Wednesday, 7 February 2007

Informational Governance and EHR

Most of the national EHR implementations seem to be plauged with issues concering the security of the data. Though it has been realised long back that Privacy and security are of utmost importance in the design of the EHR infrastructure enough attention has not been given by the policy makers involved in the deployment of EHR in their respective countries towards this.

A Canadian poll result indicated that the two most biggest concerns of the patients in the deployment of EHR in their country are
  • Confidentiality and Privacy - 54%
  • Safety of information - 31%

The key IG principles that need to be considered for building EHR are

  • Restriction of access of the EHR to clinicians who currently have a duty of care for the individual concerned-The biggest issue with this principle is the decision to consider whetehr we restrict access to individual clinicans or group of cincians who are responsible for the care of the patient. It is a known fact that clinicans rarely work in silos expecially in acute settings.
  • It should be possible to assign personally requested special levels of confidentiality to specific health information held in the EHR- Most people assume a simple Role Based Accesss is the solution for this but the key to this principle is associating multiple business activites with a role and linking thse activities to users of that role.

  • EHR availability should be restricted within the organizational boundary within which it is created, except with patient consent -The issue with consent is the issues associated with explicit and implict consent and should the clinicans be able to override the dissent in case of emergenices.

  • Operational staff (administrative and IT) should only have access to the minimum information required to perform their task-It is a well known fact more than outsiders it is insiders and more prominently operational staff who leak clinical data. But the issue is what level of data is minimal data ; how will the issues related to data inconsistency be resolved without operational staff looking at the data.
  • All EHRs should have an automated and tamper-proof audit trail including a logof access which should be available to the patient.-Tamper proof audit trial should not be just a simple database log but much more secure than that for example we can considerr triggering alerts to responsible clinicans when patients sensitive data is viewed which shoud help mitigate this problem to a extent.

  • The physical machinery storing the EHR should be protected -Proper Resilience and Disaster Recovery controls are key to this; a crucial factor is the amount of time taken to failover which is not a factor for secuirty but key factor for patient safety.

1 comment:

  1. Personally, I think the concerns over HC data privacy are to a large extent based on paranoia, ignorance, and hysteria. When you agree to become a patient, you agree to rely on the clinician's judgement as to how to organise your care. The sharing of information between clinicians, nurses, pharmacists, lab techs, etc. is common and usually necessary for good care. The information systems in use and being deployed are far more secure than the paper-based systems they are augmenting. The actual number of instances of patient-identifiable data held in information systems being exposed to those outside the care process for that patient is tiny. This exaggerated concern over security is largely a very expensive solution in search of a problem. To delay the deployment of systems because of this largely non-existent problem is foolish.