IT Optimizers®: Strategy, Resources, Results
  Home | Search | Site Map | Contact Us
ServicesFULCRUM MethodsExecutive TeamClient Case StudiesKnowledge CenterPartnersCareer Opportunities
   Knowledge Center   
 
   HIT Outlook®   
 
   Publications   
 
   Superior Performance   
 
   Insights   
 
   Inside IT Optimizers   
 
   Perspectives and White Papers   

Privacy Perspectives: Electronic Medical Record Technology

Joseph M. DeLuca, Health Care Investment Visions

We, the people as citizens of the United States, hold a constitutionally established right to privacy, one we believe to be inviolable. Privacy legislation and litigation over the past century have clearly supported two beliefs - we believe these rights to be inclusive of all personal information, and countless situations exist where these rights were violated. Indeed, our government's privacy policy is extraordinarily reactive - as situations of concern arise, a legislative group at the state or federal level sorts through issues of legality, community safety and personal privacy - all in an attempt to protect this inalienable right.

Some illustrations of privacy issues:

  • Federal investigators subpoena the grocery buying record of a man suspected of selling drugs - to see if he bought an extraordinary number of plastic baggies. Because he used the supermarket's club card, his entire purchasing history was available.
     
  • In Colorado, police examine the video rental records of two teenagers after they go on a shooting rampage at a suburban high school.
     
  • Fingerprint databases exist and are shared by state and federal law enforcement agencies, and contain data on a voluntary basis (such as a California gun owner) and involuntary basis (such as convicted felons).
     
  • In the United Kingdom, suspected criminals are typically required to surrender DNA samples to a national database, with the information being used (with remarkable success) to identify sex crime offenders who have committed or are suspected of non-sex crimes.

Most of us would probably agree that certain acts, such as conviction of a felony, as well as legally followed judicial procedures are appropriate ways for privacy protections to be revoked or modified. The public interest served outweighs individual rights.

The privacy issue surrounding electronic medical records, however, is more complex. As a patient, I want the fastest, most effective clinical service possible. That often means that data about my medical condition, problems and complaints, diagnosis, medications, test results, family history, will be accessible through a computer network or the Internet to a wide range of professionals. We assume that, like law enforcement personnel, individuals with access to my clinical data will act responsibly, ethically, and in my best interest. But we know that is not always the case.

Several years ago, a close family member underwent an extended hospitalization. The staff was superb; without them my family member could have died. This facility had a reasonably extensive computerized patient data system. Through this experience, I learned first hand about patient data security.

As part of the extended care giver team, I had access to extremely sensitive medical information about others - through overheard conversations, by innocently glancing at charts carelessly left at the nurse's station or in patient rooms, or by computer screens filled with private clinical data left on. On several occasions, I went to ancillary areas with my family member, and saw confidential clinical data on a screen as we moved through the intake area. To completely secure the confidential medical data flying around, and thus the privacy of my family member and other patients, the clinical process would have been impaired and all family members, who are vital to the care and recovery process, would have to be removed, an unacceptable situation.

Of greater concern, though, was not only my innocent access, but also the way that some clinicians spoke about other patients' sensitive clinical data with me close by. "That field means they are reactive to sulfur drugs...That is a sensitive diagnosis field...a drug user" were comments freely volunteered. What were they saying about my family member to others?

A paper chart would have provided the basis for the same comments, but would be physically less accessible. Data in an electronic environment travels in a much more circuitous way. Access to clinical databases from physician offices, homes, ambulatory centers, etc., via private network technology or the public Internet, increases exponentially the ability of misguided professionals to abuse access privileges and for otherwise innocent observers to inspect private clinical data.

Network accessible clinical data also creates an opportunity for the criminal mind, those hackers who take pride in getting into seemingly secure networks to change or destroy data. I was at a baseball game with a pediatric hospital Chief Information Officer a few years ago when he was paged urgently. A hacker had successfully broken into the hospital clinical data network and attacked the laboratory database. The system had to be shut down and rebuilt. No clinical data was lost (they used a real time mirror backup system) but the laboratory system, with its sophisticated pediatric clinical rules, was not available for use by clinicians for a day. Law enforcement was called in, advanced electronic traps were set, and the hacker never returned.

So, you ask, what is the real security threat? Generally there are three key threats to computerized patient clinical information:

  1. Information used en masse to discriminate against whole groups of citizens (i.e. an insurance company accesses clinical data to infer trends and build discriminatory practices against groups of patients). Discrimination through the use of claims and audit data, is an accepted practice in the insurance business. The Health Insurance Portability and Accountability Act was designed, in part, to reduce this potential. Data also may be attained through other means, such as illegal access or unauthorized release. Significant discussion surrounds this threat, but it is not a large scale problem at this time.
     
  2. Intentional or, at least initially, inadvertent misuse of individual-specific data - HIV information, drug addiction, cancer prognosis. There are generally clear laws to protect the privacy of this individual data. However, by the time the protection of the law takes effect, the damage has been done. The job has been lost, the promotion or health insurance application has been denied. Legal recourse must be invoked, and hopefully the individual who released the data and those who encouraged the release or used the data are heavily sanctioned. This is a real problem today, and a public policy concern.
     
  3. Intentional attainment, manipulation and/or destruction of non-personal clinical data, through either authorized or unauthorized network access. A criminal act, one which occupies part of every health information network administrator's day (or should). This battle, like the war on crime in general, is fought daily through education, technology prevention, and criminal prosecution efforts.

You, as healthcare leaders, can proactively reduce the threat to computerized patient data. The commitment to implement computerized clinical data, electronic medical records, and health information systems must by design include a commitment to comprehensive security measures, not only initially, but on an ongoing basis. The capital and human resources must be available to effect clinical data security. Data privacy, access and release policies, procedures and controls must be in place. Violation consequences must be defined and enforced. Professionals who have access to clinical data must be educated about unintentional abuse, consequences of boasting statements, and criminals who may try to use them to gain access. Other technology tips include:

  • When you are putting clinical data over the public Internet, or over a private Intranet or network, you must fund the technology to protect it - access control firewalls, data encoding and encryption, specialized security software, advanced personal identification mechanisms.
     
  • When storing large clinical databases, invest in database lock-down and access prevention technologies, screen personnel heavily for access rights, and make sure you have policies and procedures in place relative to data release.
     
  • Secure all clinical access with the most advanced security you can afford. Go beyond password control, use sophisticated rights to data software (to stop the perusing looker), location controls, access logging and review, automatic log offs, biometric identification technologies (ATMs are now using retinal scanning to replace PINs and cards).

My bottom line? Fund protections...or do not computerize patient data. That is our obligation to each other as citizens, as well as our duty as healthcare professionals.


Joseph M. DeLuca is a frequent national commentator on health care public policy and information system issues. Email: info@hciv.com.

Reprinted with the permission of the Society of Professionals in Health Care.

^ top of page

 

© 1998-2008 Information Technology Optimizers