Study reveals security weaknesses in file-sharing methods used in clinical trials

February 16, 2011

Patients who participate in clinical trials expect that their personal information will remain confidential, but a recent study led by Dr. Khaled El-Emam, Canada Research Chair in Electronic Health Information at the CHEO Research Institute, found that the security practices used to transfer and share sensitive files were inadequate.

The two-part study, entitled "How Strong Are Passwords Used to Protect Personal in ?", published today in the Journal of Medical Internet Research, showed that the majority of passwords used to protect files are poorly constructed and easily cracked using commercial password recovery tools. Study coordinator interviews indicated that shared in the context of clinical trials may put personal health information at risk.

"The patients in these trials expect that their personal information will be protected," said Dr. El-Emam. "This is critical for maintaining the trust of clinical trial participants, and the public in general."

In the course of the study, passwords for 14 out of 15 sensitive files transmitted by email were successfully decoded. Of these 14, 13 contained sensitive health information and other potentially identifying factors such as name of study site, dates of birth, initials, and gender. practices were also found to be insecure, with unencrypted being shared via email and posted on shared drives with common passwords.

"Cracking the passwords proved to be trivial," said Dr. El-Emam. "Choices included passwords as simple as car makers (e.g., "nissan"), and common number sequences (e.g., "123"). It was easy for the password recovery tools to guess them."

Poor security practices can be harmful to patients participating in clinical trials, who are at risk of being identified and possibly stigmatized by the disclosure of personal health information. There is also a potential for both medical and non-medical identity theft. In the context of international clinical trials, inadvertent disclosure of personal health information is considered a data breach in countries like the United States, which can lead to penalties in some states.

Dr. El-Emam believes that with some effort file sharing in clinical trials can be made secure: "There are protocols and tools that can be employed for secure file sharing. It may take more effort on the part of those who conduct clinical trials, but the alternative would not be acceptable."

Dr. El-Emam makes several recommendations, including enforcement of strong and encryption algorithms, encrypting all information sent via email including site queries, and minimizing password sharing.

Related Stories

Recommended for you

Pickled in 'cognac', Chopin's heart gives up its secrets

November 26, 2017
The heart of Frederic Chopin, among the world's most cherished musical virtuosos, may finally have given up the cause of his untimely death.

Sugar industry withheld evidence of sucrose's health effects nearly 50 years ago

November 21, 2017
A U.S. sugar industry trade group appears to have pulled the plug on a study that was producing animal evidence linking sucrose to disease nearly 50 years ago, researchers argue in a paper publishing on November 21 in the ...

Female researchers pay more attention to sex and gender in medicine

November 7, 2017
When women participate in a medical research paper, that research is more likely to take into account the differences between the way men and women react to diseases and treatments, according to a new study by Stanford researchers.

Drug therapy from lethal bacteria could reduce kidney transplant rejection

August 3, 2017
An experimental treatment derived from a potentially deadly microorganism may provide lifesaving help for kidney transplant patients, according to an international study led by investigators at Cedars-Sinai.

Exploring the potential of human echolocation

June 25, 2017
People who are visually impaired will often use a cane to feel out their surroundings. With training and practice, people can learn to use the pitch, loudness and timbre of echoes from the cane or other sounds to navigate ...

Team eradicates hepatitis C in 10 patients following lifesaving transplants from infected donors

April 30, 2017
Ten patients at Penn Medicine have been cured of the Hepatitis C virus (HCV) following lifesaving kidney transplants from deceased donors who were infected with the disease. The findings point to new strategies for increasing ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.