In this second part of a series devoted to demystifying patient privacy, Danny Lieberman, founder of Pathcare, the private social network for doctors and patients, talks about the damage caused by patient privacy breaches and explains why patient data security is like high school physics.
In our previous post on patient privacy, we noted that patient data loss is a lot like planes disappearing in the Bermuda Triangle – no one really knows where the planes disappeared to, since the people on the planes never return to tell the story. We talk about patient data loss and never really consider how you can “lose” patient data and whether it can be “returned”.
The question am I about to ask is really quite simple:
Does it matter how many patient records are lost, or does it matter whose patient data records was lost?
Let’s take an analogy for airplane crashes.
If an Airbus A380 (http://en.wikipedia.org/wiki/Airbus_A380) with 525 tourists from Elbonia on board was lost in the Bermuda triangle, it would be a big deal for a few days, but people would forget. Who cares about people from Elbonia anyhow?
On April 2010, when a Polish Airforce TU-154 crashed on approach to Smolensk, all 96 people on board were killed including President Lech Kaczyński and his wife Maria, former President Ryszard Kaczorowski, the chief of the Polish General Staff, other senior Polish military officers, the president of the National Bank of Poland, Poland’s deputy foreign minister, Polish government officials, 15 members of the Polish parliament. It was a national diaster for Poland. Today – 2.5 years later, I believe that the rest of the world scarcely remembers when the event happened.
Buddy Holly, was an American singer-songwriter and a pioneer of rock and roll. Although his success lasted only a year and a half before his death in an airplane crash in 1959 – his work and innovation influenced the Beatles, Rolling Stones, Bob Dylan and Eric Clapton and had a profound influence on popular music. Over 50 years later – Buddy Holly is still a household word.
I think you get my drift – there is some kind of a relationship between the magnitude of the damage from a patient data loss event and the identity of the patient.
The next question is – can this relationship between patient identity and patient data loss impact be measured?
The answer is yes: by using a high school physics model.
A high school physics model for calculating the damage of a patient data loss event
- The estimated value of an asset is analogous to it’s momentum mv, the product of its mass and velocity. A very large database of 20 year old patient data that was archived somewhere in the cloud might have a large mass but almost zero velocity and therefore low value.If a EMRsystem for a big network of hospitals had 100,000 patient-related transactions/day then it would have a high velocity and correspondingly high momentum and high value.I note that this model runs counter to all privacy regulation but I think it holds water from a practical perspective. (I’m trying not to confuse logic with regulation).
- This physical analogy leads to some interesting conclusions. If an attacker were to steal 10 million patient datarecords from 20 year old archive in the cloud – the dollar value of the damage would actually be low in this model.On the other hand, if political hactivists were to access patient records at a private clinic in Virgina; the damage might be astronomical if it was disclosed that President Obama had just spent an intimate weekend with Toni Braxton under the pretext of minor elective surgery on his elbow and the data was disclosed just before his reelection campaign.
- The ability of an attacker to damage an asset is analogous to the force it can exert on the object we call an asset.
- The ability of a security countermeasure to protect an asset is analogous to the force it can exert on the attacker.Observed from an inertial reference frame, the net force on the object (the asset) is proportional to the rate of change of its momentum F = d (mv) / dt.Force and momentumare vectors and the resulting force is the vector sum of all forces present.Newton’s Second Law says that “F = ma: the net force on an object is equal to the mass of the object multiplied by its acceleration.”If the attacker manages to decelerate the asset to v=0, then the momentum of the asset is zero and it has been rendered inoperative. In a case like this – the damage to the asset is 100%If the asset runs faster than the attacker or another force (a security countermeasure) deflects the attacker,thenthe asset momentum is unchanged, and damage to the asset is 0%.This simple-minded physical argument shows that risk is indeed a dependent variable;Risk = the vector sum of the forces of the attackers and security countermeasures relative to the asset.
Back when you studied high school physics, it wasn’t the school board who decided your grade, it was you and your teacher. You prepare, do your home work, take the test and your teacher gives you a grade. I would argue that regardless of HIPAA regulation and HHS punitive measures and reporting of patient data loss events – every healthcare provider should take a high school physics approach to protecting patient data:
- Calculate the momentum (value) of patient data that they store.
- Estimate the force of probable attackers on the patient data assets
- Provide a security countermeasure force – to stave off the attackers on patient data.
Not easy – but doing the right thing is often the cheapest thing – and better than being written in the history books as the health IT organization that cost President Obama the 2012 election because of shoddy patient data handling practices and crappy network security.
Cross-posted from Pathcare