One of my favorite things about the yearly HIMSS conference are the discussions that occur around new ways the healthcare technology community is dealing with the issues that arise as a result of increased innovation. With medical identity theft looming, issues of the transmission of personal healthcare information over the Internet or the desire to share detailed medical records between medical institutions – a health information exchange, the time has come to find a solution besides encryption which simply may not be enough. The credit card industry has addressed the issue of protecting credit card and e-commerce transactions with a process called tokenization. Tokenization technology can, in theory, be used with sensitive data of all kinds including bank transactions, criminal records, vehicle driver information, loan applications, stock trading, voter registration, and, most importantly, medical records.
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information without compromising its security. Tokenization has become popular as a means of bolstering the security of credit card and e-commerce transactions while minimizing the cost and complexity of compliance with industry standards and government regulations. With increasing regulation of protected healthcare information, tokenization is the right technology to address the transfer of sensitive information over public or private networks.
In a credit card transaction, a token typically contains only the last four digits of the card number. The rest of the token consists of alphanumeric characters that represent miscellaneous cardholder information and data specific to the transaction underway. When an authorization request is made to verify the legitimacy of the transaction, the actual card number is used only in the initial request. The token is returned to the requester instead of the card number along with approval or rejection of the transaction. The token is stored in the point-of-sale (POS) system but the credit-card number is not.
Tokenization makes it more challenging for hackers to gain access to cardholder data, as compared with older systems in which credit card numbers were stored in databases and exchanged as visible text over networks. Tokenization improves on encryption technology by keeping sensitive information out of the data stream. With the proliferation of identity theft and the consequent increased risk of ruinous civil and criminal proceedings, many corporations are turning to tokenization to minimize exposure and cost while maximizing their own security and that of their customers. Healthcare needs to adopt the same technology for protected healthcare information (PHI).
Protected health information (PHI), under the US Health Insurance Portability and Accountability Act (HIPAA), is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual. This is law can be interpreted rather broadly and includes any part of a patient’s medical record or payment history. Protected health information includes the following list of 18 identifiers must be treated with special care according to HIPAA:
- Names
- Addresses smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes
- Dates (other than year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
- Phone numbers
- Fax numbers
- Electronic mail addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers, including license plate numbers;
- Device identifiers and serial numbers;
- Web Uniform Resource Locators (URLs)
- Internet Protocol (IP) address numbers
- Biometric identifiers, including finger, retinal and voice prints
- Full face photographic images and any comparable images
- Any other unique identifying number, characteristic, or code (note this does not mean the unique code assigned by the investigator to code the data)
The big question is how to implement the tokenization of protected healthcare information? The short answer is make it a “service” in a service-oriented architecture that talks to a tokenization server (redundant, of course). The tokenization server would contain the 18 or more key protected items and their corresponding tokens. The service would retrieve the protected information temporarily for healthcare applications and updates, but would prevent local storage of the information to maintain control. This tokenization process would be implemented in conjunction with an Enterprise Master Patient Index (EMPI) system for a healthcare organization. The centralized server for protected health information would allow stronger security controls within an organization as well.
An implementation of tokenization will be a step-by-step process for a large healthcare organization and it will need to become seamless to key applications delivering patient information within security guidelines. Some of the key steps to implementation will include:
- Data discovery – creating an inventory to discover all of the places where protected healthcare information currently exists
- Legacy data conversion – an examination of the databases, data warehouses and side systems in use throughout the organization
- Token development and format – creating tokens in a way that fits easily into existing systems and doesn’t create confusion for other identifying numbers
- Business rules modifications – modifying existing healthcare or medical records application software to use the tokenization service versus storing the patient information locally.
Will there be challenges from implementing tokenization? Most certainly, however the risks and the potential for costs associated with the loss of regulated data can be exponential. Let’s take a lesson from the credit card industry and address this critical issue before it becomes a legislated issue.
If you would like to discuss this tokenization idea or other healthcare-related topics, please stop by Perficient’s booth (#3681) at HIMSS on Monday, February 21, 2011 from 1:30 p.m. to 3:00 p.m. or Tuesday, February 22, 2011 from 2:00 – 5:00 p.m. See you there!
