People worry about the security of their identity, financial and medical information when they hear stories of hacker attacks on large commercial and government websites, including AOL, Hotmail, Microsoft, MySpace, NASA, Sony, Stratfor, USBank, VeriSign, VISA, Xbox, Yahoo, and many others. They also worry when they read about Target, Google, Facebook, and Twitter pushing privacy boundaries and taking liberties with their collected customer data. Both types of stories dilute trust.
It doesn’t much help if a company that overreaches and gets caught simply promises to do better, and then if public outrage prompts potential legislation, they join industry initiatives to propose new plans for self-regulation, such as the publication of privacy policies that users seldom read.
This article addresses the question, “How Safe is your Personal Health Information?” It examines the benefits and security risks of storing your personal health information online, based on my own personal experiences and decades of IT experience. But I’d like to hear of your experiences in the comments section too.
Electronic versus Paper Records
While I learned about home security through personal experience as a victim, my perspectives of physical and data security of computer systems come from my 30-year career at IBM and as a consultant.
Let’s first look at paper records, because you fill out paperwork with the same information each time you visit a new doctor or clinic or lab or dentist or optometrist. Each office keeps the records they generated about you in those multicolored filing systems. Unless you take copies with you, visiting another office may require a repeat of tests at added cost.
A fire or windstorm can destroy any records in your doctor’s office, just as it can destroy records you keep at home in paper files or on a PC. But worse is the life or death risk of delays in accessing your medical records in an emergency.
Thankfully, the ability to digitally record and transmit medical records electronically saves money and lives. Health information technology (health IT) lets us manage our health information, communicate electronically with health care providers, and improve the quality and coordination of care. I’m a strong advocate of health IT and believe that electronic records are safer when stored in cloud-based services, although that does pose a new set of security risks.
Some health IT tools are made for health care providers, while others are made for health consumers. Electronic Medical Records (EMRs) are used by your doctors and health care providers to keep track of your tests, treatments, care plans, and progress. Personal Health Records (PHRs) are for you to store information about your family’s medical history, emergency & medical contacts, insurance policies, prescriptions, allergies, appointments, etc. The US Surgeon General provides My Family Health Portrait, a free PHR that ties into Microsoft HealthVault and (soon) other PHR and EMR systems.
Federal Protections in HIPAA
HIPAA (The Health Insurance Portability and Accountability Act of 1996) already addresses the security and privacy of personal health information and establishes national standards for electronic health care transactions. HIPAA details can be found at http://www.hhs.gov/ocr/privacy/, but in general, HIPAA…
defines patient rights with respect to their “individually identifiable health information,”
provides federal protections, including administrative, physical and technical safeguards, to assure the confidentiality, integrity and availability of that information, and
permits disclosure of that information when needed for patient care and other important purposes.
What’s There of Value?
You may place a high value on your health information, including test results, prescriptions, and doctor notes, especially if it’s needed in an emergency, and your doctor may also place a high value on it, but your health information likely has little value to others. It’s extremely unlikely that someone will hack into computer systems to steal your medical records.
The Risk is Identity Theft
This is likely the biggest exposure of services that store electronic medical records since identify thieves could have a hay day with credit card information, social security numbers, driver license numbers, phone numbers, addresses, and birthdays, especially if they can gather thousands or millions of records online. That’s why it’s important for companies to maintain electronic medical records separately from identity and financial information. Most experienced health IT companies understand and do this, but some may not, so ask.
Cloud computing is a new buzz word derived from the cloud image often used to represent the Internet. The concept of using Internet and network-based services is driven largely by big corporate players like Amazon, AT&T, Google, IBM, and Microsoft, but it’s just another form of distributed computing. That means you don’t have to install and maintain the software and data on your own computer system but can rely on a trusted service for that. All you need is a web browser and access to the Internet. The key word here is “trust,” and any service you use must be trustworthy.
As consumers, we use some form of distributed computing every time we access the Internet – to make airline & hotel reservations, buy stocks, read & respond to news stories & blogs online, use Facebook or Twitter or email, share photos, watch videos on YouTube, etc. – and each time we give up some personal information in exchange for a benefit. We don’t think or care much about what’s going on out there in the cloud except that we want to reliably and securely do stuff and share stuff.
Cloud computing adds a new layer – services – to the Internet collection of data pipes, routers, servers and networks. Behind the services are companies we trust to manage the data and computing resources for us.
How Secure are Cloud Services?
When entering a credit card number to buy something online, do you look for the little “closed padlock” image at the bottom right of the browser to be sure that the data is encrypted? You should.
While some people in the IT industry have argued that moving data from internal systems to remote services removes control and has security risks, other IT experts say Cloud Computing saved those companies millions of dollars and is more secure than what they could have done internally.
Potential Disadvantages of Cloud Computing include:
Too Much Control in the hands of Too Few. “As data consolidates, I have ‘Big Brother’ concerns.”
Too Much Hype. “While I recognize the benefits, Cloud Computing is not a panacea that’s suitable for all applications. I wouldn’t trust it for managing IRS and Social Security systems.”
