Yurii Shevchuk, a software engineer and expert in securing health data, explains how his patented system protects patient information using double encryption to create, store, and share documents effortlessly
These days, the way we handle and access health information is changing rapidly with digital tools. This shift is exciting but also presents many challenges: how do we keep our most private data safe, and how do we ensure everyone can get the medical help they need? For example, in 2024, data breaches in healthcare alone affected 180 million people, 24By7Security notes. This shows that protecting patient information and making care accessible to all are not just goals but essential to maintaining public trust and ensuring medical services continue smoothly.
Now, these are the issues Yurii Shevchuk is addressing. Leveraging his strong background in information security management, Yurii has developed CodeDoc, an innovative tool to safeguard patient data. This patented software handles documents securely, especially sensitive health records. Additionally, he has worked at Momentum3, improving operations at UnitedHealthcare, a well-known health insurance company in the U.S. Here, significant reductions were achieved in the time spent creating marketing content, which greatly increased customer satisfaction. He has also worked on securing and improving access to patient data in Ukraine. His efforts ensure reliable, secure, and efficient digital tools that enhance care while respecting privacy. As a senior member of IEEE, he started a school to mentor others to follow in his footsteps. These efforts demonstrate how he is shaping the future of health data security, healthcare access, and patient trust.
Yurii, welcome. You recently developed CodeDoc, an innovative patented system protecting patient data. Could you please tell us a bit about your professional journey and the factors that led you to conclude that current solutions were inadequate?
Thanks for having me. I got into computer science and programming when I was in high school. So, that pushed me to study computer science at Lviv Polytechnic National University in Ukraine. Here, I focused on information security management and graduated in 2014. I was drawn to this field because it doesn’t just cover programming. It includes everything about protecting information, which matters a lot in fields that deal with sensitive documents like healthcare. This field opened so many doors for me. While I was still a student, I started working as a front-end developer and noticed how fragile many digital tools were. Sensitive information often faced risks like leaks, hacking, or tampering. I saw how medical institutions became common targets for cyberattacks, leaving private patient details exposed. So, this clear problem—the urgent need to protect data versus the weak systems in place—pushed me to focus on building secure and reliable digital systems in healthcare.
CodeDoc reportedly increases cryptographic security by 30% and cuts leak risks by 95% using RSA-2048 and ECC double encryption. This approach fundamentally differs from standard healthcare data protection. So, how does it do that?
I’ve patented a system designed to counter major threats to private data in the current digital landscape. This is particularly crucial in the healthcare sector, where patient records, test results, and treatment specifics demand robust protection to maintain confidentiality and comply with regulations like HIPAA. Existing tools often fall short in delivering strong encryption, straightforward access control, or transparent audit tracking for medical data. My system fills these voids. It employs a dual-layer encryption approach for critical data. A proprietary file format (.kdd) is integrated to prevent access by unauthorized software, and the system interfaces with external platforms via TLS 1.3. From initial file generation to subsequent transfers, this system guarantees the security of medical documents, fostering confidence in patient data management and digital health information exchanges.
While working at Momentum3 on a project for UnitedHealthcare, your web portal reduced marketing material creation time by 40% and event planning costs by 30%. How do you measure real-world impact beyond just security metrics?
I worked on medical IT projects in the U.S. and Ukraine, which taught me the importance of safeguarding data while ensuring patient access. For example, I developed a large web portal for United Healthcare aimed at simplifying the creation of informational materials for medical plans while managing patient data. A key focus was complying with HIPAA, a U.S. law with strict rules to protect health information. I implemented HMAC hashing for data synchronisation, automated data analysis tools, and role-based access controls. These improvements saved time and enhanced customer satisfaction. This experience shows that effective data protection not only secures information but also improves patient services and streamlines administrative processes.
When the war started in Ukraine, you didn’t just continue working remotely; you launched initiatives for WCAG standards and an online petition for medical data protection. How did this crisis reshape your understanding of healthcare accessibility and security?
Amid the humanitarian crisis in the country, efforts turned to making sure medical care was both safe and available to people with disabilities and those displaced. HIPAA is a U.S. law, but the idea it stands for—keeping patient data private and secure—is crucial all around the world to keep healthcare ethical. So, I pushed for the creation of state-level WCAG standards to make health platforms easier to access online. I also took steps to set up strong encryption systems and secure databases so patient records would stay safe from being hacked or accessed without permission. Then, to push lawmakers into taking medical data security more seriously, I put together an online petition to highlight the need for tougher protections, showing why privacy rules in healthcare should matter everywhere.
You’ve written two JavaScript books and started a cybersecurity training school. What’s driving this shift from building systems to building people who will build systems?
I wrote the books out of my own experience teaching coding. So, I realised new developers needed clear and hands-on materials to learn. However, my dedication to teaching has also inspired me to start a specialised training school. The school aims to train upcoming experts with real-world skills in modern data protection. This is key to safeguarding critical systems in healthcare and keeping patient data safe. I believe data security will serve as the backbone of all future digital health tools and services. To prepare for that, the importance of having trained professionals ready for the challenge cannot be overemphasised.
As a member of the Organizing Committee of the Conference on Cybersecurity and Network Protection, what do you see as the next critical steps for healthcare organizations trying to balance security, accessibility, and efficiency?
I would suggest they take a broad and forward-thinking approach when it comes to safeguarding health data. This should not be seen as meeting compliance rules but as an ongoing responsibility that is vital to building patient trust. First, focus on strong data security measures. Use tough encryption methods to protect sensitive patient information where it is stored and while it is being sent. Make sure only the right people have access based on the principle of least privilege. Tools like multi-layered encryption, similar to my patented system, play an important role here. Second, put serious effort into training people and building a mindset that prioritizes security. Technology alone cannot solve every issue. It is important to train all staff, from front-desk workers to doctors and IT teams, on the best ways to manage data, spot phishing attempts, and react to issues when they happen. Create an environment where everyone knows their part in keeping patient data secure. Third, focus on making systems interoperable, with both security and accessibility included right from the start. As healthcare shifts toward connected digital networks, designing new systems using security-first and accessibility-first approaches becomes essential. This means following standards like WCAG to give all patients fair access. Finally, keep reviewing and improving. Threats in the digital world change fast. Organisations must run frequent security checks, conduct penetration tests, and learn about new risks and regulations to stay prepared. Managing risks ahead of problems, instead of fixing issues after they happen, helps build reliable and secure digital healthcare platforms.
Source: Protecting Your Health Data: New Ways to Keep Patient Information Safe
