Healthcare Providers Use Encryption to Protect ePHI, but What is Encryption?
We hear a lot about encryption and how it is an important tool to keep our data safe. Healthcare providers are required by the Health Insurance Portability and Accountability Act (HIPAA) to use encryption as a way to protect their patients’ electronic protected health information (ePHI); but what exactly is encryption and how does it help prevent data breaches, fraud, and patient identity theft?
Encryption is based on the science of cryptology and has long been used by individual people, the military, and government bodies to communicate classified information. Cryptology focuses on cryptography, or the study of secret writing, and cryptanalysis, deciphering coded messages without the key.
Simply stated, encryption is a process used to scramble information. Only those who have the key to decrypt the information can read the correct message. For example, as a child in school you may have passed notes in class written in code so only your friends could read them. If a note was intercepted, they wouldn’t be able to read the message.
How Healthcare Providers Use Encryption to Protect ePHI
Cyber criminals are targeting the $3.6 trillion U.S. healthcare industry because much of the information contained in a medical record is permanent and can’t easily be replaced like credit card numbers. Prescription and health records are permanent, social security numbers are difficult to reissue, records can be used for insurance fraud, and fake IDs are created to purchase medical equipment and prescription drugs for resale.
End-to-end encryption (E2EE) is used for all electronic medical records (EMRs), any hardware or software connected to EMRs also use E2EE, healthcare provider computers typically have encryption software pre-installed on each machine, clinical communication devices need to use encrypted software, and even healthcare-related mobile apps used by hospital staff are encrypted.
Failure to adequately safeguard patient information has plagued the healthcare industry for the past few years. According to The Ponemon Institute/IBM Security and its 2019 Cost of a Data Breach Report, a healthcare data breach in the U.S. costs an average of $15 million.
Encryption Through the Ages
One of the most famous examples of encryption was the use of a military Enigma machine by Nazi Germany before and during World War II. Recently the story of breaking the Enigma code was featured in the 2014 film “The Imitation Game” and British television series “The Bletchley Circle”.
The use of encryption dates back much earlier, however, and was used all over the world by ancient scribes. A well-documented cuneiform tablet from Mesopotamia around 1500 BCE contained an encrypted recipe for an important and highly valuable pottery glaze. In 700 BCE the Spartan military wrote in a secret code, or cipher, by writing on pieces of parchment or leather while wound around a wooden stick called a scytale. The messages were sent unraveled and would be decoded by wrapping it around another stick that served as the key.
In our current digital world, encryption is incredibly complex. The ciphers we use today are better known as algorithms. This highly sophisticated code rearranges words and messages we communicate electronically into something unintelligible. Algorithms are specifically designed to be unique for a highly secure encryption scheme. Only the intended recipient(s) can access the message and not unauthorized users.
People may not think about it often, but encryption is being used in our daily lives to assist in protecting our private information and communications. Most electronic transactions use encryption to ensure a secure transaction. Sensitive electronic data is protected when someone makes an in-store purchase using a credit card or any payment that needs to be processed using an Automated Clearing House (ACH) including debit cards and checks, send an email, uses a cell phone, or even when data is just being stored on a computer drive.
When surfing the internet, oftentimes a lock icon appears next to the URL and the address will begin “HTTPS” instead of “HTTP”. The “S” stands for “Secure”, meaning, the website is using the secure version of Hyper Text Transfer Protocol (HTTP) so that all of the communication between their visitors and the website is being encrypted.
In today’s society, it’s almost impossible to function or do business of any kind without personal data being shared on a computer system. Encryption is still the best tool we have to keep private information secure and make certain our communications are only seen by the intended recipient.