Performance Concerns. “I worry that performance of a system shared by others will be slower.”
Security Concerns. “Will a service provider protect my data & prevent unauthorized access better than I can?”
Control of Passwords. “They let users control their own passwords without the stringent requirements we use here, such as changing passwords weekly.”
Lost Jobs. “By outsourcing IT services, employee jobs may be at stake, including my own.”
Advantages of Cloud Computing include:
Users Control Their Own Stuff. Your health records are private unless you grant access to others, and even then you often get to determine who can see or edit what.
Team Collaboration. Health providers working in teams can edit the same document, individually or at the same time, and a history of prior versions is maintained. That’s far more secure than sending email with attachments.
Improved Performance. Cloud datacenters use more sophisticated servers and network connections than most businesses can afford on their own, so performance can be better.
Data Security. Most Cloud services have better physical and data security protections than most private datacenters. But there other factors to consider. Have you noticed how many stories have appeared about lost laptops alone? They can pose far greater security risks.
User Controlled Security. Users can take security into their own hands and decide who gets to see or edit their health records. You can even be alerted via email if somebody logs into your account from a different IP address.
Data Backup & Redundancy. Cloud services not only backup files regularly but often also replicate them onto servers in other cities so they can withstand regional disasters. By comparison, data stored on a home PC is at risk since the home could burn, flood, blow away, or be burglarized.
Competition. Competitive bidding keeps prices low and helps ensure that services take security and performance seriously, because the economic damage from a security breech would extend far beyond the financials alone. The larger cost would be in the loss of confidence and brand value.
Cost Savings. The savings are so significant because companies providing cloud services amortize costs over thousands or millions of clients. Physical site costs include replicated facilities, computer systems, wiring, ultra-fast Internet connections, air conditioning, fire protection, battery backups, and other redundancies. Operational costs include advanced network operations, backup and customer care, among others.
Highly-Secure Data Centers
Here’s an example of a highly-secure data center to give insight into what today’s modern Cloud Computing services offer. I was an IBM computer operator when I did a research paper on physical & data security and IBM’s data center in White Plains, NY. The 2-story “block house” had 4’-thick, reinforced concrete walls with no windows. It was built on springs with all utilities underground, and it was rated to withstand a direct-hit atomic blast in New York City. A double-door entry with badge reader, retinal scanner and a sensitive scale was near an armed guard. You had to weigh exactly the same coming out as going in, meaning that you couldn’t even remove a pencil that you didn’t go in with, and all restrooms were outside of the computer room. The computer systems were protected by Halon fire systems and huge banks of battery backups and generators. That was 40 years ago.
Lack of Imagination
Internal human factors and the lack of imagination are probably greater security threats than data security from hackers or physical security of datacenters. Some high-profile cases of hacking government systems involved simple phone calls to a “helpful” support person and convincing them to reset a password. But my favorite was the fired tape librarian employee who was given 2-weeks’ notice instead of being escorted out that day. His job was to send backup tapes to off-site storage and to repurpose out-of-date backups as “scratch” tapes for the computer room floor. Upset and fuming, this disgruntled employee had two weeks to instead send scratch tapes to offsite storage and remove the labels from master file backups and send them out as scratch tapes. By the time the company noticed that the master files were unreadable, there were no useful backups.
Email and Phishing
Before entering a password to sign-in to a secure website you might notice the icon of a little lock at the top or bottom of the page to indicate the data being transmitted is encrypted, but email in inherently insecure. The data, which might include user IDs, passwords, and attached files, is not encrypted, and there’s no easy way to prevent someone from forwarding your mail to others without your consent or knowledge.
The use of easy-to-guess passwords, including ones you might choose, can also be a security problem, but so can opening “phishing” emails from people you don’t know and then clicking on links inside. Soon after, you learn you’ve installed a virus or malware that uses your PC to spread to others or to log keystrokes so someone can discover your passwords remotely.
The reason I tell you this is that YOU may be a far greater security risk than the company storing your personal health records.
Unsecured Wireless Networks
If you installed a wireless network at home, do you realize that the default Wi-Fi installation has security encryption turned off? You should, and you should take steps to turn encryption on. But even that won’t make Wi-Fi security bullet-proof, as I describe in Comparing the wireless security of HomeRF and Wi-Fi, a white paper I wrote in 2001 about two competing wireless technologies.
A free software download allows you to drive around town with your notebook PC and notice all of the open Wi-Fi networks with no security encryption at all. Anyone parked outside (or a mile away with a directional antenna made from a Pringles can) can monitor your network traffic and capture your login IDs, passwords, and credit card information. So security of your health records might be the least of your concerns.
Even worse is that any home with an unsecured Wi-Fi network can be a national security threat, since terrorists are less likely to use their own network or a public library network to do bad things and are more likely to use YOUR network. Even if the NSA manages to notice threatening data traffic, they can only trace it back to your router and wireless access point – not to the guy in his car a mile away.
