Ensuring data integrity and supporting metadata are key to trusting the information being exchanged.
In a previous article on protecting health data, we introduced the concept of the five rights to secure health data and a new open guide to checking these five rights every time you transact data to protect your protected health information (PHI). I introduced the source method.
As a refresher, this concept borrows the safety-first philosophy of the Five Rights of Medicines Management, serves as a “check every time” protocol for administering medicines, and uses the Five Rights of Secure Health Data. This explains how a “check” is created by: “Every time” PHI security structure.
These five rights are the foundation of a true zero trust data environment. These five rights include:
Correct data: Is this the correct unaltered data?
correct source of information: Is this the right entity (person/client/server) to send this data?
correct role: Does this entity have permission to manipulate this data?
right purpose: Is this approved for data use?
correct route: Is this the correct way to handle this data?
Let's examine the first of these rights: data. In an industry where data integrity is the difference between life and death, what does it mean to have the right data?
Understand the right data
Data includes PHI (information in the medical record that is created and used in the process of providing care) as well as ancillary information used to facilitate care. All of these can be hijacked by malicious actors to steal, defraud, and wreak havoc.
Manipulated or fraudulent data is at the heart of many persistent problems in healthcare, including fraudulent claims, double billing, and medical malpractice. For example, a Florida teenager used fraudulent credentials to set up his own fake clinic. All of these types of crimes focus on medical records, which are a prime target for almost all data breaches.
One reason compromised medical records sell for orders of magnitude more than credit card data on the dark web is because all kinds of immutable data, such as date of birth, age, Social Security number, diagnosis, etc. Because it contains points. In addition to the use of PHI for extortion and ransomware, these records can be used to generate false data that passes as legitimate.
In addition to this, the new world of deepfakes and generative AI further complicates the ability to parse real and genuine data from fake. Therefore, the need for good data means data that can be verified at any time to be authentic and unaltered. Simply put, good data means strong data integrity.
To obtain genuine, unaltered data, we need a mechanism that allows the originator of the data to lock it so that any alteration after transmission is readily apparent to the recipient. So far, only half of the countermeasures have relied on third-party claims.
After data integrity is ensured, the next step is to ensure metadata integrity. Organizations need to be able to verify the origin of their data.
Source of data
Data provenance refers to the record of the provenance, lifecycle, and history (e.g., metadata) of a particular dataset. This includes everything from who generated the data and how it was processed, to records of the entities that accessed or modified the data. Effective data provenance requires building trust in the data strong enough for recipients to act on it. Without that certainty, data is of little use.
This is especially true in high-risk industries like healthcare, where a lack of certainty often results in repeated testing. We wag our fingers and despise the fee-for-service model of care, but sometimes it's worth it. Duplicate efforts primarily harm patients' pockets. However, it makes sense for providers to iterate tests in ecosystems where they cannot rely on results obtained from outside their organization.
Without absolute certainty of the data, reordering the test may be the answer. Even if it costs money, it's definitely a patient safety issue. Without real data sources, a national movement toward a values-based care utopia cannot occur.
Until recently, the only way to attempt data provenance was through the use of a third party, usually some type of certificate authority (CA). The result is an assertion-based system that makes a “phone call” to an external party that issues a certificate every time a health system needs to certify data. Managing these certificates is often stressful as it takes IT resources away from other important projects. Not to mention, when your certificate expires, it can impact your business operations and even your bottom line, resulting in an embarrassing screen with a creepy warning.
Worse, with thousands of CAs in existence, there is a risk that some CAs can be tricked into issuing legitimate certificates to fraudsters. Sometimes we even find ourselves being violated. The solution to both labor and security concerns is to remove third parties from the equation and automate data provenance management. But how? Recently, a solution called ACDC was developed.
What is ACDC?
ACDC, as its acronym suggests, is a great open source protocol. ACDC stands for Authentic Chained Data Containers. ACDCs (these secure data containers) allow you to encapsulate any data into a package and guarantee the integrity of the data in transit with zero trust. Zero trust means you never have to trust anything and can always verify your data from point A to point Z (and any stops in between).
This does not mean that every point in the data exchange path can see the data in the ACDC, only that every point can verify its source and its integrity.
To further explain the acronym, its components are:
Authentic. ACDC encrypts the data contained within and applies a verifiable digital signature (or tamper-proof cryptographic seal). This means you can always verify both the integrity of your data and its origin.
Chained. ACDCs can be linked together to tie data in one container to another. This is useful for several reasons, including adding to long-term medical records across different dates, illnesses, and healthcare providers.
data container. ACDC is known as a serialized data structure. Think of a serialized data structure like a box of Betty Crocker cake mix. It not only contains the necessary materials (data), but also instructions on how to use the materials you received.
However, unlike other serialized data structures that offer the same level of protection as a Better Crocker box, ACDC is secure by design. Additionally, it is standards agnostic regarding the data it contains. This means you can use HL7 v2, FHIR, or any other recommended standard.
Essentially, ACDC can be used to send and receive almost any PHI without worrying about integrity.
Pursuing the five rights to secure health data
As digital capabilities in healthcare continue to evolve, the need for robust data security grows. Good data is more than just having accurate information. It's about ensuring that all data used in healthcare can be verified at all times. ACDC helps achieve this zero trust architecture. Build golden security measures directly into the data lifecycle to protect against increasingly frequent and complex cyber-attacks.
More importantly, ACDC is designed with validation in mind, so this new open source and freely available technology represents a major advance in the ability of organizations to check whether they have the right data every time. It means bringing about.
For more information about ACDC, see the Trust Over IP wiki.
This is the second article in a series that lays the foundation for understanding how the five rights to secure health data can solve serious cybersecurity concerns. Next, let's take a closer look at “sources of truth.”
Jared Jeffery is a Fellow of the American College of Health Data Management and CEO of healthKERI. Philip Feairheller is the CTO of healthKERI.