It has taken a long time, but the medical community is finally embracing the information age. Thanks to the widespread adoption of toolsets such as Epic Systems, electronic health records (EHRs) are now making critical health information available when and where it is needed, making handwritten notes and idiosyncratic filing systems things of the past.
This is the good news. But, unsurprisingly, it comes with its own new challenge: the need for healthcare data encryption. Old-style written notes could be misplaced or deemed unreadable when a physician or nurse needed them most, but at least they couldn't be hacked. EHRs can be hacked, meaning that your personal health records can be accessed without anyone needing to skulk through the records storage rooms of a clinic or hospital.
One Hundred Times More Valuable Than Stolen Credit Cards
What can be hacked usually will be hacked — especially if there is money in it. And personal health information (PHI) is a gold mine. As James Scott of the Institute for Critical Infrastructure Technology (ICIT) tells PBS NewsHour, this information is "100 times more valuable than stolen credit cards." The potential misuses of PHI data range from peddling fake miracle cures to desperate patients to outright criminal blackmail.
On top of that, adds security expert Avi Rubin, the healthcare industry is the "absolute worst" when it comes to cybersecurity. Medical professionals are trained to worry about saving lives, not protecting sensitive information. And the same factors that made the healthcare sector slow to go online — its fragmented structure, and the simple fact that so much of medical professionals' work is done on their feet in hospitals and clinics, not at a desk — makes security protections and procedures harder to implement.
No surprise, then, that 2016 has already seen reports of major hacks against several widely used healthcare data systems. For instance, in March, 21st Century Oncology reported a data breach affecting 2,213,597 individuals, according to the U.S. Office of Civil Rights. And in June, PCWorld reported that a hacker claiming to have stolen 9.3 million records from an unnamed health insurance provider had put the records up for sale on the dark web for about $850,000.
The Challenge of Data Security
Securing sensitive data is never easy, and especially not in a fluid environment. A recent survey conducted by Freeform Dynamics in association with Ipswitch, looked specifically at the growing use of intelligent systems, and found that nearly three quarters of professionals rated their organization's ability to handle document security and file transfer security as either "needs strengthening" or "already inadequate."
The survey gathered data from across industries and did not look specifically at healthcare, but it is likely that security professionals in the healthcare sector have at least as many reservations on this score as their colleagues in other fields. So what can the healthcare community do to protect itself and, especially, its patients?
Encryption Protects Data, Even on the Fly
There are basically two ways to protect a document containing confidential information from being hacked. One is to protect all the endpoints leading to it, so the data is not accessible to hackers. The other is to encrypt the data, so that even if hackers get to the document they cannot read it.
Both of these protective approaches can and should be used. But given the tough operational environment that medical professionals work in, healthcare data encryption is, by a wide margin, the single most powerful tool for safeguarding confidential PHI.
End-to-end encryption that embraces both data at rest, in storage units, and data in motion, during file transfers, offers the most complete protection available to a document throughout its life cycle. And because the encryption process can be automated, it can be deployed with confidence, even for users who are not accustomed to thinking about security.
Personal health information is a gold mine that should be accessible only to medical professionals and the patients themselves. Healthcare data encryption is a powerful, reliable way to ensure that it stays that way.