Securing health data integrity: Ensuring that data can be trusted
Ensuring the integrity of the data and supporting metadata is key to trusting the information that’s being exchanged.
Our previous article on securing health data introduced the concept of the Five Rights of Secure Health Data along with a new open-source way to check those five rights every time you transact data to protect protected health information (PHI).
As a refresher, the concept borrows from the safety-first mentality of the Five Rights of Medication Administration — which serve as a “check every time” protocol for administering meds — to explain how using the Five Rights of Secure Health Data creates a “check every time” security structure for PHI.
These five rights are foundational for a truly zero-trust data environment. Those five rights include:
Right data: Is this the right, unaltered data?
Right source: Is this the right entity (person/client/server) to send this data?
Right role: Is this entity authorized to interact with this data?
Right purpose: Is this an approved use of the data?
Right route: Is this the right method for transacting this data?
Let’s examine the first of these rights, the right data. What does it mean to have the right data in an industry where data integrity can mean life or death?
Understanding the right data
Data encompasses not only PHI — the information inside a medical record that was created and used in the process of delivering care — but the ancillary information used to facilitate that care. All of this can be hijacked by bad actors to steal, defraud and otherwise wreak havoc.
Altered or fraudulent data is at the core of many persistent problems in healthcare, like phantom billing, double billing, medical malpractice and so on. For example, one Florida teenager even spun up his own fake clinic using fraudulent credentials. All of these types of crimes are focused on medical records, the high-value target of nearly every data breach.
One reason compromised medical records sell for orders of magnitude more than a credit card data on the dark web is because they contain all sorts of immutable data points, including birth date, age, Social Security numbers, diagnosis and so on. Outside of PHI’s use in extortion and ransomware, these records can and are used to generate false data that passes for legitimate.
Beyond this, the new world of deepfakes and generative AI further complicates the ability to parse real, authentic data from the fake stuff. Thus, saying that you need the right data means “data that you can always verify is genuine and unaltered.” Simply put, the right data means unassailable data integrity.
To get to genuine and unaltered data, a mechanism is needed by which the originator of that data can lock it down, such that any alterations after it’s sent off are readily apparent to the recipient. To date, there’s only been half-measures that rely on third-party assertions.
After data integrity is assured, the next step is ensuring integrity of the metadata – organizations must be able to do data provenance.
Data provenance
Data provenance refers to the recording of the origins, lifecycle and history (for example, the metadata) of a particular data set. This includes everything from who generated the data and how it’s been processed, to a record of any entities that accessed or modified it. Effective data provenance needs to build confidence in data that’s strong enough for recipients to act on the data. Without that certainty, the data is nearly useless.
This is particularly true in high-risk industries like healthcare, where a lack of certainty often leads to repeated testing. We wag our finger and disparage the fee-for-service model of care, and at times that’s merited. Duplicated efforts primarily hurt the patient’s pocketbook. But it makes sense to repeat a test in an ecosystem where providers can’t rely on results that come from outside of their own organization.
Without absolute certainty of data, the correct answer may be to re-order tests. Even if it’s more costly, it’s arguably a matter of patient safety. Without true data provenance, the national crusade into a value-based care utopia simply can’t happen.
Until recently, the only way to attempt data provenance was to employ a third party, usually some sort of certificate authority (CA). The result is an assertion-based system, where every time a health system needs to prove data, they “phone home” to an outside party, who will issue certificates. These certificates are often frustrating to manage and take IT resources away from other critical projects. Not to mention it can impact business operations and even revenue when a certificate expires, leading to embarrassing screens with ominous warnings.
Worse yet, with thousands of CAs, there’s a risk of some being tricked into issuing legitimate certificates to fraudulent actors. They’ve even been breached themselves on occasion. The solution to both the labor and security concerns is to remove third parties from the equation and automate the management of data provenance. But how? Recently, a solution has been developed called ACDCs.
What is an ACDC?
ACDCs are an open-source protocol as awesome as the acronym makes them sound. ACDC stands for Authentic Chained Data Containers. ACDCs — these secure data containers — enable the encapsulation of any data into a package that provides zero-trust assurance of that data’s integrity in transit. Zero-trust meaning you never have to trust, but instead can always verify the data from Point A on through to Point Z, including at any stops in-between.
This doesn’t mean that every point in a data exchange path can see the data inside the ACDC, merely that they all can verify its source and its integrity.
To breakdown the acronym further, here are the components.
Authentic. ACDCs both encrypt and apply verifiable digital signatures — or tamper-proof, cryptographic seals — to whatever data is contained inside. This means you can always verify both the integrity of the data and its provenance.
Chained. ACDCs can be linked together, tying one container’s data to another. This is useful for several reasons, such as making additions to a longitudinal medical record across different dates, diseases, and care providers.
Data containers. ACDCs are what is known as a serialized data structure. Think of serialized data structures like a box of a Betty Crocker cake mix. It’s not only holding the ingredients (the data) needed inside, but also the instructions for how to use those ingredients upon receipt.
However unlike other serialized data structures — which may provide the same level protection as that Better Crocker box — ACDCs are secure by design. Beyond this, they are standard agnostic with respect to the data they contain, meaning you can use HL7 v2, FHIR or any other preferred standard.
Essentially, ACDCs can be used to send just about any PHI, out and back, without concerns about its integrity.
Pursuing the Five Rights of Secure Health Data
As healthcare continues to evolve in its digital capabilities, the need for robust data security grows. The right data isn’t just about having accurate information; it's about ensuring that every piece of data used in healthcare can always be verified. ACDCs can help achieve this zero-trust architecture. They embed ironclad security measures directly into the data's lifecycle, guarding against increasingly frequent and complex cyberattacks.
What’s more important is that this new open-source, freely available technology presents a significant step forward in the ability to check whether organizations have the right data every time, because ACDCs are designed with verification in mind.
More information on ACDCs can be found at Trust Over IP’s wiki.
This is the second article in a series laying the foundation for understanding how the Five Rights of Secure Health Data can solve serious cybersecurity concerns. Next, we’ll take a deeper dive into, “The Right Source.”
Jared Jeffery is a Fellow of the American College of Health Data Management and CEO of healthKERI. Philip Feairheller is CTO of healthKERI.