April 03, 2012

Privacy and Security in an EMR Based Practice

Anyone who has implemented and used an EMR is aware of the terms Privacy and Security. However, what do they mean and how does one apply the concepts to the protection of personal patient data in the EMR-based practice? Privacy experts will describe privacy principles as enablers in the development of the right technology processes and software. While this is true if understood and applied in advance, privacy can also be a barrier to adoption, particularly if software was never designed with today’s privacy requirements in mind.

In 2005/2006, I was a member of a team of primary care physicians and specialists working on a primary care strategy for Vancouver Coastal Health. One of the strategies was the development of a Privacy Toolkit for the medical practice. Nigel Brown, Managing Consultant of the Security, Identity and Privacy Practice, IBM Global Technology Services, led the development of the toolkit and described privacy in the following ways:

Historical Definition — Physical Privacy: “the right to be left alone”
Modern Context — Information Privacy: “the right to have knowledge and control over information about you”

Information Privacy — Identifiable Information about an individual, including the following:

  • Factual information such as contact, health, financial, affiliations, etc.
  • Biological information: biometrics, blood type, DNA
  • Derived information: credit scores, etc.
  • Opinions: performance evaluations, etc.
  • Observations: shopping habits, etc.

Security is the ability to protect the confidentiality and integrity of information and computer resources using the acronym CIA:

  • Confidentiality: Allowing access only by authorized individuals.
  • Integrity: Ensuring that information is not altered or tampered with by unauthorized individuals.
  • Availability: Ensuring that information is available when needed.

Confidentiality is the process of ensuring that information is accessible only to authorized individuals.

A failure in either security or confidentiality can compromise privacy. However, privacy can also be compromised through the use or misuse of information by authorized individuals.

What can you do within your office to protect privacy? The following are a number of suggestions that apply to both paper-based and EHR-based practices:

  • Position computers in administrative areas so that staff conversations cannot be overheard from public areas.
  • Place computers, printers, and other devices in non-public areas and rooms that can be locked.
  • Limit the display of personal information in areas where patients wait or walk to examination rooms.
  • Establish policies that encourage discretion when discussing patient information, particularly if there is a possibility of being overheard by other patients, for example in check-in areas.

The issues of Privacy and Security are complex and require a common sense approach to correctly apply the right principles to specific situations. To assist you further, the BC Medical Association provides a very useful resource on privacy issues.

Apr 3, 2012 11:19:34 PM | E. Privacy Issues, F. Security Issues

March 07, 2012

Health Information Privacy — What Do Patients Think?

According to a February 2102 National Partnership for Women & Families survey conducted by Harris Interactive and highlighted through iHealthbeat, about 21% of patients whose physician primarily used a paper-based health record system said they would find it very valuable if their physician adopted an electronic medical record system, and about 52% said they would find it somewhat valuable. What was more interesting were patients’ perceptions regarding the privacy of their information, and the factors influencing trust or mistrust in their provider’s ability to protect the privacy of their health information.

What were the factors cited as supporting trust? According to the survey authors, these fell into three general categories and included the following feedback:

  • Relationship with doctor and staff: Practices with a good reputation that patients had attended for a long time; a professional demeanour; looking out for the best interests of patients; caring and good communication skills; honesty and integrity; and ethical practices.
  • Strong privacy and security policies: Security system and protocols that doctors have in place and follow; computer screens and personal records are kept in a secure, private area; records are password-protected; and limitations on the number of people with access to private records.
  • Compliance with the law and best practices: Discussion by doctors of their privacy disclosure policy and confidentiality forms; a requirement to obtain permission or a signature to release any personal information; and efficient, competent, and organized doctor and office staff.

The following factors — cited as inducing mistrust — included:

  • Lack of trustworthiness of doctor and staff: A lack of confidence in doctor or staff; history of inability to be trusted; a perception that the practice is more concerned with financial matters; age of a doctor (too young); inappropriate behaviour or relationships with patients; and poor knowledge of patients by staff or a lack of caring.
  • Poor office procedures: Patients not informed regarding the practice’s privacy disclosure policy or confidentiality processes; office staff gossip too much or speak too loudly; inefficient and incompetent practice; billing errors; inaccurate or incomplete documentation; poor follow-up or have not received test results; a prior loss of medical records; high staff turnover; and office technology out of date.
  • Weak or poor privacy and security: Too many people have access to records or know why a patient is visiting the doctor; small town settings in which everyone knows each other; and computer screens or personal records being left unattended or not kept in a secure private area.

The report is based on an August 2011 online survey of 1,961 U.S. adults, including 808 U.S. adults whose physician primarily uses a paper-based health record system. Click here to access the report.

Do these scenarios match your expectations and experiences in Canadian settings? Add your thoughts by clicking on the “Comments” link below.

