Catch 22 For Personal Grid Databases

July 27, 2016

meterstick

I have read about something called a “Personal Grid“, where each individual record in a database is stored and encrypted separately from all others.

At first blush, this sounds like a pretty amazing way to keep data secure. For every single record to which someone needs access, that record needs to be decrypted. Very secure, right?

The inventor, a doctor named William Yasnoff, MD, says that he is not aware of a need to process aggregate data across multiple patients, and if such is needed, who cares if it takes hours and hours to process. Besides, you can just whip up thousands of virtual machines to process the job in a parallel fashion.

WHAT???

Most medical programs absolutely require aggregate reporting capability, and most administrators are already impatient with the current reporting processes.

This joker wants to place even more delays on the critical reporting process? This sounds like another case of a king in his ivory tower not understanding the real world.

I guess you could pre-aggregate data into report-specific tables, but then you are right back where you started: with multiple patients’ data that can be stolen and decrypted all at once.

You can try to keep the minimal amount of information possible for reporting, but even incidental information can be used to surmise incredibly detailed information about individuals, which, if leaked, is almost the very definition of a HIPAA violation.

Too bad. I was really hoping the “Personal Grid” would be a viable security option.

 

Advertisements