Cloud-Based EHR Systems Are Secure. It's The Law.
Published on 20 June 15
John
0
When it comes to hot-button topics, you need to look hard to find one that tops a patient's medical record confidentiality. People tend to get a little concerned and protective when it comes to who is seeing their health information and history, and rightly so.
It probably doesn't help that electronic medical records are now the norm, and yet every once in a while there's an unsettling story in the news about hackers breaking into confidential personal records; even the IRS isn't safe and you'd think that if any organization would be a total Fort Knox of data, it would be the tax people!
According to "Easing Patient Security Fears About Electronic Medical Records", the Health Insurance Portability and Accountability Act (HIPAA) became law, and all patient records have to be stored in a digital format for greater protection and accessibility. So, like it or not, fears regarding cloud vulnerability notwithstanding, Electronic Health Records (or EHR for short) are here to stay.
The Origins Of EHR
The genesis of Electronic Health Records can be traced back to the aforementioned HIPPA, which became law in 1996 during the Clinton Administration. Title II of the Act specifically outlined the establishment of national standards for electronic transactions, as well as identifiers for health plans, providers, and employers.
In 2004, President George Bush, in an effort to help improve care and lower costs, created an initiative to have Electronic Health Records available for most Americans within ten years. In early 2009, President Obama emphasized the need for EHR, citing cost savings, better privacy protection, reduce errors, and save jobs. In February of that year, the HITECH Act is made law.
In March of 2010, President Obama signed the Patient Protection & Affordable Care Act, which made the HITECH Act stronger and giving "Meaningful Use" by 2014. Many items in the ACA rely on heavy use of electronic medical records.
In 2004, President George Bush, in an effort to help improve care and lower costs, created an initiative to have Electronic Health Records available for most Americans within ten years. In early 2009, President Obama emphasized the need for EHR, citing cost savings, better privacy protection, reduce errors, and save jobs. In February of that year, the HITECH Act is made law.
In March of 2010, President Obama signed the Patient Protection & Affordable Care Act, which made the HITECH Act stronger and giving "Meaningful Use" by 2014. Many items in the ACA rely on heavy use of electronic medical records.
What Exactly Does An EHR Entail?
Electronic Health Records are the digital version of a patient's medical history, immunizations, allergies, lab results, radiology images, etc. The purpose of an EHR is to give doctors and other health care professionals instant and secure access to a patient's records, in an effort to help reduce errors, and make collaborations between disparate organizations and physicians go much smoother.
Security Concerns
Let's get back to the issue of information security and confidentiality. There are two main issues regarding the privacy of a patient's medical records.
First of all, there's the issue of trust. High-profile data theft incidents don't engender feelings of confidence in people, so naturally, when it comes to their utmost private information drifting around in the cloud, there's some trust issues there.
Unfortunately, this lack of trust makes people put off seeking medical help, sometimes at the expense of their lives. For instance, the HHS has determined that at least 150,000 veterans suffering from PTSD haven't sought treatment due to concerns about privacy.
The second issue is one of control. Who controls a patient's medical data, who decides who can see it, or how it can be used? A patient in the hospital usually feels helpless enough already, without adding the realization that the extent of their control over their own medical records hasn't been clearly delineated. If a patient has no idea who can call up their medical records and what they can do with them, then said patient feels even more helpless, which doesn't engender feelings of goodwill.
First of all, there's the issue of trust. High-profile data theft incidents don't engender feelings of confidence in people, so naturally, when it comes to their utmost private information drifting around in the cloud, there's some trust issues there.
Unfortunately, this lack of trust makes people put off seeking medical help, sometimes at the expense of their lives. For instance, the HHS has determined that at least 150,000 veterans suffering from PTSD haven't sought treatment due to concerns about privacy.
The second issue is one of control. Who controls a patient's medical data, who decides who can see it, or how it can be used? A patient in the hospital usually feels helpless enough already, without adding the realization that the extent of their control over their own medical records hasn't been clearly delineated. If a patient has no idea who can call up their medical records and what they can do with them, then said patient feels even more helpless, which doesn't engender feelings of goodwill.
What Can Be Done?
In terms of trust, there needs to be a comprehensive health information privacy Bill of Rights that spells out once and for all what rights a patient has in terms of the collecting, storage, sharing, and disposition of their electronic medical records. Having these rights and privileges presented in a clear, easily accessible manner will help educate consumers and remove one of the obstacles to trusting the medical community.
Secondly, in terms of cloud security, once again communication and teaching is the answer. The HIPAA actually requires extra layers of security to be added to EHR information, including password protection and encryption, something which not many people are even aware of.
So, we see that a lot of problems can be solved by practicing clear communication and making sure that patients and consumers understand what rights they have and what measures are in place to keep them safe. There are already too many excuses out there for people not to see their doctors when something is wrong; let's not make a lack of trust in today's data storage technology another one of them.
For more information about cloud security concerns, check out "7 Steps to Overcome Cloud Storage Security Concerns."
Secondly, in terms of cloud security, once again communication and teaching is the answer. The HIPAA actually requires extra layers of security to be added to EHR information, including password protection and encryption, something which not many people are even aware of.
So, we see that a lot of problems can be solved by practicing clear communication and making sure that patients and consumers understand what rights they have and what measures are in place to keep them safe. There are already too many excuses out there for people not to see their doctors when something is wrong; let's not make a lack of trust in today's data storage technology another one of them.
For more information about cloud security concerns, check out "7 Steps to Overcome Cloud Storage Security Concerns."
This blog is listed under
Data & Information Management
Community
Related Posts:
Post a Comment
