Personal Health Information Security

We’ve been having an interesting technical discussion at LinkedIn (at this link) about health information security when trying to share patient data among multiple data silos. We’re examining issues concerning the security of cloud computing, e-mail, and information stored in local computers and mobile devices. We’re discussing the strengths and weakness of encryption, exploring reports of data breaches, and identifying the incremental risks of different security prevention approaches.

We’re also presenting and evaluating innovative security solutions, such as: (a) allocating a specific IPv6 block just to healthcare; (b) using a novel method that is impossible hack (even with brute force) by “scrambling and padding” patient data using multiple keys; (c) separating patient identifiers from the person’s clinical data; and (d) using globally unique IDs (GUIDs) to name patient data files and mapping the GUIDs to the actual patient identifiers.

These kinds of creative discussions and brainstorming are essential when seeking solutions to the daunting challenges facing healthcare reform. The important thing, imo, is to be open to all ideas and critically examine them in terms of strengths, weakness, problems and risks.

Related posts:

• Should Personal Health Information Reside in Silos?
• Who should Own a Patient’s Health Data, Where should they be Stored, and How should they be Exchanged (Part 2 of 2)
• Personal Health Information Privacy