Modernizing health records and delivery means building a trustworthy digital network.
By Harriet P. Pearson, chief privacy officer, IBM
Privacy is a key concern for many Americans as this country moves to modernize its health care system with electronic health records. As we spend billions of dollars to go digital, are we putting privacy and security safeguards in place to build public trust?
New federal guidelines, defining the “meaningful use” of electronic health records, will place a priority on the ability to exchange data, not merely collect it, so that medical professionals can quickly share crucial information to deliver better patient care. Doctors and hospitals will have to comply with these guidelines in order to qualify for federal stimulus dollars.
Without trust in the security and privacy of the electronic networks, however, the vital exchange of information and the ambitious federal goal of electronic health records for all Americans by 2014 will be stymied.
Concrete policies to protect privacy can build the trust needed to reap two main benefits that justify the dollars being spent: improved care and reduced administrative costs. Complying with HIPAA regulations is a must, of course, but it’s not a complete strategy. And while federal and California laws require patient notification whenever a breach of records occurs, these laws may have a chilling effect by increasing patient fears of security breaches.
Digital records: More than bills
The first step in building trust requires a shift in focus from bill payment to patient care. Digital records are already widely used to pay doctors and insurers.
Now, electronic records systems need to be designed so that patient care is a priority. In this way, doctors, hospitals, insurers and others would function as stewards, protecting the confidential information in their custody while at the same time having complete views of patient records.
Something as simple as protecting passwords can enhance security. A chain of hospitals in the U.S. found that carelessness with passwords, such as sticking Post-it notes onto computers, created a security risk. Nurses and doctors now use their own unique password to sign-in once to access records in a variety of databases, saving time and improving security.
Transparency is the second building block in building a smarter health care system. Patients must have access to their own medical information. Right of access is part of current law, and can be a challenge because medical information is complex. But transparency instills public trust and is also a catalyst for better communication between patient and doctor, another boon to better care. Records need to be both accessible and secure.
Committing adequate resources to security and privacy is a third essential step. In a recent study of hospitals and health care systems by the Healthcare Information and Management Systems Society, less than half of the organizations surveyed have IT security officers. Sixty percent report spending only three percent of their IT budgets on security. The financial industry, in contrast, spends an average of ten percent.
Privacy protections need to be built into an electronic network from the outset, through policy decisions by hospitals and doctors. These policies need to be backed up with employee training and commitment to patient privacy. And everyone in this healthcare chain has to be on board: Doctors, hospitals, insurers and others with responsibility for maintaining patient records need to monitor who has access, and when, and verify that anyone accessing the network actually has the right to.
Advanced technologies, such as encryption, can also offer protection when built into networks, and allow a researcher to analyze data without seeing any confidential information.
Lessons from abroad?
Denmark is recognized as a model of high-quality health care, low administrative costs and reduced clinical errors, achieved with the help of technology. Danes have secure online access to their doctors, and both patients and doctors have instant access to medical records.
Only when we build public trust in electronic health networks will we succeed in improving patient care and reducing costs, both of which our health care system needs and deserves.
Pearson, an attorney, is security counsel and chief privacy officer for IBM Corp.