On Sunday, the Boston Globe printed a portion of a letter to the editor I sent in regards to one of the paper's articles. The opinion discussed the mandating of electronic health records and the importance of security for such records. Below is the complete letter.
One of the hot-button issues facing the country today is healthcare reform. President Obama has identified widespread electronic medical records as a major benchmark towards achieving the goal of affordable health coverage for all. Scott Kirsner did an excellent job describing some of the technologies Massachusetts companies are creating that will make universal electronic health records possible in his article State helping to shape US efforts to digitize health records for all.
The article neglected to examine the network security concerns of such a system. One may say “Moving medical records online will mean less privacy for everybody.” In reality less privacy is not an issue if proper security is in place. Therefore, moving medical records to electronic storage will increase the need to secure networks. The truth is that records are no less secure when stored electronically, as long as the network is secure. In fact, there are gains in privacy. The biggest risk involved is that making all records electronic does allow a person to attempt to gather information remotely by compromising a network. As long as medical facilities deploy network security technologies and maintain them, this should not be a widespread problem.
With paper records, someone who wanted to steal medical information can be successful, but would need to get a hold of a physical copy of the record. This means that an attacker would need to take a risk and go to the location of the records storage. Paper records also pose a risk to patient privacy as medical staff bring records home with them so they can work outside of the hospital. Recently, an employee at a Boston hospital accidently left records on the “T”. If the records were accessible electronically through a secure network connection, this wouldn't have happened.
Electronic medical record keeping also provides for a more secure data backup process. Hospitals using electronic records will need redundant hard drives, servers, data storage and other important infrastructure to ensure medical information is never lost. With all those backups, many fear that it will be easier to gain unauthorized access to patient information. In actuality, the electronic backups will be easier to secure than the current system of paper charts. Currently paper records are sent to storage vendors and the vendor's employees have access to the information in clear text.
The best security that you can provide without destroying the information is to send the charts in a locked receptacle. In an electronic system, data can be encrypted and stored at vendors' facilities without fear that the vendor will be able to read the data. This adds to the locked receptacle, because you can lock storage medium in a case, then if that case is compromised, you also have the data in an illegible form. You can also deploy hashing functions to ensure that no data is tampered with. To address one of the biggest fears, properly deployed medical networks will not send information in a manner that is easy for someone to simply capture. With electronic medical records, you will need to make sure that there is no path for the records to be sent over the open Internet. Instead records should be sent over secured VPN networks specifically designed to protect this information.
Nobody should have access to the network that does not need access. Congress has already acted to ensure that this guideline is followed, through the HIPAA and HITECH acts. However, these acts stop short of dictating the security standards and focus on the penalty for if a record is compromised. Creating an electronic medical records system will benefit the healthcare system in America in many ways, including increasing the security of medical records However, if the country is to move towards mandating electronic medical records, then congress should create additional acts creating security standards.
You Can Learn More About the Astaro Internet Security Product Line By Going to www.FirewallShop.com/Astaro.
The original article/video can be found at A Conversation on "Health Information Technology"