Canadian Journal of Nursing Informatics


This article was written on 21 Jun 2021, and is filled under Current Issue, Volume 16 2021, Volume 16 No 2.

Current post is tagged

, , , , , ,

Encrypted QR Code in Healthcare Applications

Print Friendly, PDF & Email

Nurse Developer Column

By Raymund John Ang, RN, MAN 

Open Nursing Information System (Open-NIS) Project Lead

Citation: Ang, R. J. (2021). Encrypted QR Code in Healthcare Applications. Nurse Developer Column. Canadian Journal of Nursing Informatics, 16(2).

QR codes

There are several formats used for data storage and exchange in healthcare related applications. JavaScript Object Notation (JSON) and Extensible Markup Language (XML) are some of the methods used to ensure interoperability with textual data formats. For applications with access to image scanners, the use of QR code is a suitable approach for storing and transferring textual information using a two-dimensional image format. Any device with access to a camera or scanner can read the QR code, and decode the information embedded within. It is important to note that the information is only encoded in the QR code format, and not encrypted. Thus, anyone with access to a QR scanner can decode and access the information.

There are a couple of reasons why the use of QR codes, without appropriate security modifications, could lead to hacks or data breaches. If the embedded information within the QR code is in plain text and contains protected health information (PII), the information can be accessed by anyone with a QR code scanner since confidentiality of data is not enforced through encryption. This will result in non-compliance in certain situations where encryption of PII is mandated or recommended by federal or state regulations. Aside from unauthorized access to PII, Uniform Resource Locator (URL) – embedded QR codes can also lead to user credentials leaks, particularly if the QR code redirects the user to a malicious phishing site. In mobile devices where the entirety of the Uniform Resource Identifier (URI) may not be visible, the link could potentially point to a malicious domain with a fabricated user login interface. If the user is not security-conscious, a hacker could extract user credentials once the username and password are provided. The user could then be redirected back to the valid domain website where the usual workflow would commence – eliminating any suspicion of the attack.

QR codes provide portability in data storage and exchange. However, extreme care must be taken into consideration when using these two-dimensional code formats, particularly in healthcare applications. The utilization of encryption technology when generating and scanning QR codes contributes to the overall robustness of the IT strategy with confidentiality and security as top priority. In addition, quantum-safe encryption algorithms, such as the Advanced Encryption Standard (AES) with a 256-bit key, are recommended to protect systems from the looming threat of quantum computing. This supports the use of QR Codes in healthcare applications without risking data and security breaches.

Be Sociable, Share!

Comments are closed.