Canadian Journal of Nursing Informatics

Information

This article was written on 21 Sep 2020, and is filled under Volume 15 2020, Volume 15 No 3.

Current post is tagged

, , , , , ,

The Importance of Encryption

Print Friendly, PDF & Email

Nurse Developer Column

By Raymund John Ang, RN, MAN  

Open Nursing Information System (Open-NIS) Project Lead

Citation: Ang, R.J. (2020). The Importance of Encryption. Nurse Developer Column. Canadian Journal of Nursing Informatics, 15(3). https://cjni.net/journal/?p=8103

Encryption

Nurse developers should be aware of the role of encryption in securing personal data or health information from unauthorized access when developing nursing or healthcare systems. In layman’s terms, encryption is the process of rendering data as only accessible to authorized individuals who have the encryption key to decrypt the information. It is much like having the login credentials to access an application. Knowing where to access the login page does not necessarily mean you are able to log into the application.

Based on the Health Insurance Portability and Accountability Act (HIPAA) guidelines (2013) for the USA, encryption is not mandatory and is considered addressable. This would mean the organization, as a data controller, need not implement mechanisms to encrypt data. The organization must, however, document an equivalent alternative measure or a reason not to implement encryption or its equivalent measure. But since encryption of data is actually achievable through free and open source libraries for a wide variety of programming languages, it would be prudent for any nurse developer to implement encryption of sensitive or personal information. This would be a wise decision to protect the health information in case of a data breach.

If a data breach involves a database leak with health data stored as plain text, the personal health information is considered compromised. But if a data leak involves encrypted data, an encryption key would still be needed to successfully decrypt the health information stored in the database. Aside from HIPAA, the General Data Protection Regulation (GDPR) is a regulation that needs to be thoroughly examined when gathering data from individuals, especially by those based in the European Union (Townsend, 2018). Implementation of data encryption could shield the organization (data controller) from legal complications resulting from a data breach since encryption is an acceptable and recommended method of rendering personal data unintelligible.

Similarly, in Canada, “Privacy commissioners, ombudsmen, and review officers across Canada generally promote the use of encryption software. Ontario, New Brunswick and Alberta mandate that personal health information be encrypted when stored electronically on mobile devices” (Canadian Medical Protective Association, 2017, p. 1). Encryption can be a valuable tool in keeping all personal health information safe and secure – an important part of all encounters with health technology.

References

Canadian Medical Protective Association. (2017). Encryption just makes sense. https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2010/encryption-just-makes-sense

Office for Civil Rights – U.S. Department of Health & Human Services. (2013). Is the use of encryption mandatory in the Security Rule?. https://www.hhs.gov/hipaa/for-professionals/faq/2001/is-the-use-of-encryption-mandatory-in-the-security-rule/index.html

Townsend, P. (2018). GDPR – Do I have to use encryption?https://info.townsendsecurity.com/gdpr-do-i-have-to-use-encryption

Be Sociable, Share!

Comments are closed.