Mar 7, 2012 12:57:43 PM | A. General Discussion, E. Privacy Issues, K. User Experiences, N. Impacting Patient Care

February 01, 2012

How Safe is Your Patient Data? The Password Conundrum

When using computers in healthcare, there is not much that seems more mundane (and irritating) than having to change your password on a regular basis. Government organizations and hospitals excel at requiring users to change their password every 42 days. Not sure why this particular number of days was selected — perhaps there is evidence that this is the safest timeframe. However, when one has to access multiple systems (EMR, Hospital system, Provincial EHR, Diagnostic systems) each with their own password renewal cycle, it can become a full-time job managing passwords. Add to that the need to never use the same password twice, plus the requirement for passwords to be of differing lengths and contain specific characters, and you have a formula for password perdition. Click here to read a very amusing (and unfortunately accurate) summary of the challenges of password management.

A number of years ago, I had the opportunity to work in a regional health authority as a member of the IMIT team. I met and spent time with a number of security and identity management specialists and was astounded at the complexity of identity management and how many different options exist to identify and authenticate users of computer systems. As a general rule of thumb, the more stringent the control, the more complex to use. The ideal option is to have high security with maximum ease of use. Unfortunately identity management often gets in the way of easy access to clinical data, particularly when there are multiple individuals using the same computer terminal.

In a medical practice, it is not uncommon to find a list of passwords on a sticky note attached to a computer for easy access by staff, particularly if needed to access clinical applications on the physician's behalf. The medical office is designed for maximum efficiency using whatever workarounds necessary to focus on the job at hand — namely, caring for patients.

Implementing a robust identity management program is a challenging change management exercise and one that is likely to be resisted for all the reasons provided above.

So, are there viable alternative options to passwords that are just as secure and do not require the dreaded 42-day password renewal? One option is to use a proximity card. This is an electronic wireless card that automatically athenticates a user when you are within a certain distance of a computer terminal. To read an earlier blog post on proximity cards, click here. However, proximity cards are not a perfect solution. They are costly and also are difficult to use if there are multiple proximity cards used within a practice. For a new user to login to a computer, the existing user has to move out of the critical proximity of the terminal to “log out” and the new user then can move into that zone to login. Efficiency is degraded because of the time lags in logging in and out. Another option is to use a thin client (such as an Oracle Sun Ray terminal). If the EMR is run on a remote server, the software can be accessed using a process called virtualization on these terminals. This probably does not mean much to readers, but how it works is that each user has a unique card. Upon entering the exam room, the card is plugged into the terminal and the same software session is immediately displayed as when removing the card from the previous terminal. This is fast and does not require multiple passwords or other factors to login or out. Not all EMRs can operate using Sun Rays; however, it is certainly a viable option. If you have an opportunity to see a Sun Ray based practice in action, I highly recommend you do so.

What are your experiences with passwords? Do you suffer from password fatigue. Do you have any suggestions for readers of this blog to help them with their identity and password management strategies? Add your thoughts by clicking on the “Comments” link below.

Feb 1, 2012 10:53:22 PM | A. General Discussion, E. Privacy Issues, F. Security Issues, Q. Thought Leadership

February 19, 2011

A Delicate Balance — Privacy | Access | Data Stewardship

Concerns about data privacy tend to wax and wane depending on the flavour of the moment. Budgetary cuts, funding announcements, missed EHR adoption targets, EMR adoption challenges, and the odd eHealth scandal thrown in for good measure all seem to create enough noise to push privacy into the back seat. However, this is usually temporary and privacy ‘the elephant in the room’ always seems to make its way back into the headlines in some form or another.

Protecting the privacy of personal health information is complex and challenging. If there were simple answers, there would be no debate and, more importantly, no need for debate. The truth being that there is more than one right answer to each question.

Last week, I was directed to an article in University Affairs (Cardwell - Exploring the glitches in the system) which described some of the work done by sociology professor Gary Genosko, holder of the Canada Research Chair in Technoculture at Lakehead University. Much of his work has focused on understanding the actions of individuals and small groups to subvert or disrupt mainstream information systems and infrastructures.

Cardwell states: “Dr. Genosko likens those ‘acts of sabotage’ to today’s WikiLeaks phenomenon and what he calls ‘the crumbling of the distinction between classified and declassified information’. They also tell us something ‘about how people react to technological innovation [and] how they transit to becoming part of the system’. To me that is interesting and highly relevant today because information technology is ubiquitous and is changing fundamentally the way we live.”

Cardwell also describes a fascinating example of state driven data collection that (although well intended), crossed the boundary of individual rights repeatedly through the collection of information on liquor sales in Ontario over a 50 year period. Dr. Genosko calls this concept “the informatics of subjugation,” and in his book Punched Drunk: Alcohol, Surveillance, and the LCBO, 1927-1975, "examines efforts to monitor and control alcohol consumption through an elaborate surveillance bureaucracy that gathered and shared personal data on thousands of individuals."

So, what lessons can we apply with respect to privacy and protection of personal information in the era of EHRs, EMRs, repositories, shared records, and inter-connected healthcare systems?

We sit at the interface between what used to be classified information protected by cardboard folders in locked record rooms and medical practices and the new world of web-based access to vast quantities of personal information that were not previously accessible.

