Health level 7 (HL7)

As mentioned briefly that the security processes of data encryption is endless field of research and discussions. Which make the development and innovative procedures regarding wide imaginable frame line of invention job. The idea to develop separate firm of standards protection and development was not far from many and effort had been paid long ago. Not only keep the standards firm and compact against variety of life legal acts and standards, but also make it firm to produce and overcome the present setbacks burdens involved the current working ones. As usual when academic researches touch materialistic subjects could reach or not depending on the individual or automatic records. The metric process of renovation in core of standards platforms are hard to be measured and even be concisely performed. Health Level 7 is a non-profit organisation founded in 1987 that develops a group of standards for communication of clinical information. The main and most important ones explained as below:

Ø  Message protocols (HL7 v2.x)

Ø  Conceptual standards (e.g. HL7 RIM)

Ø  Document standards (e.g. HL7 CDA)

Ø Application standards (e.g. HL7 Clinical Context Object Workgroup CCOW)

HL7 is designed to be leaded by events in clinical work and associated work unites that use always current of information during the working hours of operation. Admission messages triggered then send to other operated system to do scaffold of clinical patients archives. There are books written about HL7 and what you are seeing here is just a scale or only hint about it.  There are many versions and associated working model in-between might in some points exaggerate or suppress in other corners to appear more flexible and much modified to varieties of clinical information sorts. Exchanging the electronic data in form of communicating message is the main picture of linkages between different working models of data security and safety. HL7 Version 2 is widely used and matching many of other work standards which existed in subversion from 2.1 till 2.6 which are backward compatible. 

HL7 v3 carries the same core of work with plus introduce the reference information model (RIM). V3 is more conjugated with different data floods among unites of exchange. It usually v3 found conjugated with medical data standards such as LOINC or SNOMED CT to encode and decode the medical data devoid of errors and overlapping. In last two posts; I choose to put the most famous and convenient security acts and rules just to give the reader hint about their existence and their core capabilities of change and develop data security for better. Actually topic of security standards looks like mind of future career to draw and lead development and innovation toward future but although and above all, the results are not known clearly before implementation with each data category and get the full experience of rule implementation. Full health  J

HIPAA Security rules

Health insurance and accountability act (HIPAA), August 21, 1996 congress approved security rule of individual identifiable health information. It is security standards of protection of health data and security information. Electronic healthcare records and other branched records need continuous security rules in order to ensure specific address uses and other associated roles related to the patients. Adopting new technologies is the main core of work that serves also the protocols of electronic data transformation. HIPAA rule applies over wide range of medical data including Physicians, nurses and even midwives and pharmacists. All are working under umbrella of same rules of security and data safety barriers to reach intended threshold of data quality optimization among patients and care contributors. The HIPAA privacy and security rules applied to health care providers and non-health care providers. In next paragraph we are going to discuss the main operating components of HIPAA Security rule;

HIPAA privacy rule: this rule control the transferring process of medical information and also identifiable health information through covering the identities:

Ø  Common identifiers (e.g. name, address, birth date, social security number)

Ø  Past, present or future physical and mental health or condition

Ø  Provision of health care to individuals

Ø Past, present or future payment provision for health care

The privacy rule needs entitled permission for information disclosure of patient health records.

HIPPA Security rule:  the rule of security covers the process of maintaining and transmitting in electronic form, as follow:

Ø  Ensuring authorized disclosure, integrity and availability of all personally identifiable health information

Ø  Identify and protect against anticipated threats to the confidentiality, integrity and availability

Ø Protection against impermissible use and disclosure of information

The characteristic feature of this rule that needs administrative safe guards by patients identifiable disclosure in electronic forms of data reviewing pattern.

HITECH: The Health Information Technology for Economic and Clinical Health Act (HITECH) is considered the extension of individually standards of information privacy. It forms legal liability of non-compliance and also provides patient notified toward any unsecured access to electronic health data and patients privates records. The act draw more individuality frame of society and embrace patient role of self data protection in order to do complementary role with former security rules. Full health J

Role of encryption on protecting data

The role of encryption in data protection is excited topic for me and how useful data encryption can protect the data. Potential threats of sensitive information are endless and own continuous adaptive development matching different modes and regimes of encryption. At the same time data encryption procedures got more complicated and massive burdens in front, there are teams of hackers develop themselves on daily basis and over all they like what they are doing. They believe in business concept ‘Earn from problem’ which make them create both the problem and other part of their team indirectly introduce the solutions for the same problem. Web viruses and anti-viruses the main and clear example then you can imagine how lucrative dealing with data problems and solutions. Most of communicating data we are using daily not encrypted and even if happened with large web corporations only carried out on basic level that makes invasion process for hackers as piece of cake in their free time. Societies can imagine the full picture of data hacking risk and occasionally appear with electricity current incidences or bank stealing database. Because of expensive nature of data encrypted projects, many of them postponed in accord to government priorities and availability of implementation.

