1. Field of the Invention
This invention relates to the field of secure processing of private health information.
2. Description of the Background Art
Medical professionals and institutions often transmit patients' private health information over open networks to third party business associates, who process that information in order to provide a variety of services. These services include, among other things, claims processing or administration; data analysis, utilization review; quality assurance; benefit management; practice management; repricing; facilitation of health information exchange organizations and regional health information organizations; e-prescribing; providing personal health records; data aggregation; and performing accounting, billing, actuarial, and consulting services.
Various rules and regulations require medical professionals and institutions to adopt certain authorization and authentication safeguards to protect the confidentiality of patients' private health information when transmitting it over open networks. For example, the Health Insurance Portability and Accountability Act (HIPAA) requires certain health care providers, health care clearinghouses, and health plans (“covered entities”) to encrypt private health information using secure TCP/IP network encryption technology, such as Secure Socket Layer (SSL) encryption. In addition, a covered entity may disclose private health information to a business associate only after obtaining satisfactory assurances that the business associate will appropriately safeguard the information.
Unfortunately, even with these safeguards, the security of private health information transmitted to third parties is too often compromised. Indeed, a recent survey demonstrated that 39% of security breaches are caused by third parties entrusted with sensitive data. (See 2010 Annual Study: U.S. Cost of a Data Breach, Symantec Corporation (March 2011).) In addition to exposing covered entities and business associates to liability, these security breaches undermine important objectives of the health care system by discouraging patients from disclosing their private information to covered entities.
An illustrative prior art system for enabling covered entities to transmit private health information to business associates is depicted in FIGS. 1 and 2.
At step 200, the key generation module 170 of the business associate 155 generates a public key 175 and private key 180 according to an asymmetric key algorithm. As would be appreciated by one of skill in the art, there are a variety of asymmetric key algorithms, such as the RSA algorithm, the ElGamal algorithm, and the Paillier algorithm.
At step 205, the covered entity 110 collects private health information 105 of the patient 100. The private health information 105 may be provided directly by the patient 100 and entered into a computer system of the covered entity 110, or it may be collected from the patient 100 using a modality such as a CT scan device, or by a medical professional involved in the care and/or health records of the patient. The private health information 105 may be stored and transferred according to the Digital Imaging and Communications in Medicine (DICOM) standard, published by the American College of Radiology and the National Electronic Manufacturers Association. Medical images, which may also constitute private health information, may be stored and retrieved using a Picture Archiving and Communication System (PACS).
At step 210, the covered entity 110 initiates the submission of the private health information 105 to the business associate 155. Submission of this information can be accomplished using software, such as an application programming interface (API) over any standard network protocol.
At step 215, the business associate 155 sends the public key 175 to the covered entity 110.
At step 220, the key generation module 120 of the covered entity 110 generates a symmetric key 125 according to a symmetric key algorithm such as Blowfish, Twofish, or Serpent. In step 225, the encryption module 130 of the covered entity 110 encrypts the private health information 105 with the symmetric key 125, and encrypts the symmetric key 125 with the public key 175 provided by the business associate 155. The encrypted private health information, along with the encrypted symmetric key, is sent to the business associate 155 over connection 150 in step 230. In step 235, the decryption module 190 of business associate 155 uses the private key 180 to decrypt the symmetric key 125. The decrypted symmetric key 125 is then used by decryption module 190 of the business associate 155 to decrypt the private health information 105 in step 240.
Once the private health information 105 has been decrypted, it can be processed by the processing module 160 of the business associate 155 at step 245, yielding result 165. The business associate 155 may perform a variety of operations on the private health information 105, such as statistical analysis.
In step 250, the encryption module 185 of the business associate 155 uses the symmetric key 125 to encrypt the result 165 that was yielded from the processing module 160, yielding an encrypted result 195. The business associate 155 then sends the encrypted result 195 to the covered entity 110 over connection 150. Finally, at step 255, the decryption module 135 of the covered entity 110 uses the symmetric key 125 to decrypt the encrypted result 195, yielding a decrypted result 145 that can be accessed by the covered entity 110, the patient 100, or both.
Under this and other prior art methods, a covered entity who wants to take advantage of the services offered by a business associate must provide that business associate with the symmetric key so that the business associate can decrypt the encrypted private health information and perform the requested operations on that private health information. This is disadvantageous because covered entities often do not know the precise security policies and practices of business associates, or the identities and trustworthiness of the individuals responsible for administering the operations of the business associates. Given the potentially severe penalties associated with security breaches, covered entities are often reluctant to share private health information with business associates, and may decide to forego the valuable services that certain business associates offer. Alternatively, covered entities may devote significant resources to investigate the security policies of a business associate.
What is needed is an efficient system and method for enabling business associates to process private health information collected by covered entities without enabling business associates to access that information.