Security by Design for eHealth

How secure is your home, your car, your office? Do you use double bolt lock or have bars on your windows? How about internal alarms?

For the most part your answer to these questions depends on where you live and the value of your possessions. At the very least you have locks on your door, but you may leave the door unlocked from time to time. This is risky yet unlikely to result in major loss. If you do it too often and become lax in your home security then you give a thief opportunity that puts your possessions at risk.

Bank Vault

Bank Vault

The level of security and privacy is dependent on the risk tolerance related to the value of what you are protecting and personal risk avoidance. When in comes to our personal health information the value of which is questionable, security can vary. Critical details about us and identifying information that can be used to obtain fraudulent documents or prescription must be treated with great care with the highest level of security. Our less personal details are not likely to be used to gain access to our money or take possession of our personal goods; these pieces of data are less important. While you may need the security of a “fort knox” to secure critical data, a simple key and lock is all that is need for other less critical details.

How do you secure data in your health information? Data that is stored must be encrypted with restricted access; when viewed it must only be displayed to a verifiable user with correct permission. Even with high-level security it is impossible to prevent a wandering eye on a screen. Early in our development of health information access the question of security and privacy always came up. Usually asked by doctors and nurses who raised this objection as a means to slow adoption. My quick response to questions on the security of electronic data was to point out that; currently fax machines in the hallway had patient data displayed, that behind the nurses station a white board with patient names and other identifying data was displayed for anyone visiting their unit; and that carts of patient charts are routinely rolled around the hospital and that these paper folders routinely would be left unattended. Electronic health information systems are much more secure than paper and non-electronic means. When records are electronic it means you can get access to your data much more easily than paper folders locked in a doctors cabinet or the basement of the hospital health records department.
Ideally we would want full control and access to all our own health information and be confident that it is not being misused or shared without consent. We currently don’t have that control. We rely on our doctors, our hospitals and other government agencies to maintain and control access to our health information. In the province of Ontario and many other jurisdictions individuals have the right to access and control permission to all their health information. Of course the practicality of receiving all this information from a hospital or doctors’ office makes it difficult. How would we get the paper forms and input them ourselves into our own health application? If records were electronic patient have better opportunity to access and control premission to their own information.

We need to ensure that proper percautions are being taken to store our information. To secure our health information the personal identifying data must be encrypted and only viewable by verified access. While user name and password is relatively simple, there are better ways to ensure privacy and security. A smartcard with proper token identification would be a strong method to secure access.

The NEXUS system is used by the US, Mexico and Canada for “trusted travelers”. The system issues a card for this program that uses several layers of security. First a person registers online and their user name and password is issued; then a face-to-face interview is conducted and documents verified (passport, driver’s license etc.); photo id is made and a retina scan is taken along with other details; then a card is issued with an RFID. When entering the country, rather then wait in a lineup, the “trusted traveler” uses the NEXUS card; unsheathed from the RFID blocking cover to access a self-help KIOSK. The traveler positions themselves in front of a device that takes a retina scan, which is compared to that on file, the proximity of the card is all that is required to match the individual to the online file. No swiping or entering of card number or pin is needed. The system verifies who you are by something you are carrying (the card) and your physical attribute; your retina scan. The process is quick and easy. The difficult part was in the verification and issuing of the card.

In Ontario the government issues an OHIP (Ontario Health Insurance Plan) card that is used for payment of services. Many individuals still have the old “red and white” card that is simply an embossed plastic card with only a 10-digit number on it.



Individual refuse to part with this because the newer cards contain a “version code” and has an expiry date. Neither of these has embedded security, although the newer cards have a photo and a magnetic stripe that contains some personal identifying information that can be read by swipe machines. Other provinces and territories in Canada also issue health cards to citizens, due to our universal health care and the Canada Health Act a citizen could receive care in Ontario using their Alberta health card. Except for layout and check-digit calculation most systems in hospitals and clinics don’t verify health cards. It is unlikely that a fraudulent card would be detected or rejected until well after services have been provided. In the past it was known that some individuals would use the old “red and white” to obtain services for family members that were not eligible for OHIP, this type of abuse is minimal. Replacing all cards with a common standard and using smartcard token or RFID would be beneficial for all healthcare providers and consumers.

To create a secure and private electronic health application one could use the credit card and banking industry model. A credit card is issued from a specific institution, with the first grouping of numbers uniquely identifying the bank and card issuer, then there is a unique number associated with the individual. The card also has security features like check-digit algorithm, and security code. Other features like holograms, photos and smartcard and magnetic swipe all can be implemented on cards. The ability to add RFID would further enhance such an access verification tool.

Each card would be associated with an individual. Also with this model a card can have sub-accounts so that a parent can access records for child of other family member that has granted them access. This would be useful for better service traking. Take for example a child whose parent are divorced, each parent can have their child added to their card so that access to care is unencumbered when the child is with the other parent. This is also useful for family members such as elderly parents. The card has the ability to be a security key into an electronic health application. It isn’t the only consideration, it is a good start.


3 thoughts on “Security by Design for eHealth

  1. Pingback: Security by Design for eHealth

  2. Pingback: Security by Design for eHealth « Clarity Healthcare | Mesa Home Security Service

  3. Pingback: Lasik Blogg

Comments are closed.