Health Information Security of Yesterday, Today, and Tomorrow

Updated: Jun 17

Chronological insight to the evolution of Health Information Security shift

Originally Published by Technology Hits on Medium

Photo by Artur Łuczka on Unsplash

Information is power, and such power is a sacred property of every individual. Once a person grants another person or entity their private information, it provides the key to their inner realm. Thus, a person who holds your information is responsible for what happens to you once you use that information.

Personal information pertains to everything in our lives, but those regarding our health and wellness carry further significance of their own. Before the evolution of electronic health records (EHR), the privacy of medical information was intricate enough. But amidst the expansion of the big data industry and Artificial Intelligence (AI) technologies, it has become sophisticated and more than ever covert. That makes it furthermore challenging to ensure the privacy of the patients. In this piece, I will not jump into the details of how and why the data security landscape is shifting, as I have talked about them in my other write-ups. However, today I will focus on the chronology of health information security.

Health Information Security is about protecting our most Valuable Asset

Information security, protection of information, and information systems deal with protecting private data from unauthorized admission. It is attained by ensuring the confidentiality, integrity, and availability of data. In healthcare, which is also about privacy, integrity, and availability, it means warranting that electronic health information is not disclosed to unauthorized persons or processes. Additionally, simply providing secrecy in the modern sense does not suffice to secure individual sovereignty. Likewise, we must save the integrity of the electronic health information that has not been altered or destroyed in an unauthorized manner. Availability must feature the property that provides electronic health information accessible and useable upon demand by an authorized person.

In a world where data is more becoming profitable, protecting that data is flattering equally important, and challenging because it parallels to overwhelming stride to protect our data from modern-day data piracy.

The contemporary pirates are savvy enough in their data mining endeavor. Artificial Intelligence (AI) algorithms using various covert protocols gain access to personal information with or without our transparently granted informed consent.

History of Health Information

The first record of medical documentation can be traced back to ancient Egyptians from 1600 BC. It was then not a patient record in the modern sense; instead represented a written manuscript on papyrus describing the surgical treatment of war wounds. The Greeks followed that era with Hippocrates, who was active 2400 years ago at the god Asclepius’ temple of healing on the island of Kos in today’s eastern Greece. Hippocrates took notes of his patients about symptoms, the appearance of the patient, social situation, and to decide on the treatment; he also recommended that these documents be stored and used by new physicians involved in treating the patient.

Greek medicine was kept and developed by the Arabs into so-called Islamic Medicine during the Islamic Golden Age, from the eighth century to the thirteenth century. The Arabs introduced the concept of hospitals to ancient medicine. They also were the first to keep written records of patients and their medical treatment. At the time, students were responsible for maintaining the patient records, which were later edited by doctors and referenced in future treatment.

With the evolution of natural science in the early 18th century (during the Age of Enlightenment in Europe), everything in nature was classified and described. The most famous representative was the Swedish scientist, botanist, and physician Carl Linnaeus, who built up a whole classification system for naming organisms. Linné is also known as the Father of modern taxonomy and was active during that era at Uppsala University in Sweden.

The initial traces of modern paper medical records can be traced back as far as the 1920s. Maintaining Paper medical records gradually became more popular from that time onward, but the information technology revolutions of the ’60s and ’70s introduced the beginnings of a new system. The development of computers encouraged American universities to conjoin computers and medical records.

The ’80s marked the healthcare software development introduction of the master patient index (MPI), a database that patients could utilize the electronic check-in process for the first time.

An upsurge of medical faults and patient demises caused by healthcare providers required the search for a viable EHR system in 2000 by the Millennials. They were Hoping to obtain Electronic health records that would allow “physicians to make improved decisions and offer better care and lower incidence of medical mistakes. They do so by improving the accuracy and clarity of medical records. President George W. Bush called for computerized health records in his 2004 State of the Union Address. That was the start of the Electronic Health Record revolution.

Current healthcare organizations are in the process of implementing functional EHR systems with more intensity.

The well-defined boundaries disappear among the actions, sources, and usages of healthcare data, health information management (HIM), and health informatics (HI). Definitions of the professional domains and scopes of practice for health informatics converge with the proliferation of health information and communication technologies. Convergence is changing both the IT roles within their organizations and the aptitudes necessary for training future professionals. Many of these changes suggest a blurring of roles and responsibilities with increasingly overlapping curricula, job descriptions, and research plans.

But, the great irony of the turf is that there is a lack of standards concerning data science and technology, as an organization may have more than one software system in place. That consequentially affects clinical information systems presenting them with challenges such as achieving interoperability between various data formats to safeguard information available across all areas of the healthcare system. So, the future has its place for those who are creative and analytical enough and can link the information technology team and clinicians. Nevertheless, even amidst overwhelming success to capture such an innovative arena, one major challenge will remain, that is, the ethics and legality of harnessing those talents. There will be a thin line between a good cause and a harmful deed if we fail to establish end-to-end transparency within the Informatics processes and structures.

