Features Editor
Lately, I’ve been feeling exposed. Hardly a week goes by where a massive security breach isn’t making headlines. This year alone, an estimated 18 million records were taken in a hack of government computers, another 80 million were accessed in a breach on Aetna, and, most recently, UCLA was making headlines when it announced 4.5 million patient records were tapped into during a sophisticated breach of their defenses. When you factor in all the hacks of retail stores, the ongoing NSA data mining, and all the regrettable stuff we voluntarily post on social media, it’s a wonder we all aren’t being fired from our jobs, blackmailed, and otherwise using paper as our primary means of documentation and communication.
In my personal life, I generally encrypt my hard drives and cellphone, safeguarding my photos and documents from prying eyes, be they of common thieves or state officials. It’s not that I have anything to hide (I hear that a lot) – it’s simply that I don’t like the idea of everything I do digitally being visible to someone with the right skill set. The idea of a person or group sifting through all my information and mapping out a warped view of my life story gives me the creeps.
So, I use encryption to protect my personal files. It’s a bit of a hassle, but it’s worth it to feel secure. And if I – a guy of limited technical skill – can learn to encrypt a drive and send a secure message, why can’t the government and healthcare organizations follow suit? HIPAA requires a modicum of security in order to guard patient data, but foundational measures like encryption are, unbelievably, not required by law.
Granted, encryption doesn’t solve all of our problems and won’t stop breaches, but it does add an extra layer of protection for our vital information, ensuring that data captured during a hack is scrambled and hard to process. While I know not all healthcare organizations are up to speed on the adoption of technology, eventually there’s little reason why encrypted communications and databases couldn’t become standard practice, especially with some legal incentives.
But really, how could the lawmakers require encryption when they can’t keep their own data secure? The federal government, which will seemingly go to extreme lengths to protect information related to its own violations of the law, didn’t bother with encryption when it involved tax documents and personal identifiers for members of the public (including the government’s own employees). Is this because the computers they’re using are outdated? Is their staff unable to understand the technology? If that’s the case, I hope the hospitals who receive fines for HIPAA violations after their next security breach remember to play those same seemingly valid cards.
In a world where information is centralized in massive data centers and hacking-for-hire has become its own industry, there can be no question that data about you is power to those who can wield it, be it for nefarious reasons or for everyday analytics. A barrier of encryption makes it more difficult for data miners, criminals, and those pulling the dragnet to scoop up everything – and maybe that’s part of the reason why true data security seems like a near impossible prospect at this point. It isn’t just the “bad guys” that want easy access to everything.
But alas, we can’t all become monks in order to avoid being exposed. In the end, it’s impossible in this digital world to not share information with others, especially when we need life-saving health services. But just keep in mind, we are all at risk for being victims of a data breach – so I propose we secure everything we can and learn to take our own privacy seriously. Because if someone is going to steal your identity and ruin your credit, they really don’t care whether you have anything to hide or not.