1 / 23

Medical record privacy and security

Internet Web Systems II- Spring 2010 Vinay Veeramachaneni. Medical record privacy and security. Overview. EMR/EHR (United States) Why EMR/EHR ? What is Privacy and Security ? The Law Example Scenarios How to Protect? Existing Systems Conclusion. Human Factor.

astra
Download Presentation

Medical record privacy and security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Web Systems II- Spring 2010 VinayVeeramachaneni Medical record privacy and security

  2. Overview • EMR/EHR (United States) • Why EMR/EHR? • What is Privacy and Security? • The Law • Example Scenarios • How to Protect? • Existing Systems • Conclusion

  3. Human Factor • Medical and health records maintained on paper. • Records were send by fax, mail or asked by phone. • Possibility of error is most likely by human. • Point-of-Care is hard to regulate.

  4. Role of Technology • Availability of faster Internet and bandwidth • Low cost of hardware • Low cost of storage • Storage at multiple locations/mirrors to recover from failure • Software providing enhanced authentication

  5. EMR/EHR Objective • Digitalize and maintain patient medical records. • Electronically maintain and update health records. • Invest about $20 billion to improve health care (Stimulus package). • Eliminate Health disparities.

  6. Why EMR/EHR ?(1) • Lower health care costs • Reduce medical errors • Improve point-of-care • Improve access to data • Improve quality of health care • Enhance the use of EMR by providers and hospitals.

  7. What is Privacy and Security? • Ability to keep information about themselves private or reveal to a selected individual. • Protect an individual’s trust. • Confide with trusted individuals. • Security is preventing any unauthorized access to personal information. • Store in a reliable location. • Prevent any illegal use of information.

  8. Circle of Trust Patient

  9. Causes and Effects of Insecure Medical Records hacking Outsourcing Re-route prescription drugs Ransom Information breach SelltoPharmaceuticalcompanies Possibility of illegal use -Loss of privacy -Loss of employment -Loss of insurance -Improper treatment -Reluctant to medical care -Social discrimination Sell to researchers Social Web Societies Household members Poor handling by medical professionals Employers Related places

  10. Poor handling • Losing records • Discussing in public areas including social web. • Bribery • Miscommunication • Poor analysis • Use of data without consent

  11. Medical Social Networking • Used for peer-to-peer communication • Used to connect members with various physical and mental ailments • Impact on the drugs physicians prescribe (Stanford Business School) • E.g.: PatientsLikeMe, SoberCircle, Doc2Doc, Healtheva, SurgyTec,…… • Educational purpose. • Discussing related cases and cure.

  12. Example Scenarios • Hackers hold Virginia medical records for ransom (Washington post, May 4 2009). Hackers threatened the state government that they will sell the medical records of 8 million patients and prescription drug monitoring records, unless the government pays a $10 million ransom. • One outsourced medical transcriptionist threatened to post patient medical records online.

  13. Example Scenarios • Private medical records for sale: Patients’ files outsourced for computer input end up in black market. (www.dailymail.co.uk 18th Oct 2009) • Confidential medical records of patients of Britain’s Hospital were illegally sold in the black market in this case to under cover federal agents.

  14. Example Scenarios(2) • Medics tweeting and posting data in social Websites. • An insurance agent found out the abortion of his niece and told her parents. • An employer illegally accessed the medical record of the employee’s HIV status.

  15. The Law • HITECH Act – Health Information Technology for Economic and Clinical Health Act, 2009. • “Meaningful Use” of EHR and set of standards. • HIPAA act, 1996 – Health Insurance Portability and Accountability Act • American Recovery and Reinvestment Act.

  16. How to Protect? • Fair practice • Patient and professionals’ training • Prevent mishandling of data • Optimize the information • Provide better authentication • Securing the facilities (Hospitals and Healthcare Institutions) • Limit use of social networking, not to discuss about patients • Provide standards and responsibilities

  17. How to Protect? • Do not enter personal data • Identify theft • Red flag any misuse • Penalties • Report any illegal activity • Report Phishing Websites • Business treaties that provide data protection.

  18. Security (11)(North Carolina State University) • Study on Certification Commission for Health Information Technology (CCHIT)- US HER certification organization. • OpenEMR software • Static Analysis summary of 1210 alerts • Vulnerabilities like Cross-site scripting, nonexistent access control, path manipulation, error information leak.

  19. Study of Errors (OpenEMR) Cross-site Scripting Error Message Information Leak

  20. Existing Systems • Shibboleth (Johns Hopkins) • Verisign • eClinicalWorks EMR (Tufts Medical) • E-MDs • www.omniMD.com • Dr.I-Net

  21. Business Intelligence • Cost Savings • Improved Margins • Improved Patient Satisfaction • Better care • (Research by Microsoft) • (Nemours-Pediatric Health System)

  22. Conclusion • Privacy is always an ongoing debate also with personal identity and financial data. • Digitalizing medical data became a law in United States and also implemented globally. • Just as any financial organizations, hospitals also must provide enhanced authentication.

  23. Sources • http://www.omnimd.com • http://whereismydata.wordpress.com/2008/09/24/exapmles-of-misuse-of-medical-records--where-is-my-data/ • http://en.wikipedia.org • http://www.doseofdigital.com/healthcare-pharma-social-media-wiki/ • http://www.gsb.stanford.edu/news/research/mktg_nair_drugs.shtml • http://www.krollfraudsolutions.com/pdf/2010_Kroll-HIMSS_Study_FINAL.pdf • www.hhs.gov • http://www.netreach.net/~wmanning/privacy.htm • http://www.data-storage-today.com/story.xhtml?story_id=13100CRGCVD5&full_skip=1 • http://www.healthcareitnews.com/news/officials-outline-criteria-meaningful-use • Towards Improving Security criteria for certification of HER system

More Related