Cryptographic protection of health information: cost and benefit

Abstract

Medical, legal, and economic reasons inevitably force health care establishments to apply more and more open distributed IT systems rather than the less flexible and more expensive mainframes. Managing, for example, electronic patient records by various users at different locations by means of large scale client-server systems requires new security provisions for storing, archiving and communicating those data. Using an analogy, data processing is being changed from railroads to highways. Formerly, only one engine-driver was responsible for the security of a whole train, whereas now the car-drivers themselves are responsible each for his own car. Unless the cars are equipped with suitable security mechanisms like breaks and safety belts this change endangers individuals within and outside the cars. Cryptography provides many of the relevant security mechanisms for open distributed health care IT systems. Indeed, suitable cost effective cryptographic products are available but are rarely found in health care IT systems. The reason is more political than economic: diverging national security interests in the EU have prevented strong security in public telecommunication infrastructures arguing that, e.g. criminals would profit, too. The resulting uncertainty of investments delays the development, standardisation and installation of cryptographic solutions.