OK… now we have all heard about end-to-end encryption. What does that really mean? And why should you as a clinician be concerned about it.
What are these ‘ends’ in end-to-end?
When they refer to end-to-end, the two ends refer to the sender and the receiver. Let’s say you are want to convey some important piece of information to your colleague. So you are the ‘sender’ and the colleague is the ‘receiver’. The transfer of information could be verbal, by gestures or even some electronic form such as via telephone, or in the modern days by text messaging, email or some other form of communication. The last few channels of information is digital and travels from one device to the either over the Internet or the cellular service.
Keep it to yourself, buddy
Let’s say that the information you are providing to your colleague needs to be confidential. This is where you would employ different tactics depending upon whether you are talking in a private space (you would not be too concerned about someone overhearing your conversation), or in a corner of the conference room where there are other folks (you might use a soft voice and use gestures to make sure no one hears what you are saying), or on the phone (you will ask your colleague if the call is on the speaker phone or there is anyone in the vicinity who could to listen the conversation).
But none of these methods could be foolproof because someone could snooping in your conversation (by lip reading or by tapping the phone line).
This is where the Encryption comes into play.
Encryption – It’s All Greek to me!
So in the above example, the two parties might take precaution to exclude others from the conversation (some of my Chinese friends don’t bother about talking in soft voice even in the presence of a bunch of others, they just switch to Mandarin!) there are problems when you have to be physically separated from each other.
The electronic bits that represent the conversation need to travel and someone with enough technical chops could intercept these bits and piece together the ‘confidential’ information that you were eager to pass on!
So this is where the Mandarin trick comes into play. Well, sort of (don’t worry, we are not planning to send the two ‘ends’ to the language lessons). The idea is that you expect that some people could hear you talk. And you would want to make sure that they don’t understand what you are saying.
Now you will question that in a small setting you could know that no one understands Mandarin, but when surrounded by a larger crowd you can’t be absolutely sure that no one would understand you. You’re right, it’s a sensible observation!
And yet, this is the theme that forms the basis of how we can solve the problem of preventing others from snooping on your conversation. Or rather preventing them from understanding what they are ‘snooping’. Essentially, just like my friends resort to Mandarin, we convert the information into temporary ‘language’. Thus anyone who tries to understand the intercepted information would just get the gibberish and cry, “it’s all Greek to me“! (Sorry to jump a whole continent in my analogies ?).
See the following figure:
This illustration shows four different conversations happening. In order to make sure that every pair in the conversation remains private from each other, the ‘language’ or the ‘gibberish’ has to be unique for each.
This process of generating gibberish from perfectly good information has a fancy, mathematical name – it’s called encryption (Ah.. yes, finally coming to the main point of this topic!) Encryption is the encoding of a message to the indecipherable sequence so that only the intended party can decode it. Technically, this gibberish is called ciphertext. Even if someone gets hold of this ciphertext, they won’t be able to access the original information. The receiving party decodes the original information by the reverse process of decryption (We will get into the details of how this is accomplished in a separate topic). And of course, it pertains mainly to all forms of electronic communication that happens beyond the face-to-face communication, including any information that is stored electronically.
Back to the medical environment
When a clinician speaks to another clinician about a patient or directly with the patient, utmost care has to be taken to protect the information reaching to the wrong person. Transitioning to the modern reality due to the increasing adoption of digital technology, there are more channels of ‘leaky’ communication. Additionally, the liberal intrusion of the social media into our daily lives has also made it into the medical environment, jeopardizing privacy of the healthcare constituents.
Why should you care? Two words, HIPAA compliance. And this is where the end-to-end encryption becomes important.