Study reveals security weaknesses in file-sharing methods used in clinical trials

Feb 16, 2011

Patients who participate in clinical trials expect that their personal information will remain confidential, but a recent study led by Dr. Khaled El-Emam, Canada Research Chair in Electronic Health Information at the CHEO Research Institute, found that the security practices used to transfer and share sensitive files were inadequate.

The two-part study, entitled "How Strong Are Passwords Used to Protect Personal in ?", published today in the Journal of Medical Internet Research, showed that the majority of passwords used to protect files are poorly constructed and easily cracked using commercial password recovery tools. Study coordinator interviews indicated that shared in the context of clinical trials may put personal health information at risk.

"The patients in these trials expect that their personal information will be protected," said Dr. El-Emam. "This is critical for maintaining the trust of clinical trial participants, and the public in general."

In the course of the study, passwords for 14 out of 15 sensitive files transmitted by email were successfully decoded. Of these 14, 13 contained sensitive health information and other potentially identifying factors such as name of study site, dates of birth, initials, and gender. practices were also found to be insecure, with unencrypted being shared via email and posted on shared drives with common passwords.

"Cracking the passwords proved to be trivial," said Dr. El-Emam. "Choices included passwords as simple as car makers (e.g., "nissan"), and common number sequences (e.g., "123"). It was easy for the password recovery tools to guess them."

Poor security practices can be harmful to patients participating in clinical trials, who are at risk of being identified and possibly stigmatized by the disclosure of personal health information. There is also a potential for both medical and non-medical identity theft. In the context of international clinical trials, inadvertent disclosure of personal health information is considered a data breach in countries like the United States, which can lead to penalties in some states.

Dr. El-Emam believes that with some effort file sharing in clinical trials can be made secure: "There are protocols and tools that can be employed for secure file sharing. It may take more effort on the part of those who conduct clinical trials, but the alternative would not be acceptable."

Dr. El-Emam makes several recommendations, including enforcement of strong and encryption algorithms, encrypting all information sent via email including site queries, and minimizing password sharing.

Explore further: What to do with kidneys from older deceased donors?

Provided by Children's Hospital of Eastern Ontario Research Institute

not rated yet
add to favorites email to friend print save as pdf

Related Stories

File-sharing software potential threat to health privacy

Mar 01, 2010

The personal health and financial information stored in thousands of North American home computers may be vulnerable to theft through file-sharing software, according to a research study published online today in the Journal of ...

Novel K-anonimity algorithm safeguards access to data

Nov 20, 2009

As electronic health records become more widely deployed, increasing amounts of health information are being collected. This data has many beneficial applications, such as research, public health, and health system planning. ...

New study looks at re-identification risks

Oct 14, 2009

A recent study led by Dr. Khaled El Emam, the Canada Research Chair in Electronic Health Information at the CHEO Research Institute, found that the information in hospital prescription records can quite easily re-identify ...

Privacy risks from geographic information

Apr 08, 2010

In today's world more geographic information is being collected about us, such as where we live, where the clinic we visited is located, and where we work. Web sites are also collecting more geographic information about their ...

Are you any good at creating passwords?

Jan 30, 2010

There's an interesting little study that's been done by security firm Imperva, which analyzed some 32 million passwords posted online in December by some enterprising hacker.

Recommended for you

Obese British man in court fight for surgery

Jul 11, 2011

A British man weighing 22 stone (139 kilograms, 306 pounds) launched a court appeal Monday against a decision to refuse him state-funded obesity surgery because he is not fat enough.

2008 crisis spurred rise in suicides in Europe

Jul 08, 2011

The financial crisis that began to hit Europe in mid-2008 reversed a steady, years-long fall in suicides among people of working age, according to a letter published on Friday by The Lancet.

New food labels dished up to keep Europe healthy

Jul 06, 2011

A groundbreaking deal on compulsory new food labels Wednesday is set to give Europeans clear information on the nutritional and energy content of products, as well as country of origin.

Overweight men have poorer sperm count

Jul 04, 2011

Overweight or obese men, like their female counterparts, have a lower chance of becoming a parent, according to a comparison of sperm quality presented at a European fertility meeting Monday.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.