Dr. Barry P. Chaiken
Health Care Chronicles: Privacy - not just another word
February 05, 2011
This report originally appeared in the February 2011 issue of DOTmed Business News
By. Dr. Barry P. Chaiken
Virtues of digitization
Throughout our industry experts promote the virtues of electronic medical records, and the easy exchange of digital data to assist in providing patient care. According to many of these experts, the elimination of paper records brings improved quality of care, enhanced patient safety, and saves billions of health care dollars. Considering the $2 trillion size of the health care industry, many companies see huge business opportunities in collecting and managing electronic patient data.
As health care organizations move forward with deploying electronic medical records, they continue to struggle with the appropriate governance structure necessary to manage the access and handling of patient information. In other words, no widely accepted, clear standards exist to guide organizations on who can access patient information, how they secure permission for access and what can be done with the information.
Focus on processes and workflows
Although the Health Information Technology for Economic and Clinical Health Act tightened protection of patient data, organizations continue to struggle with the proper processes and workflows that allow reasonable access to the information by clinicians while protecting the confidentiality of the information.
Privacy of medical records is not a new problem brought on by information technology. Even with paper records, unauthorized access to patient information frequently occurred. During my clinical training, patient records were readily available at the nurses’ station on each ward. Anyone working in the hospital could easily walk up to the chart stand, pull a record and read whatever they wanted. On occasion, an attending would walk off with a chart requiring a frantic search by the ward clerk. Over time, procedures were put in place to offer better control of access. Even with these changes, the record was never fully kept private. In addition, with paper records there is no easy way to record who accesses a record and what information is reviewed.
Electronic patient data may present a challenge to maintaining privacy of patient records, but the fundamental principles remain the same. Ensuring privacy of medical records requires access to a patient’s record be restricted to those individuals that need access to provide appropriate care to the patient.
With digitization comes the ability to easily copy, transfer, and access large amounts of information cheaply, which makes privacy difficult. In contrast, digitization provides the ability to restrict access to only those with valid need for access, definitively track who accesses a record and record what information is reviewed.
Facilitate technology use
Successful workflows incorporating information technology to facilitate patient care while protecting patient privacy also leverage technologies encouraging the frequent, consistent, and efficient use of workflow. These technologies include those that make access to health information technology tools easy and efficient such as biometric user authentication, single sign-on, and roaming virtual desktops.
Benefits to data exchange
Facilitating the exchange of patient information among providers works to improve quality and safety of patient care and reduce costs. Although it is true that we have not yet achieved anywhere near the benefits we envision from this exchange, brilliant and dedicated informaticists, clinicians, and process engineers are working on the problems and achieving incremental improvements.
With all of the benefits offered by electronic patient data comes the risk of inappropriate and exploitive use. The privacy rules developed from the HITECH legislation must protect patients from unwanted marketing of products and services targeting brought about from their own medical data. In addition, severe financial and criminal penalties must be established and levied for the violation of the privacy of patient data to encourage payers, providers, benefits managers, and other commercial entities to protect and properly use patient data. Only with strictly enforced privacy rules can health care information technology provide the quality, safety, and costs benefits expected from its deployment.
Dr. Barry P. Chaiken is the chief medical officer of Imprivata, a provider of an authentication and access management solution for simplifying password management and securing user access to patient health information.
By. Dr. Barry P. Chaiken
Virtues of digitization
Throughout our industry experts promote the virtues of electronic medical records, and the easy exchange of digital data to assist in providing patient care. According to many of these experts, the elimination of paper records brings improved quality of care, enhanced patient safety, and saves billions of health care dollars. Considering the $2 trillion size of the health care industry, many companies see huge business opportunities in collecting and managing electronic patient data.
As health care organizations move forward with deploying electronic medical records, they continue to struggle with the appropriate governance structure necessary to manage the access and handling of patient information. In other words, no widely accepted, clear standards exist to guide organizations on who can access patient information, how they secure permission for access and what can be done with the information.
Focus on processes and workflows
Although the Health Information Technology for Economic and Clinical Health Act tightened protection of patient data, organizations continue to struggle with the proper processes and workflows that allow reasonable access to the information by clinicians while protecting the confidentiality of the information.
Privacy of medical records is not a new problem brought on by information technology. Even with paper records, unauthorized access to patient information frequently occurred. During my clinical training, patient records were readily available at the nurses’ station on each ward. Anyone working in the hospital could easily walk up to the chart stand, pull a record and read whatever they wanted. On occasion, an attending would walk off with a chart requiring a frantic search by the ward clerk. Over time, procedures were put in place to offer better control of access. Even with these changes, the record was never fully kept private. In addition, with paper records there is no easy way to record who accesses a record and what information is reviewed.
Electronic patient data may present a challenge to maintaining privacy of patient records, but the fundamental principles remain the same. Ensuring privacy of medical records requires access to a patient’s record be restricted to those individuals that need access to provide appropriate care to the patient.
With digitization comes the ability to easily copy, transfer, and access large amounts of information cheaply, which makes privacy difficult. In contrast, digitization provides the ability to restrict access to only those with valid need for access, definitively track who accesses a record and record what information is reviewed.
Facilitate technology use
Successful workflows incorporating information technology to facilitate patient care while protecting patient privacy also leverage technologies encouraging the frequent, consistent, and efficient use of workflow. These technologies include those that make access to health information technology tools easy and efficient such as biometric user authentication, single sign-on, and roaming virtual desktops.
Benefits to data exchange
Facilitating the exchange of patient information among providers works to improve quality and safety of patient care and reduce costs. Although it is true that we have not yet achieved anywhere near the benefits we envision from this exchange, brilliant and dedicated informaticists, clinicians, and process engineers are working on the problems and achieving incremental improvements.
With all of the benefits offered by electronic patient data comes the risk of inappropriate and exploitive use. The privacy rules developed from the HITECH legislation must protect patients from unwanted marketing of products and services targeting brought about from their own medical data. In addition, severe financial and criminal penalties must be established and levied for the violation of the privacy of patient data to encourage payers, providers, benefits managers, and other commercial entities to protect and properly use patient data. Only with strictly enforced privacy rules can health care information technology provide the quality, safety, and costs benefits expected from its deployment.
Dr. Barry P. Chaiken is the chief medical officer of Imprivata, a provider of an authentication and access management solution for simplifying password management and securing user access to patient health information.