Safe and Secure
Jason S. Slakter, MD
We live in a world of fear and uncertainty when it comes to our personal security and the safety of our private information. Not a day goes by that we do not hear about some hacker getting into a company's Web site and stealing information for personal gain or simple malicious intent. Computer viruses abound, threatening to steal or destroy data or the computer systems that we rely on for our daily activities, both professional and personal. Perhaps one of the most disturbing of these security breaches involves identity theft. As some of you may remember, I described by own personal experience with identity theft in a 2007 Upfront column. This was as close to a personal attack and invasion of privacy as I ever want to have happen.
Obviously, these security breaches go far beyond the personal, as evidenced by the massive release of government documents by the WikiLeaks group. Here we see an example of supposed secure and protected government information, of a highly classified and sensitive nature, being accessed and made available to the public. Although there are those who might argue about the value of “an open society” or “freedom of information,” I personally believe that there are times when things should remain private. The reality is that sometimes secrets are needed, particularly when dealing with sensitive issues of international diplomacy and national security. Of course, a simple rule to follow and one that should be considered by everyone is that anything you put in writing, no matter how private or secure you think it is, may eventually be seen by everybody.
For our medical practices, at least here in the United States, the movement toward mandatory electronic medical records raises the uncomfortable prospect of private health information being accessed by unauthorized individuals. In spite of assurances that these systems are secure and the data contained therein are protected, recent experience teaches otherwise. In addition, computer system failures, either through accident or viral damage, may result in our inability to view critical data in a timely manner or, worse still, permanent loss of information.
A recent incident, however, has reassured me about the capability of ensuring absolute security of information. I had a patient come to me from a local Veterans Administration Hospital for a second opinion regarding macular degeneration. In addition to his medical information form, he presented with a computer disc containing the angiograms performed on him over the previous few months. When I loaded the disc into my computer, what resulted was not a display of color photos or angiographic images, but instead a warning that this was private health information and that the data were encrypted. There was a decryption algorithm included on the disc, and I ran the program, entering password verifications as instructed.
Unfortunately, however, in spite of several attempts, the algorithm failed and the images remained encrypted and secure within the disc. So it seems that, in spite of all our concerns about personal privacy, we will at least be able to sleep securely tonight knowing that this patient's angiogram will never be viewed by any prying eyes, not even my own.