Chronology of Health Information Security

Almost all of us are aware of large companies that cyberhackers have targeted. Plus, while cyber safety has improved hugely, the issue certainly exists and is pretty severe. Companies today can physically secure their files via a range of security and fire safety techniques using sophisticated software technologies. However, let us consider that those who know how to protect themselves from external hacking probably know how to hack too!

The subject of information piracy is not a new one but for sure represents a great source of revenue and power. It is most convenient and lucrative, particularly to the same organizations that about a decade ago were challenged by hacking. Still, they have now established a way to profit from public data at literally no overhead cost. The traditional visions of cybersecurity and information protection are no more adequate in today’s technological venture. For instance, the 1960s marked the era of password protection when organizations, for the first time, saw themselves as protective of their computers. During that time, no internet or network existed to be the subject of concern; thus, security was mainly engrossed in more physical measures and preventing access to people with adequate knowledge about how to work a computer.

Cybersecurity’s history coincided with a research plan all through the 1970s. Also known as the ARPANET (The Advanced Research Projects Agency Network) researcher named Bob Thomas created a computer program that could move ARPANET’s network, leaving a small trail wherever it went. He called it the program ‘CREEPER’ because of the printed message left when traveling across the web: ‘I’M THE CREEPER: CATCH ME IF YOU CAN.’ Ray Tomlinson, the pioneer of the email, also designed a program that took CREEPER to the next level, making it self-replicating or the first-ever “computer worm.” Auspiciously, Ray then created another program, the Reaper, which chased CREEPER and removed it. That was the first example of “antivirus software.” Certain groups of people (the world’s first hackers) began to recognize this as well, seeking out ways to infiltrate these lines and steal critical data.

Over the years, when computers started to become increasingly interconnected, viruses more advanced, then information security could not sustain with the relentless dam of innovative hacking schemes. For example, in the 1980s, the Russians began using cyber power as a weapon by employing German computer hacker Marcus Hess to snip US military secrets.

The 1990s marked the rise of firewalls amid increasing internet availability to the public. While more and more people began putting their personal information online, organized criminals saw this as a potential source of revenue. They started to steal data from people and governments via the web. Therefore, By the middle of the 90s, network security threats had increased exponentially. Similarly, firewalls and antivirus programs had to be shaped on a mass basis to protect the public. A NASA researcher created the first firewall program design following a computer virus attack at their California base. However, while firewalls and antivirus programs went so far as to minimize the risk of seizures, computer viruses and worms kept coming impenetrable and fast, so hackers had the upper hand at the time.

In the early 2000s, governments began to take strict action on the criminality of hacking. It started giving much more unembellished decrees to those culpable — including extensive jail time and hefty fines. The significant breaches can be traced back to the 2010s due to the unswerving rise of technology. Hacking became ever more complex over the following years, and many significant data breaches now broadly define the era, including Edward Snowden. He was a former CIA employee and contractor for the US Government.

Information security is continually taming, and many companies are designing a vast array of apprentice attack mitigation options that utilize things like Network Behavioral Analysis, web application firewalls, and Denial of Service protection. But so are the data abuse schemes so covert that they can hardly be traced, caught, or even prosecuted. Because in the majority of cases still there is no well-defined law against accessing and abusing personal information. In other words, there are still too many loopholes for a legislative action to be able to keep up with them because even the most sophisticated data protection solutions don’t ensure information safety at a personal level. That is precisely why, on the individual stage, people and businesses need to keep on top of their information security and implement techniques to ensure their data stays protected.

Health Information and Data Today and Tomorrow

“In the age of digitalism, concealing personal data resembles pulling the wool over eyes.”

Today with overwhelming advances in information technology and cybersecurity, accessing public data is an easy task. Today, the data extractor or” Data Mining” experts can collect patient information freely without requiring permission from the individual patient. Such access requires some strategic arrangement that places an entity or a person at an advantage point. Nonetheless, gaining such a situation is permitted under the current sociopolitical environment. Even though encryption and strict data privacy laws are on the development path, there are still too many loopholes that help the data collector achieve its goal. For example, machine learning and Artificial Intelligence Algorithms can extract medical information from a pool of giant data silos and match it to patients identifying information without permission or authentication.

Indeed, in the real world, you may not recognize those entities that access your information innovative means as “Hackers,” nonetheless their intention and objectives, surly, place them in that class.

With the ever-expanding big data industry, a machine learning algorithmic program can strategize to identify and connect the individual’s extracted health information with personally identifiable information like IP address, physical address using Global positioning system and social criteria using social media. Hence, With the developments in artificial intelligence technology and big data, it would be naive to think or else.

“Healthcare is a tantalizing market for non-medical industries to reach for the slice of the pie; thus, monopoly has become the weapon of choice for most corporate entities, more so for Big data, Artificial intelligence, and Data mining.”

