Web-based data collection: security is only as good as the weakest link.

I read the paper by Avidan et al. (1) with great interest because the World Wide Web is a great communication tool and it is only logical that studies involving multicenter data collection would utilize it. When comparing a web-based method to a single computer data collection method (a database, for example), the biggest difference is the remote data entry and, thus, the communication aspect to the centralized server. Many choices can be made for this communication to occur, but the most convenient and cost-efficient method is to use the Internet as the authors have done. They rightfully point out that, because of this, security is the most critical issue. However, the generally accepted concept that “security is only as good as the weakest link” (2) is not applied to their methods. The authors acknowledge that they send their clinical data via insecure (unencrypted) email to their protected (firewalled) database server. This is similar to locking all the doors to your house but leaving the bathroom window open. The risk of intercepting data from email messages is not minimal. Emails typically flow through several servers (just look at the full headers of any email for “Received:” entries) and the system administrators for each of those systems have access to the emails. In addition, if there is a problem with email delivery (even if it is temporary), bounce messages are sent, and those typically are copied to system administrators. It is relatively easy for hackers to monitor unencrypted data streams. I agree that there is a small chance that a hacker would accidentally find the data stream, but it would be relatively easy to target this setup and to get a lot of data out of it. In the United States, privacy and security of patient health information has been regulated by the Health Insurance Portability and Accountability Act (HIPAA) of 1996, Public Law 104–191. Under this law a setup as presented in this paper would be unacceptable. Electronic, web-based data collection systems can be set up in compliance with HIPAA. Data must be encrypted as it flows through the system. Typically that means a secure SSL-based connection from the web browser on the client to the web server (https connections) and a secure encrypted connection between the web server and the database server. Firewall techniques can be employed as well because the database server only needs to accept connections from the web server. Only by ensuring that data are always encrypted and by maintaining and patching the computers the data reside on can we be reasonably sure that patient health information is private and secure.