Security and privacy is critical to the future of health care. Increasingly the delivery of health care will depend on electronic health records. Some means for providing for security will be essential. We are accustomed to the doctor or hospital having a paper record that is secured with a physical lock and key. Electronic records will be stored in cloud databases and accessible from anywhere. A means for encryption of the data will be needed. A simple strategy would be to provide a two key structure. The patient would create an identity record on a web page, and specify an encryption key (like a PIN). The physician or hospital would also create an identity record and specify a different encryption key. The patient’s record would require both the patient’s key and the physician’s key. Clearly there are many details that need to be worked out. Patients should have access to all of their data, but should not have the ability to modify it. The physician should have access to the same information that they would have access to on paper.
The healthcare architecture that will be proposed provides for security and privacy to be a dimension of the overall system. Generally what is needed to provide for security is understood and known. The issue tends to be that security makes the system inconvenient to use. Physical keys make a building secure, but this requires carrying a key. Key cards are great devices, but someone still has to program the system to grant access. The challenge will be to provide the level of user friendliness that is needed along with security.