Study reveals security weaknesses in file-sharing methods used in clinical trials

Feb 16, 2011

Patients who participate in clinical trials expect that their personal information will remain confidential, but a recent study led by Dr. Khaled El-Emam, Canada Research Chair in Electronic Health Information at the CHEO Research Institute, found that the security practices used to transfer and share sensitive files were inadequate.

The two-part study, entitled "How Strong Are Passwords Used to Protect Personal in ?", published today in the Journal of Medical Internet Research, showed that the majority of passwords used to protect files are poorly constructed and easily cracked using commercial password recovery tools. Study coordinator interviews indicated that shared in the context of clinical trials may put personal health information at risk.

"The patients in these trials expect that their personal information will be protected," said Dr. El-Emam. "This is critical for maintaining the trust of clinical trial participants, and the public in general."

In the course of the study, passwords for 14 out of 15 sensitive files transmitted by email were successfully decoded. Of these 14, 13 contained sensitive health information and other potentially identifying factors such as name of study site, dates of birth, initials, and gender. practices were also found to be insecure, with unencrypted being shared via email and posted on shared drives with common passwords.

"Cracking the passwords proved to be trivial," said Dr. El-Emam. "Choices included passwords as simple as car makers (e.g., "nissan"), and common number sequences (e.g., "123"). It was easy for the password recovery tools to guess them."

Poor security practices can be harmful to patients participating in clinical trials, who are at risk of being identified and possibly stigmatized by the disclosure of personal health information. There is also a potential for both medical and non-medical identity theft. In the context of international clinical trials, inadvertent disclosure of personal health information is considered a data breach in countries like the United States, which can lead to penalties in some states.

Dr. El-Emam believes that with some effort file sharing in clinical trials can be made secure: "There are protocols and tools that can be employed for secure file sharing. It may take more effort on the part of those who conduct clinical trials, but the alternative would not be acceptable."

Dr. El-Emam makes several recommendations, including enforcement of strong and encryption algorithms, encrypting all information sent via email including site queries, and minimizing password sharing.

Explore further: Experts call for higher exam pass marks to close performance gap between international and UK medical graduates

Provided by Children's Hospital of Eastern Ontario Research Institute

not rated yet
add to favorites email to friend print save as pdf

Related Stories

File-sharing software potential threat to health privacy

Mar 01, 2010

The personal health and financial information stored in thousands of North American home computers may be vulnerable to theft through file-sharing software, according to a research study published online today in the Journal of ...

Novel K-anonimity algorithm safeguards access to data

Nov 20, 2009

As electronic health records become more widely deployed, increasing amounts of health information are being collected. This data has many beneficial applications, such as research, public health, and health system planning. ...

New study looks at re-identification risks

Oct 14, 2009

A recent study led by Dr. Khaled El Emam, the Canada Research Chair in Electronic Health Information at the CHEO Research Institute, found that the information in hospital prescription records can quite easily re-identify ...

Privacy risks from geographic information

Apr 08, 2010

In today's world more geographic information is being collected about us, such as where we live, where the clinic we visited is located, and where we work. Web sites are also collecting more geographic information about their ...

Are you any good at creating passwords?

Jan 30, 2010

There's an interesting little study that's been done by security firm Imperva, which analyzed some 32 million passwords posted online in December by some enterprising hacker.

Recommended for you

What are the chances that your dad isn't your dad?

Apr 16, 2014

How confident are you that the man you call dad is really your biological father? If you believe some of the most commonly-quoted figures, you could be forgiven for not being very confident at all. But how ...

New technology that is revealing the science of chewing

Apr 15, 2014

CSIRO's 3D mastication modelling, demonstrated for the first time in Melbourne today, is starting to provide researchers with new understanding of how to reduce salt, sugar and fat in food products, as well ...

After skin cancer, removable model replaces real ear

Apr 11, 2014

(HealthDay)—During his 10-year struggle with basal cell carcinoma, Henry Fiorentini emerged minus his right ear, and minus the hearing that goes with it. The good news: Today, the 56-year-old IT programmer ...

User comments : 0

More news stories

Study recalculates costs of combination vaccines

One of the most popular vaccine brands for children may not be the most cost-effective choice. And doctors may be overlooking some cost factors when choosing vaccines, driving the market toward what is actually a more expensive ...

Researchers discover target for treating dengue fever

Two recent papers by a University of Colorado School of Medicine researcher and colleagues may help scientists develop treatments or vaccines for Dengue fever, West Nile virus, Yellow fever, Japanese encephalitis and other ...

Hackathon team's GoogolPlex gives Siri extra powers

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Better thermal-imaging lens from waste sulfur

Sulfur left over from refining fossil fuels can be transformed into cheap, lightweight, plastic lenses for infrared devices, including night-vision goggles, a University of Arizona-led international team ...