Healthcare, like any other industry and more, is vulnerable to malicious data mining practices. It is happening today and will continue happening if left unaddressed. Patient information and data generated by medical professionals is a valuable commodity that will only become more valuable with time. Today’s big industries trade patient information for billions of dollars, often than not at no consent of the individual owner of that data.

The future of patient personal data integrity and safety is hazy, even though advances in cybersecurity are fundamental. That only means one thing: Cybersecurity is for the big industry to avert hacking each other!

Technologies like Amazon Alexa will keep listening to your conversation in your living room and transmit the process and sell it for the big Buck regardless of your permission. Or our lives will be at the mercy of intelligent technologies such Internet of Bodies and whatever data they analyze from our physiques.

Moving forward on Health Information Security is the moving to a Decentralized System

Data sets are snowballing in the healthcare industry, both in volume and complexity, as the sources and types of data keep on burgeoning. Today, over 30% of the world’s information is assessed to be medical services data, and in the US, many hospitals accumulate over 100 data points per patient per day.

To fight against health data abuse, some cybersecurity solution providers have started to focus on the healthcare industry specifically. They tend to Follow HIPAA Guidelines to Secure Patients (Health Insurance Portability and Accountability Act) and offer data confidentiality and security provisions to protect patient's private medical information from diverse threats. But compliance with HIPAA does not necessarily criminalize or avoid data piracy by the big Data industry, neither make advances in multilayered data code encryption practices.

Privacy is invaluable as it enables other fundamental values, including ideals of personhood such as Personal self-sufficiency (the ability to make personal decisions), Individuality, Respect, Dignity, and worth as human beings. Breaches of privacy and confidentiality not only affect a person’s dignity but can cause destruction.

Privacy is valuable even in the absence of any humiliation or perceptible maltreatment. Solitude is required for developing interpersonal relationships with others. Just because a person’s identity is sealed, does not prompt an entity to use that data in whatever mode it can! Even if they do, industries can easily match patients’ identifying information with their clinical data using modern technology. For instance, if an individual undergoing genetic testing coincidentally finds their long-lost relatives by doing so, it would not be hard to see a rise in a person’s health insurance premium just because they expressed in the living room while Amazon Alexa is listening that he or she is a smoker.

The security goals are triple: first is to ensure that only the authorized individuals see stored data; second, they only see the data when they need to use it for an authorized purpose; and third, what they see is exact. Traditionally, these goalmouths have been pursued through protections intended to make data dealing out safe from unlawful access, alteration, omission, or transmission. The HIPAA Security Rule employs this outdated solution to protect security and sets a floor for data security standards within covered entities. However, The HIPAA Security Statute alone applies to protected entities. Many scholars who rely on protected health information to conduct health research are not considered covered entities. Therefore, they are waved from required to implement any of the security requirements outlined in the security rule.

The HIPAA Security Rule only shields electronic medical records; it does not require covered entities to implement any security protections for paper health records.

Many covered entities are not yet in full compliance with all the requirements of the HIPAA Security Rule, based on surveys of healthcare privacy officers accountable for executing the HIPAA regulations led by the American Health Information Management Association.

Regardless of whether the HIPAA rule is vigorously imposed or not, the HIPAA security rules’ breaches to protect personal health information are challenging. Enhanced security is essential to lessen the risk of data theft and to reinforce the public’s trust in the research community.

Today there seem to be at best four technological approaches to enhancing data privacy and security that others have proposed as having the potential to be particularly influential in health research: (1) Privacy-preserving data mining and statistical disclosure limitation, (2) personal electronic health record devices, (3) independent consent management tools, and (4) pseudonymization. The latter is a data management and de-identification technique by which personally identifiable information fields within a data record are substituted by one or more mock identifiers or fictitious names. But still, these are not enough to protect patient sovereignty.

Health information piracy is one of many dangers threatening the global healthcare system and patient sovereignty. The problem does not stop at unpretentious compliance with securing and preventing patient identity revelation. It’s about patient safety, autonomy, and authority. Despite access to state-of-the-art technologies and science to avoid personal information abuse, we are still far from achieving such a mission. In reality, we are now making patient data secure, and many technologies such as Deep learning and artificial intelligence have been developed to trawl for private data. In other words, we are wedged between hypocrisy and Big data business.

Decentralization is the Ultimate Solution

Decentralization of data endorses transparency, culpability, and, most of all, efficient stewardship. Various participants such as physicians, nurses, administrators are involved in patient care; all need to benefit from individual access to precise medical records while ensuring that exchanging is private, secure, and abuse-resistant. It is efficiently achievable by ensuring that each user can maintain their data block along the chain of patient care. Each time needed, all users must be able to interconnect to the “block” of others. Hence, everyone can promptly access all the necessary data and adequately deliver quality care. Blockchain does just that! But, before we tête-à-tête about this valuable technology, let us explore facets of threats patients and physicians are currently facing.

#Healthcare #technology #Blockchain #Healthinformation

3 views0 comments