A PHI-less World

Removing patients’ personal info from databases & replacing with password-protected systems could save billions & headaches galore

By Jonathan Stanley, Technology Director, Vanguard Communications

Some years ago, Anthem, one of America’s largest health insurance companies, uncovered a security breach affecting up to 80 million people. Yet another massive security breach. Most of us are sick and tired of this cycle: huge breach, devastation, lawsuits, regulations, repeat. Unless certain changes are made, all the money and regulations in the world will not stop this situation from getting worse.

That’s why I’m going to propose a simple achievable solution (and save everyone a pile of money in the process):

We need to eliminate protected health information (PHI) from existence and move to a password protected system. It really is that simple—and that revolutionary.

How PHI Started

In the typical first visit to a doctor, you are asked to provide exhaustive details of your life and health.  Yes, a doctor absolutely needs to know if you’re allergic to certain substances.How to protect health information | Vanguard Communications

But why does a doctor need to know your social security number or driver’s license number to treat your medical condition?  We could ask a similar question of our health insurers: why should your insurance care if you were born on June 1 rather than June 2?

Our name, social and other permanently identifying bits of information comprise our identity. A certain diagnosis or a person’s name has no black market value on its own.

Once you connect a diagnosis to a name, you are now handling gold, otherwise known as PHI.  PHI is the information hackers lust for, so why does it exist?

Since patients stopped paying cash, doctors had to use PHI to ensure payment for their service. If you don’t believe me, try plunking down a pile of cash when you visit your next doctor.

I assure you, the staff will suddenly not care where you work, where you live, or what your driver’s license number happens to be.

Since doctors were already collecting PHI, it became the natural choice for insurers to use as a validation mechanism in their fight against the nearly $80 billion in healthcare fraud. The system spread despite a tremendous drawback: they can lose that information to hackers.  But if you never gave your doctors and insurers your social security number, they couldn’t really lose it, could they?

Passwords, Not PHI

Instead of collecting personal information, a doctor’s office would generate a secure key to validate your insurance instantly.  A simple device would perform a local one way encryption by combining one of your unique identifiers, such as a thumb scan, with a password you choose.

It is important to emphasize that the encryption must be done locally (i.e. a device not connected to any network) and the input should never be stored for security.  This would create a key that is unique to you and which could be used securely and instantly, but without containing any personal information.

In other words, insurance authorizations would work much like an ATM card with a PIN or public key cryptography systems.  Suppose a doctor’s office, or insurance company, is breached.  The patients simply create new passwords and the problem is resolved with almost no effort and no time.

You might be asking yourself, what happens in case of emergency? Where would my medical records be kept? Won’t this make healthcare too impersonal?

This system could be arranged in a manner that allows you to choose where your records are kept (perhaps by your insurer). If you were hit by a bus, medics could pull your insurance card from your wallet and retrieve your vital medical records instantly.  Quality of care would improve as patients’ medical histories become more accessible to doctors.

Stripping Incentives From Hackers

All that is needed is a total banishment of PHI from one or two major insurers. Once started, the trend would quickly snowball as more and more organizations gravitate towards the superior system. Ultimately, every last bit of PHI could be eliminated within a few years.

Every time we connect a name to a medical record, a liability is created. So long as health providers keep personal information, those liabilities will manifest as massive security breaches that destroy people’s lives and finances.

A hacker relies on information remaining valid after it is stolen. We can’t easily change our birthday, social security number, thumbprints, or employer. We can change our passwords as often as we like.

While there are some details to work through, the upsides to this solution are tremendous. Analysts estimate the 3 to 10 percent of health care expenses are fraud related, but in some institutions, “questionable” charges account for up to 40 percent of all payments. The estimated 20-22 percent of revenue health providers spend on billing could be cut in half.

Based on these numbers, a typical family would save roughly as much as they spend on their power bill. But, most importantly, by making it easy and safe to share medical information, our quality of care would greatly improve.

Are treatment passwords a panacea? Not quite, but closer than anything else being discussed. This solution isn’t sexy and probably wouldn’t make anyone rich, but it would work. That leaves us with one final question: are we going to continue to choose the devil we know?