Account Number
  • Admission Facility, Location, Room, and Bed Number
  • Admission Type
  • Date of Birth
  • MRN
  • Name (Last, First and Middle Initial)
  • Patient Type
  • Patient Class
  • Sex\Gender

PII for operators stored in the QML database:

  • Code
  • Name (Last, First and Middle Initial)
  • Active Directory Account or QML Application Login
  • Host Operator Code
  • Supplemental ID
  • License
  • Birth Month

FIPS AES 256-bit encryption for the QML SAP Sybase SQL Anywhere 17 database can be purchased for the QML Production and QML Test system for data at rest. Please contact us in the form below if you’re interested in implementing FIPS database encryption.

Transport Layer Security (TLS) in TELCOR Components

TLS is a cryptographic protocol that ensures secure communication over a computer network. Using digital certificates, TLS is designed to provide authentication, integrity, and data privacy between client-server applications, ensuring the client is communicating with the legitimate server and not an imposter.

  • Confidentiality: Encrypted data becomes unreadable to anyone without the decryption key, guaranteeing the privacy of your POC information.
  • Integrity: TLS ensures data remains unaltered during transmission, preventing unauthorized modifications or tampering.
  • Authentication: It verifies the identity of both parties involved in the communication, preventing impersonation and man-in-the-middle attacks.

TLS will not only protect your POC data in transit between QML and other systems it will protect all data from the user to the server and back.

TELCOR has TLS solutions for ADT, Orders, Unsolicited and Solicited Result interfaces. This feature can be enabled at no additional cost to you from TELCOR. TLS is not enabled in TELCOR components by default because the other system – whether it is sending information to QML or receiving information from QML – must also be able to support TLS communication. TELCOR is committed to working with all device and LIS/EMR vendors to test and implement TLS interfaces as demand arises.

Both procurement and ongoing management of the digital certificate is the customer’s responsibility. For compliance purposes, TELCOR requires the certificate be procured from a trusted third-party certificate authority.

TELCOR has completed projects to enable certificated encryption for in-transit QML data as defined below. However, these are awaiting the first customer implementation. Implementation of this encryption with devices is dependent on the system vendors. The TELCOR release schedule to enable all versions of TLS encryption for in-transit QML data is as follows:  

  • HL7 Solicited/Unsolicited Results and ADT via TCP socket to socket communication was released in Q1 2023.   
  • HL7 Orders via TCP socket to socket communication was released in Q3 2023.
  • SAP Sybase SQL Anywhere 17 database connections was released in Q1 2024 and requires FIPS encryption of the SAP Sybase SQL Anywhere 17 database.
  • Device interfaces will be updated as device vendors make transmission encryption available. 

If you want to implement TLS with digital certificates, please contact us in the form below.

    Data security is important to you - and TELCOR, too. Part 1

    Read part one of this data security series.