ArangoDB HIPAA Compliance
Overview - What is HIPAA Compliance
The Health Insurance Portability and Accountability Act (HIPAA) is a law passed in 1996 by US congress that sets standards and protocols for the protection of patient data in the healthcare industry. It states that personal patient data must be appropriately safeguarded and privacy sufficiently maintained. All companies providing treatment, payment, and operations in healthcare with access to protected health information (PHI) are required to be HIPAA compliant.
There are two core rules to consider for a database to be HIPAA compliant: the HIPAA Security Rule and HIPAA Privacy Rule, both focusing on safeguarding patient PHI.
The HIPAA Privacy Rule requires organizations to set appropriate safeguards to protect the privacy of accessibility of PHI while the Security Rule ensures “integrity, and availability of PHI that it creates, receives, maintains, or transmits”.
In order for data being stored maintains compliance with these regulations, the database must meet the following four requirements:
- Data Encryption 360°: In transit, at rest, encrypted backups
The ArangoDB Enterprise Edition has the necessary tools and features to address these requirements and provide HIPAA compliance for your PHI data storage needs.
ArangoDB Enterprise Edition
There are two versions of ArangoDB available: ArangoDB Community Edition and a commercial ArangoDB Enterprise Edition. ArangoDB Community Edition is a free native multi-model database available under open-source license, while ArangoDB Enterprise is a paid subscription that includes SmartGraphs, SatelliteCollections and many enterprise-level security features. While the community edition provides some basics for compliance, the Enterprise Edition provides everything out-of-the-box. These additional security capabilities are what will ensure your database is HIPAA compliant.
Authentication - Determine User Identity
Authentication establishes the identity of all users accessing the database. Each user attempting to enter the system must be appropriately identified to determine their role and ability to access the database. The ArangoDB LDAP Server feature available in ArangoDB Enterprise is the solution to this problem.
The basic idea is that one can keep the user authentication setup for an ArangoDB instance (single or cluster) outside of ArangoDB in an LDAP server. A crucial feature of this is that one can add and withdraw users and permissions by only changing the LDAP server and in particular without touching the ArangoDB instance. Changes will be effective in ArangoDB within a few minutes.
Authorization - Monitoring Access and Permissions
After the user’s identity has been established, it must be determined if they have permission to access the data they are querying. Authorization also determines what actions a user is permitted to make once entering the system such as read/write privileges. An ArangoDB server with LDAP certification has the access to revoke any permission database.
Once the user is authenticated in the LDAP server, there are two methods for authorization: (a) “roles attribute” and (b) “roles search”.
In method (a) ArangoDB acquires a list of roles the authenticated LDAP user has from the LDAP server. The actual access rights to databases and collections for these roles are configured in ArangoDB itself. The user effectively has the union of all access rights of all roles he has. This method combines the advantages of managing users and roles outside of ArangoDB in the LDAP server with the fine-grained access control within ArangoDB for the individual roles.
An alternative method (b) for authorization is to conduct a search in the LDAP server for LDAP objects representing roles a user has. If the configuration option is given, then the user string in the search expression is replaced with the distinguished name of the authenticated LDAP user and the resulting search expression is used to match distinguished names of LDAP objects representing roles of that user.
Encryption 360° - Data Encrypted at all Times
Encryption is a critical safeguard that ensures the security of the data and protects outside users from accessing data by monitoring traffic or intercepting data in transit. ArangoDB has you covered keeping your data encrypted at all times using three different methods to: Encryption at Rest, Encryption in Transit, and Encrypted Backups.
Encryption at Rest: To protect against direct reading of files that are already on a disk ArangoDB offers Encryption at Rest. The Encryption feature of ArangoDB will encrypt all data that ArangoDB is storing in your database before it is written to disk.
The data is encrypted with AES-256-CTR, which is a strong encryption algorithm, that is very suitable for multi-processor environments. This means that your data is safe, but your database is still fast, even under load. Furthermore, most modern CPU’s have built-in support for hardware AES encryption, which makes it even faster.
Encryption in Transit: SSL Certification Encryption is used to protect data in transit from the database to the application. The ArangoDB server provides a variety of SSL options including: SSL Endpoints, Keyfile, CA File, SSL protocol, SSL Cipher, and SSL peer certificate (only available in Enterprise Edition).
Encrypted Backups: With the ArangoDB Enterprise Edition, AES 256 encryption of data dumps is supported. The dump is encrypted using an encryption keyfile, which must contain exactly 32 bytes of data (required by the AES block cipher).
The keyfile can be created by either an external program, or, on Linux, using a simple command. Encrypted backups are supported with the default storage engine RocksDB.
Auditing - Ongoing System Security
The previously mentioned measures all provide you security in the present, but what happens when personnel, access privileges, and roles change within your company? A process must be set in place to ensure ongoing compliance despite any organizational changes.The ArangoDB auditing process allows you to monitor access history to the database in detail. An audit log is required to provide a history of all access and security settings allowing you to validate any changes to users and roles to remain regulatory compliant.
In general, audit logs are of the form of timestamp, username, database, client-ip,andauthentication.
-The time-stamp is in GMT. This allows to easily match log entries from servers in different time zones.
-The name of the server. You can specify a custom name on startup. Otherwise the default hostname is used.
-The username is the (authenticated or unauthenticated) name supplied by the client. A dash – is printed if no name was given by the client.
-The database describes the database that was accessed. Please note that there are no database crossing queries. Each access is restricted to one database.
-The client-ip describes the source of the request.
-The authentication details the methods used to authenticate the user.
These fields provide the details necessary for an HIPPA compliant audit log.
If you are considering using ArangoDB as your native multi-model solution to store your Protected Health Information (PHI) data, rest assured that you will be HIPAA compliant. The ArangoDB Enterprise Edition has the necessary measures set in place including Authentication, Authorization, Encryption, and Auditing to ensure your applications can be build in full HIPAA Compliance.