Click here to receive your FREE subscription to Campus Technology
Features
Creighton University: Researchers Comply with HIPAA Using PKZIP
7/24/2003
Creighton University is consistently
recognized as one of the top private universities in the country for medicine,
pharmacy, physical therapy, occupational therapy, dentistry, and nursing. In
addition to teaching, research is an important aspect of the school's programs.
Faculty members and graduate students conduct research in many areas, including
ethics, clinical drug studies, innovative educational techniques, among others.
HIPAA Implications
As part of their ongoing research, professors, doctors, graduate students, and
others exchange a wide range of confidential patient data. To maintain the integrity
and privacy of such data, the U.S. Government introduced the Health Insurance
Portability and Accountability Act (HIPAA) in 1996 and established April 2003
as the deadline for compliance. In 1999, Creighton set up a working group to
look at the implications of HIPAA as it related to its medical centers. In 2002,
the school began to consider the ramifications of HIPAA on its research efforts.
"We knew that the time was drawing near when we would have to have a standard HIPAA procedure in place to adequately protect subject identifiers from improper use and disclosure," says Dr. Phillip Vuchetich, assistant professor of Pharmacy Sciences.
Meeting Requirements
The university was already using PKZIP to compress large files, so it was familiar
with the product and its capabilities. However, the school wanted to determine
if the newest version of PKZIP, which provided strong encryption, could meet
the tough security and privacy standards set forth by HIPAA. Alternative solutions
Creighton could have implemented included S/MIME and PGP, however, these methods
would have required greater investment, are more complex, and raise interoperability
issues.
Because PKZIP integrates with both PKI and non-PKI environments, the cost was much less for deploying internally as a security solution as well as for interoperating with external recipients.
"Our goal was to assess PKZIP's capabilities with regard to protecting health-related data as well as the integrity of our research," says Dr. Vuchetich.
To determine if PKZIP could meet HIPAA requirements, Dr. Vuchetich, along with Dr. Vasant Raval, chair of the department of Accounting in the College of Business Administration, launched a formal PKZIP study in June 2002. The researchers implemented PKZIP in a Microsoft Windows environment made up of more than 110 researchers, and then began testing in two browser environments, Microsoft Internet Explorer and Netscape Navigator.
"The implementation of PKZIP was swift and relatively easy," explains Dr. Raval. "We found the product performed data encryption well, and integrated smoothly with externally supplied digital certificates. Plus, once we equipped a few users, PKZIP scaled quickly and easily to our remaining researchers."
Seamless Integration
Today, more than 300 researchers associated with the Creighton University Medical
Center rely on PKZIP to exchange confidential patient data and other research-related
information. By relying on PKZIP's seamless e-mail integration with Microsoft
Outlook, researchers now have an easy-to-use solution for sending e-mail attachments
compactly and securely.
Phillip J. Vuchetich, Ph.D. (philv@creighton. edu), is assistant professor of Pharmacy Sciences, and Vasant Raval, Ph.D. (vraval@ creighton.edu), is professor and chair, Accounting, both at Creighton University.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Digital Arts Alliance Adds Fordham U
The Digital Arts Alliance, a consortium led by the Pearson Foundation that promotes digital arts in K-12 education, is expanding its membership with the addition of Fordham University. This follows on the heels of three other organizations joining the group back in July--the National Education Association (NEA) Foundation, the Foundation for Investor Education, and Employers For Education Excellence (E3).
- Payment Card Security Toughens with DSS 1.2 Release
Opinions are mixed on what the new Payment Card Industry (PCI) DSS 1.2 standard will mean for security pros going forward. However, the mandate is clear: protect data.
- 6 Universities Join NASA Astrobiology Institute
Research teams from six universities have been selected by NASA to become members of its Astrobiology Institute with the aim of exploring the "origins, evolution, distribution, and future of life in the universe." Teams were each awarded five-year grants, averaging $7 million each, according to NASA.
- Amazon To Host Microsoft Solutions in the Cloud
Amazon announced Wednesday that it is conducting a private beta test of Microsoft's server products running on Amazon's hosted computing platform, which is called Amazon Elastic Compute Cloud (EC2). Amazon expects to offer companies the ability to run their applications on EC2 using Microsoft Windows Server or Microsoft SQL Server sometime in the fall, according to an announcement issued by the company.
- CRM Pushing into New Areas of Higher Ed
Implementing a customer relationship management (CRM) solution can require "difficult or even painful behavioral challenges" for administrators in higher education, according to Nicole Engelbert, a lead analyst with research and analysis firm Datamonitor. "It means re-orienting yourself to your students. That can be tough, so you need to be ready for that."
- Integrated Collaborative Environment Leverages Web 2.0
Here's a bit of trivia for your next high-tech happy hour: A "nog" (in addition to being a Christmas favorite) is a wooden block built into a masonry wall so that joinery structure can be nailed to it. For the founders of Piscataway, N.J.-based startup Bluenog this obscure bit of carpentry nomenclature was the perfect metaphor for an integrated software suite that includes a content management system (CMS), rich portal features and business intelligence (BI) capabilities.
