Privacy and Security Issues in the Health Industry

Like all enterprises, today's healthcare organizations have much to gain from the benefits of Internet-enabled communications. In an effort to function more efficiently and to improve clinical outcomes, healthcare organizations are looking at IT to streamline business tasks, enhance information sharing through the Web, use e-mail to communicate with labs and patients, and automate processes with suppliers. As a result, many companies are bringing Information Technology solutions to the healthcare industry by developing Electronic Health Record Systems (EHRS). Prescient International has developed the optimum solution meeting all the requirements of today for tomorrow.

The benefits of an EHRS are numerous; electronic patient information can be sifted within microseconds and decisions based on this information can be made instantly, potentially saving lives in the precious seconds when life hangs in the balance. Authorized physicians who access a system with a patient's entire medical history means patients who relocate, or who can no longer see their regular physician, are not forced to retell their history, possibly leaving out crucial information. Efficiencies are maximized when test results are not only delivered to the medical office immediately, but the results can be incorporated in a patient's chart and the physician is instantaneously alerted to potential situations. Electronic systems offer physicians the freedom to access their patient information from anywhere, thereby maximizing efficiencies in the delivery of health care.

A Case for Public Concern

But, consider for a moment, if your physician can access your sensitive, personal information, who else can? Individuals and agencies will go to great lengths to acquire information by any means possible: insurance agencies may purchase information to determine high risk clients, marketing companies may purchase information to better target their markets, pharmaceutical companies may purchase information to determine the prescribing habits of physicians so they can market to those segments, even potential employers may purchase information to weed out high risk employees. Not only is there a concern these third parties are likely to deceptively acquire sensitive, personal information, but also those persons responsible for the administration and maintenance of Electronic Health Record Systems, such as System and Database Administrators, have access to this information by default.

The solution requires not only secure access to information by those authorized, but also a guarantee that those handling the information do not, by default, gain access to personal information.

According to the Health Insurance Portability and Accountability Act, (HIPAA) who is mandating the American Healthcare Industry to comply with rules to ensure the complete confidentiality of patient information, a solution for secure Electronic Health Record Systems must address the following:

Privacy: defines who is authorized to access information and includes the right of individuals to keep information about themselves from being disclosed.
Security: is the ability to control access and protect information from accidental or intentional disclosure to unauthorized persons and from alteration, destruction or loss.

The Solution: The Electronic Health Management System (EHMS™)

Organizations may have security solutions in place, but what does "Security" actually mean? Does it mean a username and password allows only authorized persons to access sensitive information? But what about those that directly work with the development and maintenance of the system? Does their solution ensure airtight security of the data in the database? What about when it is transmitted across networks? Does their security entail the implementation of Public Key Infrastructure (PKI)? Then why are major organizations stepping away from developing solutions that use PKI because of the potential risk of loss of keys?

The required electronic health record solution will require complete patient and physician confidentiality from when the patient first consents their physician to create an electronic health record to the storage and retrieval of the information, to the secure transmission of that information, protecting it in the event of interception by unauthorized parties.

The Electronic Health Management System (EHMS™), is built on Prescient's Security (e²Sec™) and Privacy (ERDM™) solutions to ensure complete security, privacy and confidentiality of patient and physician information.

With the EHMS™ the physician is required to assign rights and privileges to staff members based on their role. Each member of the staff can then only access those parts of the medical record that are relevant to them. The information is stored in the database using Prescient's revolutionary Encrypted Relational Database Model (ERDM™) and information is transmitted securely over public networks using Prescient's encryption technology, e²Sec™.

Understand Your Rights

The best way to ensure the privacy of your information is to know your rights, and understand that there are varying degrees of security and privacy solutions. Prescient is happy to provide the following links on Internet privacy and current privacy legislations in Ontario, Canada and the United States.