The topic is much sophisticated and many opinions against or with fast implementation of data encryption but where the fact?!. The fact about the process of encryption for all kind and amount of data is practically impossible and hard to be implemented and even harder to be planned theoretically. Exactly in other words considered impossible to do with all public data that big burdens and how to train people to deal and handle encrypted data with cascades of barriers is also ahead problem for them. For this reason still massive and stiff encryption restricted over certain kind of data and most sensitive type.

In the business sector; corporations plan to do encrypted strategies and implement small scale project of encrypted data regimes to the significant information and files. But on the opposite there are many which did not do and because of resources scarcity, still the fact of complete data protection is one of their horizon dreams. What makes customers and other communication databases out of control for unexpected aggression and invincible attack?. Many countries all over the worlds own hacking teams to deal and explore other countries data regardless the purpose good or bad; all under hummer of data exploration!.

The point here from private viewpoint not to implement the encryption projects and extend the burdens in front of public but to support them by training how they should control their communication as possible. As long as necessary mindset to avoid any private and sensitive data should be use against them later in different forms. People like to communicate inborn and to be selective over their own will protect them and their personal data with cautious spirit over the process. Full health J

Driving of data protection

Among piles of working data, there is necessity to select and identify the real promoter to encrypt some sort of data is actually most important. Promoter could increase and enhance the need toward some data encryption more than regular one. There are many contributed factors which carry a direct influence over data encryption and how it should be. In order to be a bit clearer to explain what I mean here; any sort of data needs core factor or may be group of factors determine and say clearly that there is a urgent need toward encryption process. Without, not need to do and actually considered waste of effort on data never formed any kind of risk if they are publicly known. But the question here what are these factors determine that data need to be encrypted and who own the final decision regarding starting point of encryption. Second part of question is actually easier for now; the authorized person who owns the decision regarding which and how certain amount of data should be encrypted according to the significant importance of them.  Moreover; all of these negotiations far way from data sharing protocols and associated acts. I do not need here to remind you that keeping the data wanted to be encrypted in tunnel is the first aids of encryption process; simply no one going to encrypt public or known data otherwise, that would be against any logic. Some authorized person from governments and others from military and might be in some projects from consultation agency depending on their data modelling and analysis but all under tunnels of security. 

Other part of question takes more time and explanation regarding the contributions and factors that pushing some sort of data to be encrypted according to their nature and facilities and even the team capabilities who are working over. Due care is the first one of the contributed factors regarding will of data encryption; firms and companies are responsible to protect their clients and regular customers data and personal information. To apply Due care as a legal concept of protection hold the dealing standards of encryption. These standards differ according to nature of data and nature of involved business carries this data. When the core standards of Due care meet the needing point of data encryption by clear facts and signs. The decision of data encryption must be taken and that regime of widely use in military and national security tasks.

Reputational Risk is the second determinant factor to deal with encryption prospects and also used to determine liability and negligence. Data reputation is similar to human reputation exactly; when you see military budgets or weapon annual purchases reports that for sure known among public by high confidential sort of data even if they are not  in core work procedures of military plans, but this fixed facts for decades among society members.

Regulatory risk is the third factor of determination regarding the final encryption process of any data modelling. Explanation of the factor is merely depending on surrounding risks than the future considerations because the innovation degree of hacking certain data fragments in future not measurable yet. But when data attacking risks are higher than keeping them without encryption is become necessary and obligatory need to do.  There are other factors and categories involved in process of assessments and decision making procedures but these factors are the main and widely used among data engineers and architectures. The need to reach proper and fair decision about data promoters is actually important not only for data but also to avoid waste of society resources and taxes money with nothing in return. Full health J

