Web-browser encryption of personal health information

Abstract

Background: Electronic health records provide access to an unprecedented amount of clinical data for research that can accelerate the development of effective medical practices. However it is important to protect patient confidentiality, as many medical conditions are stigmatized and disclosure could result in personal and/or financial loss. Results: We describe a system for remote data entry that allows the data that would identify the patient to be encrypted in the web browser of the person entering the data. These data cannot be decrypted on the server by the staff at the data center but can be decrypted by the person entering the data or their delegate. We developed this system to solve a problem that arose in the context of clinical research, but it is applicable in a range of situations where sensitive information is stored and updated in a database and it is necessary to ensure that it cannot be viewed by any except those intentionally given access. Conclusion: By developing this system, we are able to centralize the collection of some patient data while minimizing the risk that protected health information be made available to study personnel who are not authorized to use it. © 2011 Morse et al; licensee BioMed Central Ltd.