Tokenization: A Secure strategy for Healthcare

Proxy Workflows

Tokenization can be a good strategy for staying out of the news. These are the headlines of our times:  “Hospital warns patients of a data breach” – May 9, 2013. “Hospice informs 800 patients of health data breach” – April 29, 2013. Employee exposes patient data in unsecured email. “Patient Data posted online in Major Breach of Privacy – Sept 2011. Vendor spreadsheet containing  20,000 patients data is compromised. “University Medical Data Breach leaks Patients’ Social Security Numbers” – April 9 2013. A doctor’s laptop containing patient data is stolen. Patient privacy data breaches are on the rise.  Hacking from outsiders with criminal intentions is a constant threat to guard against but we are seeing alarming incidents of inadvertent abuse by authorized users.

56% of respondents to the 2012 survey for the HIMSS Analytic Report: Security of Patient Data commissioned by Kroll Advisory Solutions indicated that the source of their breaches was by individuals employed in their organizations.  Organizations are increasing risk with providing access to third parties and with the fast growing addition to organizations infrastructure to support mobile access. The cost to healthcare organizations is great in terms of lost customers, lost revenue and lost respectability.

Tokenization vs. Encryption

The tokenization strategy for protecting healthcare data is to remove personal information from databases, services and reports.  Data that is not there – cannot be breached. Encryption strategies maintain patient privacy data in place – Tokenization strategies remove data completely. Patient data can’t be compromised if it has been removed. With encryption the original value is still present in the application or database. Tokenization removes the data from harm’s way.  This is especially useful in healthcare environments where so many varied users have access to the protected information including doctors, clinicians, partner hospitals, HMOs, insurance providers, drug companies, clinics, and government agencies.  When patient data is tokenized, the report that is emailed insecurely now contains tokens instead of social security numbers. The vendor spreadsheet now contains tokenized patient names, phone numbers and email addresses. The doctor’s laptop now holds medical record numbers that are actually tokens.

Proxy Workflows

FTP(S), File and custom protocols.  Any data format can be supported with the embedded power of Informatica’s Data Transformation. For example, HL7 over MLLP can be parsed,

inspected and tokenized before forwarding the message to the Health Information System.  XCPD transactions can be opened to inspect CDA Documents and to tokenize the PII data.  IHE workflows implemented through the Token Broker workflows allow for tokenization of data prior to storage in the data repository.  Expressway products are optimized for XML processing and can process these transactions at high volumes.

Secure the Perimeter

Token Broker combines the security of tokenization with secure message transport.  Transactions passing through the proxy solution can be secured with Transport Layer Security provided with Token Broker. Service endpoint protection methods include Authentication with Kerberos and LDAP, Oauth 2.0, API Keys, X.509 Tokens, WS-Security/SAML, Content Attack Prevention, Input Validation, adaptive Denial of Service, Anti-Virus, Anti-Malware and DLP Protection and sophisticated Quality of Service protocol management.

Healthcare data today is more exposed and accessible, but we want to encourage that in order to foster innovation. Healthcare providers are using mobile devices more.  Mobility is a great way to speed the delivery of healthcare solutions. Healthcare data is being shared with third parties more often.  Openness and interoperability gives providers more data input points for developing informed solutions.  When the Personally Identifiable Information (PII) and Protected health Information (PHI) data is removed through tokenization, we can open up access to the clinical information.  Analytics can be applied to the tokenized scrubbed data.  API‘s can mash up the data from the various provider streams without risking the privacy of the patients.


Follow me on twitter @WBohner



Wendy Bohner

About Wendy Bohner

I am currently working on Interface Integration at Intel for Application Security and Identity Products. Experienced in HL7, HIPAA, J2EE, .NET and Web development technologies. Industry experience in healthcare, benefits administration and telecommunications. As a PreSales Engineer, I am advising customers on solutions for API Management, SOA, Cloud, Security and Identity. My prior roles include development team lead for GE Healthcare, Software development consultant for AON-Hewitt and manager at AT&T. I enjoy reading and following the Chicago sports teams in my free time.

Comments are closed.