Using Lokdon makes encryption of PHI, PII and other classified data sets used in healthcare industry possible. Encryption of PHI under HIPPA had been a recommendation but the viability of Lokdon encryption of these data sets in both transit and rest motivates a pervasive use of encryption as opposed to de-identification with no extra cost. We also introduce encrypted APIs and de-addressing for healthcare as a means of addressing the GDPR right to forget. Many embedded devices exist in the healthcare industry. We see the need for encrypting all data passing through CMD, IMD and ICD. Lokdon used a hybrid algorithm to keep and share data between these devices and other devices.

Healthcare organizations investment in advanced technology might not be as swift as the financial organizations. We know that he Healthcare organizations do these for cost savings and better patient care, cybersecurity measures are also considerations. Healthcare data encryption and the de-identification of data are two essential methods for maintaining PHI security.

The terms might seem similar, but they are not. They both involve changing the readability of data (lack formulating information is common) or how the data can be traced back to an individual or a certain source. The two forms two important methods of information hiding in Healthcare.

Unencrypted data is a major vulnerability when it comes to healthcare data breaches and could also result in greater fines for healthcare organizations following an OCR investigation. Many reports had shown that lack of data encryption in Healthcare is unforgivable. It is true that many breaches could result from this single action. We have seen thought leaders like Gartner, Ponemon Institute, Deloitte and IBM comment on this problem. Below you will find some example of what could go wrong and the cost of that.
In one recent example, Fresenius Medical Care North America (FMCNA) agreed to a $3.5 million OCR settlement in February 2018 after a reported five HIPAA data breaches. Incidents occurred at various FMCNA-affiliated covered entities, with unencrypted devices noted in multiple OCR investigations.

An unencrypted USB drive and an unencrypted laptop were stolen in two separate cases.

One of FMCNA’s covered entities, FVC Augusta, “failed to implement a mechanism to encrypt and decrypt PHI,” OCR explained. The organization also did not have the necessary policies and procedures in place to explain how certain functions must be performed.

And as healthcare moves more towards interoperability and an increased focus on value-based care, patient data privacy must be protected through the de-identification of key identifiers.

There is also a push for interoperability and an increased focus on value-based care, which has led more organizations to consider secure health data sharing. Patient data privacy cannot be forgotten in that process, which is where the de-identification of health data can be utilized.

De-identified data does not include the complete information of an individual. But organizations can still potentially commit a data breach if that information is found in addition to the complete data.

Arkansas-based Arkana Laboratories, formerly Nephropathology Associates, PLC, reported in 2015 that one of its employees sent an unsecured email to a vendor that included PHI and de-identified information.

“The vendor was the intended recipient of the e-mail, however, they did not require PHI to perform their services and only the de-identified component of the information should have been transmitted,” the statement explained, which was signed by Practice Coordinator and Compliance Officer C. Aaron Nichols, MHSA, CMPE.

“As a result of this incident Nephropath is reviewing its policies and procedures to protect against future incidents of this nature,” Nichols continued. “As part of this process we will be providing additional training to our workforce and the responsible employee.”

But what exactly is the difference between encrypting data and de-identifying it? Can healthcare organizations use one and not the other?

Understanding the differences between health data encryption and the de-identification of health data, and how each method can be appropriately utilized, will help covered entities create a comprehensive approach to healthcare data security. Click Here