Influences of insiders and outsiders over data encryption

In modern jobs that forced many to sit for hours in front of screens. Wither public enterprise or private one; employees found themselves have to deal with huge amount of data. Some for sure normal regular data while other sensitive or confidential. The triangle of responsibility here is not only over the sort of used or dealt with data. Than the officers or employee behaviour’s with each of them; as long as data nature is different that also reflected on the work way and nature of tasks been implemented. Actually, this point means that not anyone can work with any data. By the same principle, not anyone fit to deal with certain type of data. To prove this meaning on ground, please try not to be shocked when you know that in some small countries in Europe it is easy to find your financial information of all resident individuals among locals because they look and tell that someone owns certain amount of money in own bank account. For sure is not that difficult only one employee tells his/her colleagues such amount of money then few days. You found all your financial information well known precisely among community members. Their body language and look gestures explain that they got everything on time. This example has mentioned to prove that not everyone fit to deal with every data type even on psychological level. In some country; in order to know financial data regarding personal account of someone; the bank will never does it unless applicant submits court decision mention that there is necessary need to uncover this information outside the bank.  

For many decades the matter of insiders toward security of work data form big problem and without hard observation and restricted follow up. Any insiders with flash drive even for reading and show up can get the full copy of information outside the work site. Till now nothing can control human behaviour particularly if they related with emotional or psychological deprivation about something. Imagine for a moment when someone always think emotionally with money or never hold large amount of money in own personal life and then you found the same person working with millions in bank. Not only but also has ability to see and deduct money from hundreds of people personal accounts under name of fees; how you think that person going to do the job properly without any self bias in future?!.  Fortunately; there is nothing can measure self deprivation better than the history of the person. It means person or nation’s history can tell you how this personality can deal and mange life problems or important information later. This is the reason why in important work positions, the applicant must owns brilliant history of achievements  and honesty even with moderate or regular appearance.

Outsiders risks over the working data known in name of hacker attacks and electronic network invasions. It is called ‘’pishing’’ or ‘’pishers’’ when hackers communicate directly with victims in order to find any network setbacks then attack it vigorously. The main interest of individual hackers is financial data while military hackers team dealing more with national security information of other countries; allies and enemies. As mentioned before information is the most important products you can deal with and always if there no information, there is no possibility to get any attacks because your enemies will never know where to attack and hurt you. Full health J

 Influence of cryptography over data protection

After the process of encryption of the certain amount of data, there are many opinions and theories discussed the degree and level of protection over data itself. Is it means the process of encryption was enough to protect such kind of data?!. Moreover; the final yield to tolerate many cascades of encrypted codes and dual keys to keep them safe from any future hacking. This is actually the topic of this post; the influences of encryption over certain amount of data differs accord with aim of protection and length of protection. If you are walking with my words slowly we are together going to reach fact that level of protection and direct influences over sensitive data depend mainly on how importance of this data and what difference if these data living with and without encryption at all. For example; you own your name and have been encrypted for personal reasons; although you did the right steps of encryption correctly and what really the difference if your name lived on web without encryption or with tight strong encryption?.

Exactly; the data encryption could not reach and valuated for any sort of encryption unless they own significant importance of their own, without it forms some kind of time wasting. Because we make very good data protection and professional data encryption for kind of data never carried any value and informative importance ever. For sure; many governments take it as a strong tool to exaggerate the expenditures budgets and waste some more money to encrypt invaluable data. But here are we trying to keep our post in the same pathway. Simply; to determine how far this data valuable to be encrypted and how deserve to get the expenses regard. Vulnerability and sensitivity of these data ahead in mind to know the proper answer and how would be processed in future.

Vulnerability is one of key factor of any data evaluation and determined mainly on how decisions and analysis procedures could directly gotten to identify some sort of facts about the community.  In simple meaning; what doors could these data open if they known and what facts could these data leads to.  After you encrypt your beautiful name and if someone decrypted yours and eventually find your name; what sensitive facts your name will lead the receiver and how that affect matter of future decisions. Data and its nature is really surprise branch of science; it is logic to find data lack of meaning here and carries most valuable and vulnerability measures in other society. Difference of data does not mean difference in vulnerability, it means other way of data evaluations and importance measurements.

Sensitivity of data also differs depending on nature, retrieval and processing of them. Far from any complicated terms; how we see the data and processed information determines level of sensitivity of their own. For instance; if you see the number of your military is not important if your enemies know all about how you consider your data sensitive. If the government agrees on all data sharing protocols why they never announce how much income taxes they got annually and where exactly their expenditures carried out. Thinking carefully in previous examples giving full idea about how we see the data undoubtedly forms some sort of hidden significance. Without local conceptual determination would be hard to calculate ad determine the significance of them and how data should be used in future. Full health J