Types of Medical Data
Health information is more valuable than just financial information like credit card numbers or other financial data. With the improper possession of this medical information, cybercriminals can have access to prescription drugs, or even access the financial data of people or health institutions .
The rules contained in the data protection and privacy laws, unique to each country, require appropriate safeguards to protect patient information. At the same time, it is essential that health institutions maintain the patient’s history, knowing what types of information exist in medical records and other documents used in care procedures for possible future medical care and treatment .
The most common patient data are names, phone numbers, e-mail addresses, geographic location identifiers, medical record numbers; biometric identifiers such as fingerprint or retinal scan, full-face photos, health insurance numbers, credit card numbers or any financial document, among others; and information concerning racial origins, data relating to sexual life, genetic data and digital medical examinations performed, among others [22-23].
And through these data, it is worth highlighting the concern with the protection and privacy of information that is applied to medical records in all formats, both electronic health records and paper ones. It is up to health institutions to take appropriate measures when collecting, processing, storing and even discarding any medical record in order to ensure patient compliance and privacy .
In addition to taking care of the security offered by the systems used and adapting the technologies already used, health professionals need to review security in the exchange of information in some usual processes, since it is common for medical clinics to send patient data to hospitals in cases of hospitalization, just as it is common for information to be exchanged between laboratories and the hospital or clinic. Given this scenario, hospitals and other health institutions must guarantee the protection of their patients’ medical information during the entire service life cycle and the necessary storage period, which define the requirements for the proper management of medical records [23, 24].
Concerning the medical record, this document is owned by the patient, who has full rights of access and can request a copy of this document whenever he deems necessary. The protection of these health data in procedures performed by health professionals, and the interaction between doctors and patient are protected by law and can only be collected, processed and stored for certain purposes, with the patient’s consent and authorization .
This is true for medical records, or any health information transaction, not necessarily only for the electronic part, including data recorded on paper, in which medical clinics that have already obtained data from patients will have to follow up with patients already registered in the system to seek authorization. That is, there should be greater care on the part of health institutions about informing patients about the reason for the collection of their information, to whom these data may be passed and for what purpose. Applying to a vast number of situations, such as telemedicine, charging for health services via exchange of information on supplementary health related to the standard monitoring by the operators of private healthcare plans, unified health systems, exchange of information between different bodies and regarding requests for laboratory tests, among others .
It is important to note that the system created and implemented in Brazil is a single health system, whose main function is to provide low-, intermediate- and high- complexity medical care to the entire Brazilian population. This service receives financial transfers from the government, with access to health, medical consultations, surgeries and treatments free to its population .
Although the exchange of messages via applications or social networks is not prohibited, health professionals should be aware and take due care, in order to mitigate the risks taken to remain within the established requirements regarding privacy and regarding messages containing clinical patient information sent incorrectly to another person, or even patient information shared with another user without authorization .
The digital age of medical technology can mitigate the damage to privacy caused by messages exchanged between doctors and patients. But with the need for encryption, mailboxes with messages must also be protected, since, in general, they contain the patient’s identification [27, 28].
Patients have the right to know their data are in the system and for what purpose this information will be used. For those institutions with greater technological resources, access to information and treatment of their data, and even the process must be available for the patient to understand its purpose, form and duration. In the same sense as the medical data of children or adolescents, they can only be used with specific consent by the parents or legal guardians .
Thus, patient data, such as medical reports, must be clear about the need for and treatment of data. Like all information transmissions in the system, they must be encrypted, have protection against fraud and even undergo procedures related to the security and privacy of personal health data, and after fulfilling the objective, they must be erased .
Anonymization as a Form of Patient Privacy
Data anonymization (data anonymity) aims to protect the privacy of the individual; it is the use of one or more techniques designed to make it impossible, or at least more difficult, to identify a particular individual (patient) from related stored data, thus making data sharing safe and legal .
Anonymization methods rely on the main information techniques including encryption, hashing and pseudonymization among them. The main benefit is to allow health institutions to make better use of this information, enabling use for data analysis and sharing in a way that is conscious of protection of privacy .
It is generally a standard for data to be anonymized and confidential before sharing, thus protecting the privacy of patients and data subjects (in the case of parents as well as children and adolescents). Most health institutions carry out these processes by classifying, encrypting, using tokens or hashing on information considered sensitive according to data protection and privacy requirements [30, 31].
The responsibility for the protection of privacy of patient data rests with everyone, concerning the impact on patients’ digital privacy, healthcare professionals, and the technical management of the IT infrastructure. They are responsible for protecting their patients’ data, regardless of where the data services are hosted, locally, via a data centre or even in the cloud [30, 31].
Data Anonymization Techniques
Employing a substitution method involves the modification of the name of the people included in the health data, maintaining consistency between the values. Scrambling techniques involve mixing or obfuscating letters, where bits are scrambled before encoding to avoid generating repetitive strings of identical bit characters, making patient data illegible .
Even a masking technique may be used, allowing part of the data to be hidden with random characters or other data. In practice, this creates a version similar to the original data in terms of structure, but without revealing their true information. Personalized anonymization techniques that allow the user to use their own anonymization technique may be used, which can be done using scripts or an application. Data defocusing techniques use an approximation of the data values to make it impossible to identify patients [32, 33].
Although no method is perfect, the methods and techniques used to protect the privacy of the information, including encryption, anonymization, masking and tokenization, need to be evaluated frequently in order to not damage the implemented digital structure. The implementation of digital certificates can even limit exposure to the health professional and his institution, if a security breach occurs [32, 33].
Privacy Protection with Encryption
Health information is a gold mine that should be accessible only to doctors and patients themselves, in order to develop new developments in digital medicine; however concerns about data related to the patient’s identity remain at the centre. In this scenario, there are ways to protect a document that contains confidential information against digital intruders who could possibly misuse patient data. One way is to protect all terminals that reach the patient, so that the data are not accessible to unauthorized third parties. Another is to encrypt the data, so that, even though unauthorized third parties can reach the document, they are unable to read the content .
The variety of threats that currently exist affects all digital users, even patients, doctors, researchers and other health professionals. The growth of advanced threats of the type of invasion of applications and systems should be analysed. In this scenario, more appropriate, administrative security practices and controls should be applied, in line with technical policies and procedures, through digital technology, which manages access to medical data and is integrated into the normal workflows around those data [34-36].
In short, given the difficult and complex operating environment in which medical professionals work, encryption of healthcare data is, by a wide margin, the most powerful tool for protecting the privacy of patient data, regarding the end-to-end encryption that covers “data at rest” in storage units, and still considering “data in motion” during file transfer, offering more complete protection for a document throughout its cycle of life within a health system [34-36].
Data encryption applied to healthcare is a powerful and reliable way to guarantee privacy. This encryption process can be automated and can be implemented with confidence, even for users (healthcare professionals) who are not used to digital security. However, as a positive characteristic, from the user’s point of view, how transparent the system is will be how much that user “does not know” and needs to know the implementation of the internal functioning of this system [34-36].
the ultimate goal is to achieve and obtain a high level of trust concerning the security and privacy of health data, and also when it comes to the management of digital technologies, which help to progress towards the digital privacy of patients [34-36].