Features - Enterprise Data Insights:

UT HEALTH SCIENCE CENTER AT HOUSTON USES NeoScale CryptoStor

NeoScale Systems Inc, a leading provider of enterprise storage security solutions for the networked storage and data storage management markets, announced that the University of Texas Health Science Center at Houston has selected NeoScale CryptoStor in their HIPAA compliance efforts to protect personal health information (PHI) and as means to alleviate associated HIPAA cost and management complexity. Using CryptoStor, encrypted PHI data stored in the SAN is protected according to HIPAA compliance standards without affecting storage processing, without disrupting business services, and while reducing additional HIPAA data classification, management, training and infrastructure costs.

"Encryption conceals the personal, confidential and identifiable information and thereby protects PHI data. NeoScale enabled us to transparently control SAN access and selectively encrypt stored data -- without performance degradation or interfering with legacy applications," said Kevin Granhold, HSC director of network services at the health science center. "Since the appliance is application and platform agnostic, we can continue to derive benefits as our applications and SAN evolve. CryptoStor was the most viable, cost-effective storage security solution for our HIPAA requirements."

CryptoStor is an enterprise-class network storage security appliance providing wire-speed encryption, optimized rule scalability, centralized policy and key management, storage Firewall access control, and completely transparent SAN operation for storage transport and media privacy (both arrays and tape in one platform). The solution is placed anywhere along the SAN data path, transparently intercepts communications between SAN-attach hosts and storage resources, and applies AES data encryption and access controls -- regardless of application or platform. The appliance protects policies and keys while requiring authenticated privilege-based access to ensure secure administration. The product's high availability feature maintains security policies across appliance cluster members.

HIPAA Compliance And Storage

The Health Insurance Portability & Accountability Act (HIPAA) compliance prevents unauthorized disclosure or misuse of PHI and is mandatory to all parties engaged in the health industry. In particular, all members associated with a transaction involving PHI data must demonstrate best practices for the reasonable protection of the data and the infrastructure that supports processing of that data -- else face significant financial, legal and business penalties including criminal prosecution. Best security practices require traditional front end security methods such as physical access controls, data network transport protection, host defenses, system and applications authorization, and security policy. This layered defense model must extend to backend storage -- preventing unauthorized access to data-at-rest.

Data storage consolidation, data pooled on tape media, data stored remotely, data in transport, and stored using third party services have access vulnerabilities that affects compliance efforts. PHI controls dictates where and how the data can be stored and used. PHI data protection often has related management, training, data classification and infrastructure costs that can be significant. HIPAA Technical Safeguards Section 164.312 suggests encryption as a means to protect PHI. Encryption can be employed to negate PHI protection costs, but can be prohibitive to implement and maintain.

"Storage security is a crucial and often overlooked portion of compliance. Stored data access control and encryption can facilitate compliance with GBLA, HIPAA, SEC, and a growing number of other regulations," commented Jamie Gruener, senior analyst with The Yankee Group. "The advantages of platform and application independent storage security appliance, such as NeoScale CryptoStor, can lower costs associated privacy guidelines by alleviating stored data classification requirements and leveraging existing primary and secondary storage resources."

The NeoScale Solution

Most health service organizations' storage infrastructure is comprised of a variety of legacy SAN components which support applications spanning administrative, billing and medical records (PHI data). NeoScale CryptoStor transparently operates along any part of the fibre channel data path providing flexible deployment in new and existing SANs. The product selectively encrypts PHI data at the block-level entering into a consolidated SAN -- regardless of application or platform. CryptoStor policies are easily defined according to business application requirements which can enforce authorized SAN communications and implement strong AES data encryption.

An appliance solution streamlines storage security functions, processing, and centralized management platform. This approach maintains PHI data protection within shared storage resources and complements front end and perimeter defenses. Most importantly, it demonstrates reasonable and acceptable due diligence for HIPAA compliance for storage while greatly reducing backend PHI data classification and management costs.

"The UT Health Science Center at Houston is an outstanding example of how large health services organizations are using CryptoStor to mitigate stored data access threats and meet privacy compliance guidelines," said Scott Gordon, vice president of marketing at NeoScale. "We applaud the university's vision towards PHI stored data protection and are pleased to be part of their HIPAA compliance efforts."