An Ohio consultant thinks he has come up with the answer to two of health IT’s most vexing problems: cybersecurity threats and physician disdain for electronic health records. The early response to a crowdfunding effort suggests he may be on to something.
Tom Reid, CEO and lead inventor of Secure Exchange of Encrypted Data (SEED) Protocol, described his creation as “part IT project and part social movement.”
Though he has been working on SEED Protocol since 2011 and earned two patents for the technology this summer, Reid launched a Kickstarter campaign last week. The 28-day campaign met the $30,000 goal the first day.
“Kickstarter is mostly to raise awareness,” explained Reid. He said that Athens, Ohio-based SEED Protocol has other funding sources.
The technology employs three methods to ward off malicious attacks: Decryption keys, user identification and file encryption. Each file or record gets chopped into three pieces and sent to either a hardware “key master,” a user registry or a cloud-based lockbox. “Hacking any one of the computers does not compromise your data,” Reid said in a video on the Kickstarter page.
The key master generates unique decryption key for each person’s data.
In healthcare, Reid envisions physician practices encrypting each patient’s record with a unique lock. Patients would have control of the keys.
Reid admits the distributed, interlocking design of the technology is “unorthodox,” and said CIOs might question the strategy of giving away the decryption key to each user. “The interlocking mechanism is not a risk, actually,” Reid said. It allows customers to personalize detection of anomalies on their networks, and hackers would have to break down all three elements to compromise records, he explained.
SEED Protocol is not a health IT company per se, but Reid said the idea came from discussions he had with a hospital CEO who was concerned about handing over entire records to competitors via a health information exchange in southern Ohio. The CIO at that same hospital had been looking for a better way to store patient data in the cloud, and SEED Protocol was born.
“Healthcare is our first industry,” Reid said. “What we would really like to do is build [the cybersecurity protocol] into the electronic health record.”
While it may take a while to get the big EHR vendors interested in a cybersecurity protocol from a startup, Reid is optimistic that he can get the attention healthcare providers, who see security as just another headache associated with health IT. “Healthcare is the only industry where information technology is, across the board, decreasing productivity rather than increasing it,” Reid said.
SEED Protocol will have its first deployment in January, Reid said.
Here is a video demonstration of SEED Protocol, provided by the company:
Image: SEED Protocol
