The present invention relates generally to a system and method for storing information in a computer system. More specifically, the present invention encompasses a system and method for storing personal identifiable information and associated records in a computer system in which the personal identifiable information and the associated records are stored separately and any link between the information and records is hidden.
Computer or cyber crime is a fact of life in today's business environment especially with the proliferation of Internet use. Many businesses have suffered security breaches of one form or another and, as a result, have suffered both tangible and intangible losses. Significantly, security breaches have lead to the loss of both proprietary and sensitive or confidential information. Losses of this type have cost companies money, have tarnished corporate images, and have caused the disruption of business. In addition, several recent government regulations, such as HIPAA and the Gramm-Leach Act, require data confidentiality to ensure consumer privacy. Failure to comply with these regulations, that is allowing the disclosure of confidential consumer information, could result in a company receiving a significant fine or prevent a company from qualifying for certain contracts.
Thus, improving and/or maintaining the security of the information stored on its computer system or network is a high priority for many businesses. For example, because of HIPAA, businesses in the medical profession or businesses that deal with the medical profession must ensure the confidentiality of patient information and records. Patient information may include sensitive information such as the patient's name, address, telephone number, and social security number, and non-sensitive information such as the patient's gender, height, weight, race, and marital status. Similarly, the link between a patient's information and the patient's records, which might include information concerning prescriptions, diseases or doctor visits for example, will also be sensitive and subject to confidentiality constraints.
Traditionally, when companies sought to protect their computer systems and the information stored on those systems, they focused on the unauthorized interception of data transmissions and the unauthorized entry into the system. To combat the unauthorized interception of electronic transmissions, companies developed or purchased communication protocols that employed well-established, sophisticated encryption tools that encrypted data prior to its transmission. To prevent the unauthorized access of its computer system, companies installed complex firewalls to intercept transmissions before they entered the system in order to determine whether the sender had authorization to access the system. Authorization may take the form of a user account and password (or passwords), possession of a smart card, or possession of a computer disc for example.
Unfortunately, these programs fail to fully protect the information stored on a computer system. In particular, because they focus on events that occur outside of the computer system, the programs or methods are of little use when an attack comes from inside the organization. A program that encrypts data only before it is transmitted will not prevent a disgruntled employee from reading clear text information that resides on the network's storage devices. Likewise, a program that prevents unauthorized access to a network-will not prevent someone with authorization gained through fraud from reading clear text information that resides on the network's storage devices.
Of course, all data could be encrypted before it is stored on a storage device. Depending on the level of encryption, this action would likely prevent unauthorized persons from reading the information. Unfortunately, this process is not practical in many circumstances because decrypting large quantities of heavily encrypted data is time-consuming. Also, certain types of data or records are in continual or heavy demand because of the need to search the records or compile statistics about the information contained therein. Requiring decryption every time someone wanted to analyze or search the data would introduce unnecessary and significant delays into the process. For example, with regard to the medical profession, pharmaceutical companies may be interested in information concerning the usage of certain drugs, that is, how often the drugs are prescribed, the dosages, and the length of the prescription. Often, knowledge of patient information is not necessary for studies of this type. Therefore, it would be convenient if patient information and patient records were stored separately and the link between the information and records was hidden so that the records could be accessed without the need for decryption and without revealing confidential or sensitive patient information.
Therefore, a system and method are needed to protect information or data stored on a storage device from unauthorized access. The system or method, however, should not add significantly to the overall operating or performance cost of the system.