Even encrypted networks are not 100% secure, as students at the University of Maryland have shown with enough compute power and captured data. That again is why it’s a good practice to store personal health information separately from identity and finance information.
To fear the Internet and technology is to hide from innovation and progress. I think most security fears associated with Cloud Computing are exaggerated by the news media and unfounded for many reasons. Greater risks include things that YOU have control over, including giving a waitress your credit card and then not closely monitoring charges, allowing someone to look over your shoulder as you enter your PIN at the ATM, and not having your medical records available in an emergency.
I trust Cloud providers like AT&T, Google and IBM because they (1) understand the risks, (2) have the skills to minimize them, and (3) know that any breach could seriously damage their brand to the tune of billions of dollars. They provide Cloud services to major corporate clients who also trust that they can do a better job of protecting their data, because they can. Protecting that trust is why these data centers and networks do so much to secure the data, why they encrypt it as it’s both stored and transmitted, and why the data centers themselves are replicated.
The Basis of my Perspective
First, I don’t think you can make anything 100% secure. The cost and effort to protect it relates directly to the chances of compromise and the damage if it is. I learned that important lesson 35 years ago from a house burglary that occurred twice, exactly month apart. I also learned that the chances of a recurrence go up dramatically since the burglars now know how to get in and expect insurance to pay for new stuff. And I learned how to understand vulnerabilities, motives and skills.
I was a student by day and an IBM computer operator at night, and I came home one night to find glass on the front porch under the front door and the door unlocked. I called the police, and they dusted for prints but got nothing useful since cold winter weather makes hands and fingers dry.
It seemed like I must have surprised a small group of teenagers who escaped out the back, because of what was taken, and what was not. Among the items missing were several bottles of liquor, a suit, pair of old sneakers, and some cool silver & gold jewelry that I made in the army. They left behind a full carat diamond ring, possibly to avoid questions they couldn’t answer if they got caught.
Since they left in a hurry and I feared they might return, I asked the police how to better secure my home. I installed double-plunger deadbolt locks on the front & back doors that need a key to exit too. And I drove large screws into the windowsills so the windows would only open 6” for ventilation.
A month to the day I again found glass at the front door, but the door was still locked, so I unlocked it and went in to find that burglars had hit again. The back door was still locked too. The kitchen window was open, but just 6” – not enough to get in. Another window was open wider. They used a small crowbar to pry open the window and break the window lock, and then they banged the window up hard again & again until the screws bent upward enough so they could crawl in.
I would have loved to watch as I imagined the crime scene unfolded: Rip the stereo & speakers from the cabinet while leaving the wiring intact. Rush to the front door but realize they couldn’t escape there. Run to the back and find the same secure lock. Use the crowbar to unsuccessfully pry open both doors, leaving the door frames severely damaged. (Repairs required replacing half of the old wood & lath wall.) Dig through all of my drawers until they found a Phillips head screwdriver to remove the window frame screws, and exit through the window with their booty, at least the part that would fit through. My expensive racing bike wouldn’t.
That’s when I learned about motives and skills and how amateurs are easily scared off by the higher risk of homes with a security system. (Actually, I didn’t have to install an alarm, just added stickers on doors & windows saying I did.) Alarms, however, don’t deter professionals with skills learned from internships at alarm companies. They know how to circumvent them. That’s why I don’t trust home security monitoring services and would surely not have the same company to do the installation. I don’t want them knowing what type of protections I have installed.
I also learned that most security measures only keep honest people honest and are ineffective against a motivated and skilled criminal with harmful intent. So if I were a burglar and wanted to break in to a home with a security system, I won’t even bother with doors or windows. It’s easy enough to just go through the roof or walls. I’d pick homes without pets, however, because they probably don’t use motion or pressure sensors.
The understanding of motivations and skills helps you craft protections against dishonest people, and anything that decreases their profit and increases the risk of getting caught & prosecuted is often effective. So besides the alarm stickers, I also engraved my driver’s license number on high-value items and added Operation Identification stickers to say everything was registered with the police.
These lessons from home security can be applied to the security of online services and our nation’s critical infrastructure, but they don’t guard against disgruntled employees and human error. The disgruntled employee wants to inflict damage but is not worried about getting caught and may actually want you to know who it was. An example is when Annonymous claims responsibility for a hacking attack.
About Wayne Caswell, Founder & Senior Editor
As a technologist, futurist and marketer with IBM, Dell, Siemens and his own consulting firm, Wayne knows the positive effect digital technologies can have on society and the challenges of adopting them. He introduced IBM to the Digital Home market before retiring after 30 years when the company got out of consumer markets. After IBM, Wayne established CAZITech Consulting, held leadership roles in industry groups developing Wireless and Home Gateway standards, volunteered with the FCC Consumer Advisory Committee, successfully lobbied the Texas legislature to protect the rights of municipalities to install public Wi-Fi networks, co-founded a nonprofit consumer advocacy to enact new consumer protection laws and abolish an abusive state agency, and founded Modern Health Talk. Wayne can be reached by email or at 1-512-507-6011.