Performance Measurement and Workflow Impact of Securing Medical Data Using HIPAA Compliant Encryption in a .NET Environment

The Health Information Portability and Accountability Act of 1996 called for new standards to be set in the health industry. These standards included new privacy and security laws along with more administrative reform. In the long run, these new standards are supposed to save the healthcare industry time and money. One of the security standards calls for encryption of all digital data in both transmission and storage. The impact of this requirement on the workflow in a healthcare entity is unknown. The Department of Radiology at the University of Virginia is interested in implementing a solution using .NET technologies in order to gain the benefits of portability and security from managed code. Since HIPAA does not require a specific encryption, I first analyze different prominent industrial encryption standards from both a performance and security standpoint and review the literature on encryption algorithm performance. I then recommend one that should be used in a .NET healthcare environment. I use the performance statistics in a workflow model used by the Department of Radiology at the University of Virginia. From the results, I determine the possible impact on the workflow at the University of Virginia hospital given different concurrency in their systems. 1 Performance Measurement and Workflow Impact of Securing Medical Data Using HIPAA Compliant Encryption in a .NET Environment