Most of my IT career has been with Government/Defense and Banking business sectors where Security is a critical component of system design. I've not made a blog post in the past few weeks because I've been wrapped up with a government agency that is involved in Healthcare and they had some particular requirements for systems that contained information about patients with certain communicable diseases (including AIDS). Due to the heightened privacy concerns over this data; not to mention the HIPAA requirements I've spent much of the last 2 months involved in a project to improve the protection of this data. One of the layers we added is "Multi-Party Authorization" (MPA) for several MySQL applications and for file access to the reports that contained data extracted from those databases.
Multi-Party Authorization basically requires that at least 2 authorized individuals need to authenticate before the data can be accessed.. This "2 key" approach is sort of like the launch control for a nuclear Missile that requires 2 different people to turn keys before blowing up some small corner of the world.
We do background checks and screening of personnel before allowing them access to our data but the reality is that MOST unauthorized security breaches are done by insiders and the vast majority of those breaches go undetected because we lack internal mechanisms to audit when someone maliciously or accidentally ventures into data that they don't need to access.
Auditing in particular is re-active; it can only detect a breach after it has occurred and if you detect that an employee has made an unauthorized access after the fact you may be able to fire them but that doesn't erase the data from their memory or from their thumbdrive at home. I do a lot of auditing and we've had to terminate people for improperly accessing drivers license info on people in the news, perusing the tax records of politicians or, in one particularly disturbing case a man that was looking up license tag numbers for the 'attractive ladies' he saw on the highway. we've certainly heard of the people in Ohio, at various levels that accessed "Joe the Plumber's" records in the various systems in Ohio. It is of course good that those people got caught through audits; they are very useful trails but the data was still accessed without a legitimate need, printouts were made and in some cases data was sent on the internet
Our medical records are now mostly electronic. Multi-Party Authorization can be added to electronic health record systems to protect the private patient data from unwanted release or use. The patient could be enabled using Multi-Party Authorization to be the second party approver of any and all access to their medical records. That would keep sensitive medical data more secure and less likely to be incorrectly accessed or shared. Or another trusted entity could be the second party authorizer to control access to private medical data. Adding MPA to systems that contain and share medical records protects that data from inappropriate access. That security builds confidence in electronic health records.
