Founded in 1908 and located in Denver, The Children’s Hospital is a private, not-for-profit pediatric healthcare system that cares for kids of all ages and stages of growth. Its dedication to these young patients is evident in more than 1,000 pediatric specialists and more than 3,500 full-time employees, and is the main reason that The Children’s Hospital is a place parents have come to trust.
The Children’s Hospital understands this trust is not just based on its dedication to providing the best medical attention for the children in its care, but also on its dedication to ensuring all patient records and other sensitive medical information is protected at all times. With an increasing number of medical staff traveling to extend care beyond the walls of the main campus, two emergency locations, three community-based after-hours care sites, nine specialty care centers, and more than 400 outreach clinics, The Children’s Hospital had to be certain that it could protect all data stored on their laptops.
"With more of our clinicians traveling nationally and internationally on a regular basis, we must be certain the patient data stored on the laptops that travels with them is secure," says Andrew Labbo, privacy and data security officer and information security manager at The Children’s Hospital. "The laptops carried by our traveling doctors potentially contain sensitive patient information and so we had to ensure that a lost or stolen laptop would not provide unauthorized access to this highly-confidential data."
Labbo had previously witnessed the disruption a lost laptop could create in 2002.
"A state agency officer lost a laptop that was only protected by a static password, and that simply did not provide sufficient data protection," he says. "The process of correcting this possible data leak was painful and expensive. In fact, when everything is considered, the cost of losing a laptop can be in the tens of thousands of dollars, and that does not include the damaging legal and public relations issues."
Wanting to ensure its data could not be read by any unauthorized users, The Children’s Hospital began researching alternative methods of encrypting the data on its laptops. Having looked at both full-disk (also known as whole-disk) encryption solutions as well as file encryption solutions, The Children’s Hospital decided that full-disk encryption was the only way to ensure all laptop data was protected at all times. Unlike file encryption, which protects specific files, full-disk encryption encrypts all data stored on the entire hard drive, including file names and associated metadata, rendering them "invisible" to unauthorized users.
As full-disk encryption protects all data on a device at all times, it would ensure that the hospital did not have to be concerned about copies of data being left in clear text in ghost and temporary files. This would simplify data security management as administrators would not have to spend valuable time ensuring staff encrypted all appropriate files. Most importantly, in the event of a laptop being stolen, there would be no risk of a hacker gaining access to medical records.
"We looked at both whole-disk and file encryption and found that while whole-disk encryption ensured that no data on a laptop could be accessed by any means, not even if a stolen drive is mounted, file encryption did not protect the entire hard drive," says Labbo. "This meant with file encryption we could not be certain that all data was protected and would still have to undergo the painful process of notifying all patients in the event of a lost or stolen laptop. Whole-disk encryption also met all HIPAA requirements that call for a mechanism to be put in place to protect data at rest on laptops."
The Children’s Hospital began reviewing available full-disk encryption solutions in November 2006. "We began researching five different solutions based on specific criteria," says Labbo. "The criteria included ensuring that the entire hard drive was encrypted at all times, ensuring there was no risk of data loss during installation, making certain the encryption solution could integrate with smart card readers and smart cards, and the ability to centralize help desk management to help users with forgotten passwords."
Having thoroughly researched the available solutions, Labbo found only one met all The Children’s Hospital’s data security requirements. "We were able to eliminate four of the solutions almost immediately as they were unable to integrate with our existing smart card readers and smart cards, plus many required specific hardware and would not work with all of the hospital’s laptops. Only WinMagic’s SecureDoc proved capable of integrating with our existing smart card and smart card readers and had no problem integrating with our stock laptops."
After selecting the full-disk encryption solution, The Children’s Hospital began a thorough three-month pilot. A good cross section of the staff, including physicians, care providers, executives and administrative staff were involved to ensure that everybody would be comfortable with the encryption layer. Initial testing confirmed that the software-based solution would provide the highly-level data protection the hospital was looking for without necessitating any real investment in additional hardware.
"We were able to prove that the entire hard drive was secure and also that there would be no need to buy new smart card readers or laptops as the new software integrated with our existing devices straight out of the box. Although the install did require attention to detail and interaction with the users whose laptop it was installed on, this was mainly down to the fact that they had to set up memorable questions/answers individually for password reset."
Perhaps, even more importantly, the testing confirmed that the encryption layer would not negatively impact patient care. "The biggest point that sold us on the install was the fact that users could continue to work unaffected while the initial encryption process of the disk took place. During the pilot we observed over 20 laptops encrypting the disk while people worked with no issues whatsoever and so we knew staff members would be able to continue working while the solution installed in the background. As a hospital, it was critical that staff would not be disturbed during the installation process."
Having successfully completed initial testing, Labbo began a larger pilot to ensure that there would be no issues with long-term management. This meant ensuring that it would be simple to set up not only new users, but also new user groups. It also meant trying the solution with other devices to ensure all data could be encrypted no matter what technologies the hospital might add to the system in the future.
"A further six months of testing let us run the encryption solution over an extended period, and during that time we were able to ensure that once a disk was encrypted, there was little additional management required other than setting up the install to run in the background and sending out an email with brief instructions. The granularity of the solution lets us customize security as needed — whether by changing protocols, adding new users, or adding new removable media devices, such as USBs or PDAs. No matter the device, the install and management process remains the same."
The extended testing also enabled Labbo’s team to make absolutely certain that no data would be lost during installation. "Obviously, it was critical that we did not lose any data during the roll out and after both pilots, we experienced zero data loss." With both pilots successfully completed by the spring of 2007, The Children’s Hospital began rolling out the encryption software to additional laptop users. "We simply set the install to run transparently in the background over the course of an afternoon and the user is then ready to go. During the roll out, positive word of mouth from physicians spread that adding the encryption was a painless process, which made my team’s life much easier."
As for the added security the encryption layer provides, Labbo has an anecdote that he feels sums up just how well data is now protected. "I have SecureDoc on my laptop, and when my hard drive required updating, a technician began the process of removing the existing drive and switching the software onto a new drive," says Labbo. "The technician had experience with encryption solutions in the past, and figured he would not need to remove the software before transferring the data by simply bypassing the encryption layer. Several hours later, the technician came back to me and said he could not bypass the encryption level."
By carefully setting out the data security criteria it required and thoroughly testing the available solutions, The Children’s Hospital has been able to fully integrate encryption software with its existing applications to ensure all patient data is protected at all times. "When you consider the potentially high cost associated with a single user losing their data compared to the relatively tiny cost of protecting each laptop, it makes sense to add whole disk encryption. A disk acts just the same after it has been encrypted as before it was encrypted. This means that with adequate planning, it is possible to protect all data without any inconvenience to staff or any sacrifice in patient care."