Healthcare is plagued by constant attacks from hackers trying to obtain valuable patient health information (PHI). Unfortunately, some succeed, keeping healthcare on edge, hoping that they won't be the next breach. As we talk about building better healthcare software, security is an important part of the conversation. It is imperative to keep PHI secure, but as healthcare moves toward a team-based care model, more clinicians will need to access PHI efficiently. What are some security and transparency issues that need to be balanced?
Clinicians have to log in and out of multiple software programs at computer terminals scattered across different locations. Multi-factor authentication, which uses multiple forms of verification to grant access, is often used on systems that need higher security. Although it seems justified to protect PHI using every defense possible, the problem that this presents is a slower workflow for the physician. Extra seconds added to the login process multiply quickly when you take into account the frequency of logins. One solution is for software to support single sign-on authentication. Single sign-on consists of one server that authenticates users for access to all authorized software. This allows the user to sign on once to be authorized to use several related software platforms, with a single password or even the swipe of a card.
Data encryption can help protect data by encoding the information so that it can only be unlocked and read with a key. This is important for systems that store a large amount of PHI. It is more important for cloud-based systems. Along with protection from outside threats, a cloud vendor must assure each client that their data is inaccessible and unreadable by other clients using the same system.
While encryption provides protection, given enough time, a hacker can crack it, especially if the hacker can apply many systems simultaneously to break the encryption. The stronger the encryption used; the longer time it will take to break. Thus the drawback to encryption is the added time to decrypt the information for use and encrypt for storage. The stronger the encryption, the longer this will take. It is a complex issue, but a balance can be found between protection and data flow, in that, it should be used to deter breaches, but not to the extent that it noticeably slows the flow of information for clinicians. A trade-off could be to apply strong encryption to the warehouse of PHI data and when there is anticipated use of a record, it can be moved to a quick access area with a lower level of encryption.
Software needs good security measures for clinical use, but it also needs to be optimized to allow for smooth workflows. We develop better software solutions by considering options and context to find the right balance for the organization.