Medical records hold some of our most sensitive and powerful data, which means that security is of the utmost concern for both patients and covered entities. This means that there’s a delicate level of trust with businesses and their infrastructures regarding medical and personal information. Even the most minor fracture in the data infrastructure can cause massive issues — including fines, loss of trust, and even the collapse of a business.
We’ve gone over many components of the HIPAA Compliance Checklist before, highlighting areas regarding how covered entities should approach data acquisition, transfer, and storage. According to the Department of Health and Human Services (HHS), many aspects of this checklist deal with the HIPAA Security Rule, which:
“Establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity.”
These standards deal with three central areas of data security.
- Physical safeguards
- Administrative safeguards
- Technical safeguards
Data encryption plays a major role in the technical safeguards required by HIPAA — and has a truly amazing history behind it.
What Is Data Encryption?
Before we dive too deep into data encryption, we should understand what encryption is — and how it works. Encryption gives people a way to hide the contents of information or messages in a way that gives access to only a select number of people. This is the foundation for all data security and protects internet communication and sensitive information that could be stolen or taken advantage of.
History of Data Encryption
Now, data or message encryption has come a long way from its simplified roots. It all started with cryptography, the process of hiding information so that it is unreadable or undigestable without inside knowledge or a key.
This practice has been around for literally thousands of years and began in ancient Egypt as a way to protect religious rituals from the watchful casual eye. It was the most basic type of encryption, where a scribe substituted some characters for hieroglyphics in his master’s tomb.
While the Spartans were known for their incredible military prowess, they’re also accredited with creating one of the first forms of transposition encryption. They would use a very long and thin piece of papyrus, an old type of writing surface, writing characters vertically down. When the piece of papyrus was wrapped around a stick with a certain thickness, a message would reveal itself. However, without the right key (or stick), the letters would simply look like nonsense. Very simple, but a genius idea for its time.
The Romans & Julius Caesar
While encryption had been around before, nobody used it to its militarized advantage to the degree of Julias Caesar. Dubbed the substitution cipher, Caesar’s system was also very simple, but difficult to crack in its day and age. All one would need to do is shift the letters or characters in an alphabet by three, causing words to look like gibberish to the casual observer.
The Jefferson Wheel Cipher
Thomas Jefferson is known for many great feats, but one of his lesser-known inventions was the wheel cipher. This incredibly complex system used 26 wheels with each of the 26 letters of the alphabet randomly arranged around them. A code word would be developed that would correspond with the position of the wheels, and once the rows of wheels were correctly placed — the message would reveal itself.
A Quick Shift
The onset of the World Wars forced encryption practices to ramp up their complexities, and new forms of encryption were developed around the globe. Some of these include:
- Trench Codes
- Chocktaw Codetalkers
- Germany’s Enigma
- Japan’s PURPLE
- Navajo Codetalkers
Each of these various encryption methods and styles had their time to shine, and while they were all extraordinarily complicated — many were broken with the exception of the Chocktaw and Navajo codes. However, the breaking of the Enigma code and Alan Turning were major springboards for both modern computing and encryption.
Modern Data Encryption & Medical Records
With the advent of the digital age, a new way to protect sensitive information was needed — and it took pages straight from its cryptography history playbook. While old systems used gears and other devices for mechanical encryption, now everything is computerized.
Today, digital information takes advantage of numbers and algorithms to encrypt information and keep data safe. These algorithms scramble information that requires a key to decrypt. These keys take advantage of tools like random number generators or algorithms that mimic the same function. Today, these algorithms and systems have gotten so complex that they create a new key for every single session.
Medical records are filled to the brim with sensitive information. From health records to personal information like Social Security Numbers, medical information is a hotbed for hackers and cyber thieves looking to make a quick profit off of this data goldmine.
The consequences of a medical record breach can be severe, leading to massive fines and penalties and even criminal charges. It’s important for covered entities like insurance companies and healthcare providers to be diligent and hyper-vigilant regarding technical safeguards and data encryption. When data is constantly on the move and medical record retrieval for insurance companies plays such a crucial role in their operations, securing information is not only ethical — but legally required.
Finding the Right Professionals
It shouldn’t come as a shock that encrypting information is no easy task. As times change and technology advances to unfathomable heights, it’s becoming increasingly important for those dealing with sensitive medical records or protected health information to have the right safeguards in place to keep patient’s information safe.
Perhaps the most dangerous place for medical information is in transit. One of the best ways to keep this information protected is through outsourcing your medical record retrieval to professional services that specialize in speed, efficiency, and security. These professionals have incredible knowledge regarding how health care providers use and share electronic health records — and it’s a fantastic resource for law firms and insurance companies around the country.