Dr. Andrew Litt, Chief Medical Officer at Dell, made a thoughtful blog post last week about the trade-offs inherent in designing for both the security and accessibility of medical data, especially in an era of BYOD (bring your own device) and the IoT (internet of things). As we begin to see more internet-enabled diagnostic and monitoring devices, Litt writes, “The Internet of Things (no matter what you think of the moniker), is related to BYOD in that it could, depending on how hospitals set up their systems, introduce a vast array of new access points to the network. … a very scary thought when you consider the sensitivity of the data that is being transmitted.”
As he went on to describe possible security solutions (e.g., store all data in central servers rather than on local devices), I was reminded of a post my colleague Simon St.Laurent wrote last fall about “security after the death of trust.” In the wake of some high-profile security breaches, including news of NSA activities, St.Laurent says, we have a handful of options when it comes to data security—and you’re not going to like any of them.
However, according to Biometrics Research Group, the IoT will grow from nearly two billion devices today to over nine billion connections in less than five years. Further, they predict that 500 million—or 1 in 20—of those devices will include biometrics (counting work time management and premise security entry consoles). That’s a lot of sensitive data floating around, so it’s worth considering all possible options.
First, St.Laurent says, we have the option to just keep doing what we’re doing. He cites a few high-profile experts who argue that without specific and highly-skilled threats, maybe the status quo is good enough. But if we agree with Litt that medical data is “some of the most sensitive data on the planet” (a separate discussion for another day, so go with him for now), then sticking our heads in the sand and carrying on as usual is not a true option.
Second, St.Laurent points out that digital is not a requirement. Know how to keep your data from being stolen by hackers? Don’t put it on the internet! We already know how much of a trade-off that is in general: social and professional networking sites have revolutionized the way we’re used to communicating with each other, and many of us don’t want to go back. When it comes to healthcare, we’ve already decided as a country that the centralization and sharing of medical data in the form of EHRs (electronic health records) and HIEs (health information exchanges) reduce errors, enhance research, and improve patient care. Going backwards on this doesn’t seem like a true option, either.
Third, St.Laurent offers that we could yield a bit on our dreams of doing everything digitally, instead opting for some in-person key sharing and authentication factors that would keep digital resources much more secure. He writes, “Physical and in-person approaches also make it easier to return to old models of compartmentalization and cells, where information is shared on a need to know basis rather than rough classification levels.”
This starts to sound much more feasible! Litt points out that part of the challenge for hospitals is that they contain many doctors who are not employees, and therefore want to use personal devices to access hospital networks. But using the physical and in-person approaches St.Laurent describes could turn the “presence of non-employees” weakness into a strength by leveraging the fact that doctors physically show up in hospitals. Yes, it would take some retraining to teach physicians the ins and outs of public and private keys, but that seems a small price to pay to avoid a major security breach.
As a final option, St.Laurent suggests a more open approach that one might describe as the Regan Protocol: trust, but verify. While a lot of cryptographic code is decipherable only to a handful of experts, the idea is that making standards and systems more transparent would lead to fewer exploitable security holes.
There might be a place for this approach in the medical data community, although Litt cites a sense of urgency that I suspect would clash with the time needed for expert review of this kind: “[Doctors who see a better way to care for a patient] want that change to happen now, not next year, and that urgency must be taken into account when making decisions that affect network access.”
Ultimately, the security of medical data in the face of rapidly-multiplying devices and access points will require a combination of approaches. And those will need to come from experts in a combination of fields. But the urgency of finding that sweet-spot between accessibility and security is only growing. So let’s start the conversation.