To the Editor.—Recently, Klein et al1 provided a good discussion of data security and particularly emphasized basic modern file encryption concepts. More than 10 years ago, we described, emphasized, and published the importance of a more comprehensive approach to medical data security.2 Encryption of data is an important technique, but is only a part of the larger concept of information security. Despite keeping data stored in encrypted form, the information remains vulnerable to diversion in a myriad of ways before encryption and after decoding. Such decoded forms must exist at some point in order for the subject data to be of any practical use. Modern concepts particularly require integration of human factors in the security matrix, and this is emphasized in recent regulatory changes. The advent of Health Insurance Portability and Accountability Act regulations has certainly made fuller appreciation of these security concepts more important and timely.

Klein
,
R. R.
,
D. W.
Mount
, and
R. B.
Nagle
.
Modern data security.
Arch Pathol Lab Med
2004
.
128
:
338
340
.
Ulirsch
,
R. C.
,
E. R.
Ashwood
, and
P.
Noce
.
Security in the clinical laboratory: guidelines or managing the information resource.
Arch Pathol Lab Med
1990
.
114
:
89
93
.