NEGATIVE — MEDICAL — SOLVENCY 248

ENCRYPTION WILL NOT SOLVE

ENCRYPTION WILL NOT RESOLVE ALL PRIVACY CONCERNS IN THE MEDICAL FIELD

Robert Gellman, Privacy and Information Policy Consultant and Fellow of the Cyberspace Law Institute, "Personal, Legislative, and Technical Privacy Choices," VISIONS OF PRIVACY: Policy Choices for the Digital Age, 1999, EE2001 -JGM, p. 139-40

In the search for better ways to protect privacy, expanded use of encryption is sometimes proposed. Encryption clearly has a place, but it is not apparent that it offers a broad or complete response to privacy concerns. Its most obvious application is for protection against eavesdropping, 25 but encryption is also useful for authentication and validation. When personally identifiable data of any type are transmitted through computer and telecommunications facilities, encryption prevents an unauthorized interceptor from using or understanding the data. This is clearly important as more records are computerized and shared over networks. Reports suggest that some health care institutions transmit unencrypted health care information over the Internet, with obvious threats to confidentiality.However, with health data as with other personal information, misuseis much more likely to come from insiders than from hackers. This hasbeen the case with credit records, criminal history information, telephone toll data, and other personal records. Insiders who are willingto abuse health records will likely have access to the unencrypted data.At best, encryption is responsive to some concerns about misuse of personal information, but not all.

ENCRYPTED MEDICAL DATA CAN STILL BE LINKED TO OTHER DATA, LEADING TO DIMINISHED PRIVACY

Robert Gellman, Privacy and Information Policy Consultant and Fellow of the Cyberspace Law Institute, "Personal, Legislative, and Technical Privacy Choices," VISIONS OF PRIVACY: Policy Choices for the Digital Age, 1999, EE2001 -JGM, p. 140

A second shortcoming is that encryption is not directly responsive to data linkage. Encryption can offer the capability of linking data without making identifiers available to the recipient, but this is not an essential element. Encrypted data can still be linked with other data. Encryption does not now offer a complete solution to meeting both the confidentiality interests of patients and the legitimate needs of data linkers. Future developments are likely to increase the value of encryption, however.

The linkage imperative is one of the most important dynamics in the use of health records. Linkage is frequently an element in record keeping about individuals. Health records retain their vitality longer than most personal records. The simplest example of data linkage comes from the treatment process. Over the course of a lifetime, an individual can easily have dozens of providers in multiple locations around the country or the world. Today, those records are linked haphazardly, if at all, and treatment may be less effective or more expensive as a result. As more fully computerized records become routine, one advantage will be the ability to maintain complete, lifetime treatment records for individuals. At the same time, any computer system that can link treatment records will pose threats to privacy in much the same way that a centralized data bank would.