The idea of Electronic Medical Records (EMR) or Electronic Health Records (EHR) started 40 years ago and has been gaining wide acceptance over the last few years. And with the Obama administration set to convert every American’s medical file into EMR by the year 2014, they have received further impetus. The benefits of EMR are promising – easy and speedy check of patient records, minimal risk of errors in drug interaction, cost saving benefits, are some. Most importantly patient care is smoother with all records being available at one click.
But the system is far from flawless and the kinks are too serious to be ignored. The most important flaw is the hazard to patient security and privacy. Doctors, nurses, technicians, billing clerks, providers – a patient’s medical records pass many hands; the possibilities of leaks too are many. While paper records too are exposed to the same risks, the compactness of EMR and the ease with which they can be transferred make them more susceptible. For instance, in 2003, a medical transcriptionist in Pakistan who was hired by the University of California San Francisco’s Medical Centre threatened to post all patient information on the Internet because of a payment issue. Fortunately, the dispute was resolved and no harm was done. In Canada in 2007, hackers accessed medical information on HIV and hepatitis from a health agency computer. In 2008 in the US, Blue Cross and Blue Shield of Louisiana reported a breach of personal data like Social Security numbers, phone numbers and addresses of about 1,700 brokers when the data was accidentally attached to a general email.
In a world where digital enrichment is taking over almost all parts of our lives, a complete conversion to EMRs is a distinct possibility in the future. The whole ideology behind EMRs is to make it easy to share information when required for patient benefit. At the same time, sensitive medical records in the wrong hands can spell catastrophe for the patient. EMRs would be in constant danger of misuse by marketers, identity thieves, insurance companies and others who would be willing to pay big bucks to come in possession of these records. What is required is a support system that will preserve and enhance the benefits and mitigate the perils and drawbacks.
“Perimter Centric” technologies for securing EMRs would not be useful because the information will, in all cases, travel across network boundaries. Information Rights Management (IRM) systems like Seclore FileSecure are potential solutions where information usage can be controlled without putting barriers to collaboration.
But the system is far from flawless and the kinks are too serious to be ignored. The most important flaw is the hazard to patient security and privacy. Doctors, nurses, technicians, billing clerks, providers – a patient’s medical records pass many hands; the possibilities of leaks too are many. While paper records too are exposed to the same risks, the compactness of EMR and the ease with which they can be transferred make them more susceptible. For instance, in 2003, a medical transcriptionist in Pakistan who was hired by the University of California San Francisco’s Medical Centre threatened to post all patient information on the Internet because of a payment issue. Fortunately, the dispute was resolved and no harm was done. In Canada in 2007, hackers accessed medical information on HIV and hepatitis from a health agency computer. In 2008 in the US, Blue Cross and Blue Shield of Louisiana reported a breach of personal data like Social Security numbers, phone numbers and addresses of about 1,700 brokers when the data was accidentally attached to a general email.
In a world where digital enrichment is taking over almost all parts of our lives, a complete conversion to EMRs is a distinct possibility in the future. The whole ideology behind EMRs is to make it easy to share information when required for patient benefit. At the same time, sensitive medical records in the wrong hands can spell catastrophe for the patient. EMRs would be in constant danger of misuse by marketers, identity thieves, insurance companies and others who would be willing to pay big bucks to come in possession of these records. What is required is a support system that will preserve and enhance the benefits and mitigate the perils and drawbacks.
“Perimter Centric” technologies for securing EMRs would not be useful because the information will, in all cases, travel across network boundaries. Information Rights Management (IRM) systems like Seclore FileSecure are potential solutions where information usage can be controlled without putting barriers to collaboration.
Posts
4 comments:
Nice and informative piece. How relevant it is in Indian preservative?
Hi Akhilesh .. It is very relevant from an Indian perspective .. the privacy aspect is the same across countries. The regulatory framework around privacy is obviously more evolved in countries like USA. This highlights the need to take action but the issues are common.
Microsoft itself provides IRM, then why buy a third party product ??
Hi "Anonymous" .. there are a lot of reasons to buy "third party" products. For example Microsoft's rights management technology provides only MS Office support, for others (PDF, text, images, design drawings, ... ) you need to buy other "third party products" .. also the microsoft solution provides authentication only from AD so for other identity stores you again need other products .. we could go on and on about this but I guess you get the point :-)
Post a Comment