Better Health: Smart Health Commentary Better Health (TM): smart health commentary

Article Comments (1)

More Lost Patient Data: How Can We Prevent This From Happening?

The Wall of Shame welcomes Sutter Health. Another computer with unencrypted protected health information on over 4 million patients – gone. Now, those guys are pretty smart, so why don’t they encrypt all computers with PHI?  One of life’s persistent questions.  I mean, I can accept the fact that a health plan operator like Cignet Health might have issues with getting a grip on HIPAA compliance, but Sutter Health? What were they thinking? Can’t happen here?  Encryption is a drag?  It’s an easy way to avoid major egg-on-face and to avoid spending significant coin on PR, credit reporting services, and potentially on court judgments — all in addition to significant administrative fines payable to HHS and state regulators.

So the federales are piloting the HIPAA audit program. I know it’s required by the HITECH Act, but who believes that it will motivate behavior change?  Anyone?  Sutter Health was clearly not motivated to seek a safe harbor that would have made the loss of 4 million patient records a non-event.  I know encryption can be a drag, but I’m not a techie. If you are, I invite you to educate me (and the other non-techies out there) on the question of how miserable it really is to have to deal with encrypted data; if you’re really a techie, write a program to enable light-touch encryption that doesn’t interfere with use of data.

Whether or not encryption is miserable, we should be asking: Why is this data on a barely secured computer (password-protected desktop) in the first place? Shouldn’t it be stored on a server that stays in a secure facility, or in a secure private cloud?

Furthermore, as data loss incidents like this keep happening — even among other industry leaders (see, e.g., Mass General) — perhaps we need a new framework for thinking about access to health information. If we knew for sure that employment and insurance decisions would not be affected by the availability of otherwise private health record information, perhaps we would be more sanguine about their release. Perhaps government resources would be better spent on beefing up education and enforcement in those arenas (vs. auditing and enforcing compliance with privacy and security standards).

*This blog post was originally published at HealthBlawg :: David Harlow's Health Care Law Blog*


You may also like these posts

Read comments »


One Response to “More Lost Patient Data: How Can We Prevent This From Happening?”

  1. Ben says:

    The database encryption question is somewhat complicated, but there are a number of major practical problems with encrypting data at the database level and some critiques of the premise. The first is performance: any time data is written to the database or called from the database in needs to undergo an encryption or decryption process. For a single short piece of information this isn’t a big deal, but when you’re pulling up a bunch of records and showing them it can put a significant drag on performance. Secondly, encryption can mess with data indexing. Large databases are generally indexed to increase search-query performance (imagine trying to find a specific word in a novel vs in a dictionary). If a database is encrypted the index is as well, and this can make the index useless (particularly for full-text indexes that are using spacing and punctuation to parse up data for indexing). This can have dramatic negative effects on the speed on medium-large applications.

    Encryption can also mess with the ability to run specific types of “select” queries against the database. Imagine you’re trying to view all transactions that occurred yesterday. A standard query would look like “select [data to retreive] from [table with data] where DATE > [2 days ago] and DATE < [today]"… easy and fast. However, if the whole table were encrypted you couldn't do this, as all the dates are seemly random strings and you can't use the "greater than" or "less than" operators. Your only choice would be to retrieve all data, decrypt it, and then run through each row to see if it matches your criteria. This is a huge drag on performance and requires a lot more programming.

    There are also some questions as to how important database security is. The most important thing is making sure than no one has access to the database, because once they have it – encrypted or not – there are almost ways to extract the information. One worry is that anyone who has broken in so deeply that they can get the database has also broken in deeply enough to get the decryption keys (this is especially the case for scripted languages). Even without the key itself, once they have the encrypted database, they have all the time in the world to run software than will crack the encryption. In the event that your data is taken it's much better that it be encrypted, but it's no guarantee that they won't get your data.

    There are also trouble-shooting and data-recovery concerns around encrypted databases. If something isn't working at the application level, techs are usually able to log into the database directly and see the current state of the data… logs are helpful to a point, but the data itself is often the key to solving a bug and if the data in encypted you cannot easily see the faulty data. And lastly, it is often even worse for you to lose data than it is for unauthorized people to see it (not always the case). If an encryption key is lost (which can and does happen in organizations) you have effectively lost all the data with it. In order to protect data the keys themselves are often encrypted (to protect against a problem mentioned above), but if a file gets corrupted or goes missing it could be the end of the data as well.

    This isn't meant as a condemnation of encryption, which is appropriate in many cases (especially when the database is stored on someone's local computer, as it was in this instance), but it isn't always safer and is almost always a pain (sometimes involving crippling performance issues). Generally speaking, the best route is a middle path. One-way encryption for passwords and verifying information, 2-way encryption on fields that hold particularly sensitive data, and no encryption on everything else. Certain key fields (i.e. name, address, date of birth, ssn, phone, credit card number, and other identifying info that can be encrypted without ruining key indexes) should be encrypted, and will make it much harder for hackers to reconstruct an accurate picture of a specific person even if they can read a lot of the patient's medical data. It's not fool-proof if a hacker is dedicated (and users will inevitably put identifying information into unencrypted fields some of the time), but then there are generally not workable solutions that can stop a dedicated and skilled hacker.

Return to article »

Latest Interviews

IDEA Labs: Medical Students Take The Lead In Healthcare Innovation

It’s no secret that doctors are disappointed with the way that the U.S. healthcare system is evolving. Most feel helpless about improving their work conditions or solving technical problems in patient care. Fortunately one young medical student was undeterred by the mountain of disappointment carried by his senior clinician mentors…

Read more »

How To Be A Successful Patient: Young Doctors Offer Some Advice

I am proud to be a part of the American Resident Project an initiative that promotes the writing of medical students residents and new physicians as they explore ideas for transforming American health care delivery. I recently had the opportunity to interview three of the writing fellows about how to…

Read more »

See all interviews »

Latest Cartoon

See all cartoons »

Latest Book Reviews

Book Review: Is Empathy Learned By Faking It Till It’s Real?

I m often asked to do book reviews on my blog and I rarely agree to them. This is because it takes me a long time to read a book and then if I don t enjoy it I figure the author would rather me remain silent than publish my…

Read more »

The Spirit Of The Place: Samuel Shem’s New Book May Depress You

When I was in medical school I read Samuel Shem s House Of God as a right of passage. At the time I found it to be a cynical yet eerily accurate portrayal of the underbelly of academic medicine. I gained comfort from its gallows humor and it made me…

Read more »

Eat To Save Your Life: Another Half-True Diet Book

I am hesitant to review diet books because they are so often a tangled mess of fact and fiction. Teasing out their truth from falsehood is about as exhausting as delousing a long-haired elementary school student. However after being approached by the authors’ PR agency with the promise of a…

Read more »

See all book reviews »