Monday, February 7, 2011

Wikileaks and EHR Security

As far as the leaked US cables are concerned, the fury of the US administration and of certain US politicians was, for a time, positively comical. It stopped being funny when they began talking about prosecuting Julian Assange for "espionage", given the draconian penalties that a conviction would carry. But the State Department's indignation over the leaks of allegedly valuable secrets was, and remains, preposterous.

Why? Because there is absolutely no way that a huge database containing 250,000 "secret" documents that can be lawfully accessed by more than a million officials can ever be secure. Any security engineer will tell you that it cannot be done: if you want to keep things secret online then the only way to do it is by compartmentalizing the system. Huge, monolithic computer systems are intrinsically insecure.

So, I believe that what is true of Wikileaks is true of Electronic Health Records (EHR) in so far as security (confidentiality) is concerned. Actually, as any reader of his or her hometown newspaper or local TV news knows, all computer systems are potentially insecure.
Caveat emptor.