How do we proceed and learn without making gargantuan errors that put untold numbers of personal records at risk? We do not know all the answers and there must be room for some level of experimentation or we risk getting it badly wrong. There is another facet that has been conveniently ignored by government in particular. That is the need to have informed and open debate about the issues at stake through consultation with the public, care providers, and health system administrators. There has been some discussion with the 'managers' but very little transparent debate with the public.

We have to get the fundamental principles right or we face both risk and the enormous financial and policy risks of mis-stepping.

For example, in January 2011 the Canadian Medical Association released a privacy policy document Principles for the Protection of Patients’ Personal Health Information. In the document, the CMA states, “Patients should be informed that the treating physician cannot control access and guarantee confidentiality for an electronic health record (EHR) system.” The policy goes on to state that “Implementation of an interoperable EHR requires a strict privacy framework, including an access audit ‘trail’ to safeguard against unauthorized access. Patients should be able to access this audit trail.”

If a doctor cannot safely control access and guarantee confidentiality of information in an electronic health record system used to deliver daily care, to quote a phrase, “something just aint right”.

What are your thoughts about privacy and the protection of personal health information? Add by clicking on the “Comments” link below.

Feb 19, 2011 12:25:18 PM | E. Privacy Issues

December 19, 2010

Health IT and EMR Predictions for 2015

In 2000, it appeared that EMRs were poised for rapid adoption in Canada. Countries such as the UK, Denmark and New Zealand had already solved many of the challenges associated with computing in primary care with EMRs widely adopted and used by general practitioners. Over the past 10 years, this number has grown progressively reaching close to 100% in all of these countries. With a great deal of international experience to draw from and committed national and provincial funding EMRs should have been widely adopted. But this has not been the case.

Without a national approach to data communication standards for EMRs, ePrescribing and referrals and consultations, big gaps have remained that hinder the adoption and use of EMRs. Complicated by provincial certification requirements, specialist needs with respect to EMRs, the geographic diversity of Canada and a lack of widespread reliable high-speed connectivity to support ASP-based EMR systems, we have continued to see adoption in fits and starts. A growing number of practices and networks have begun to derive significant value from their EMRs, an example of which is the Associate Medical Centre in Taber, Alberta (Listen to the Podcast with Mike Brand and Audrey Wiebe).

I would like to make 5 predictions for the period 2011 - 2015. Please feel free to add your thoughts or comments to this blog whether you agree or disagree, or perhaps would like to add a prediction of your own.

Prediction 1: Canada will solve the problems associated with referral and consultation between EMRs. There are sufficient users of EMRs to justify a concerted national effort to establish national approaches and standards in order for information to begin flowing between GPs and Specialists and also between EMRs and other clinical sites. Success will depend on a national strategy that is supported by all provinces such that EMR vendors do not have to develop different referral protocols for each province

Prediction 2: We will continue to struggle with ePrescribing through EMRs. The lack of national acceptance of electronic signatures coupled with the absence of a national body overseeing ePrescribing (such as Surescripts in the US) will continue to hamper the widespread adoption and use of ePrescribing and medication reconciliation information. Provincial programs will continue to fragment the use of ePrescribing as systems are designed to meet the requirements of provincial systems vs. all systems meeting a single national ePrescribing standard.

Prediction 3: Use of tablet computers and smart phones to access and interact with EMRs will become widespread. The development of special apps to access specific components of EMRs (e.g. lab results, patient contact information) will make the smart phone a standard tools in the physician's use of EMRs and will significantly increase the value proposition of EMRs.

Prediction 4: Physicians will struggle with the growing prevalence of social networks and the challenge associated with maintaining personal and professional boundaries as Facebook and other social networking tools become the preferred mechanism for communication by many patients. Widespread use of social networking tools will require provincial licensing bodies to develop new policies and guidelines regarding the appropriate use of these tools.

Prediction 5: Without widespread and transparent quantitative satisfation data on the adoption and use of EMRs, selection and optimization of EMRs will remain difficult for physicians and their practice teams. The need to benchmark and measure one's progress against that of peers will either limit adoption and use (if these data are absent) or will significantly enhance the ability to guide EMR adoption and use.

Please feel free to agree or disagree with anything that I have said. Add your thoughts by clicking on the 'Comments' link below.

Dec 19, 2010 9:44:37 PM | A. General Discussion, E. Privacy Issues, H. Doing it Differently, Q. Thought Leadership, T. Post Mortem Analyses, U. EMR Funding

June 23, 2010

UK deals with Consent and Opt-in vs. Opt-out for Summary Care Record

Questions of consent are coming to the fore in the UK where the Summary Care Record is being rolled out. As reported June 15th in the Telegraph. There has been a significant debate about whether patients should have to opt out of having their information loaded up into a central repository or whether they should be given the opportunity to opt in to this decision.

The opt out option is easier for hospitals/organizations as the onus is placed on the patient to decide whether to participate or not. The opt in option requires that significant expense, time and work be undertaken to notify all patients about their rights and ask their permission to upload data.

From a privacy and consent perspective, the opt in is the desired approach, however the cost and resource requirements of widespread opt in programs are so high that they have been abandoned in many settings that have been attempted.

The Summary Care Record is being rolled out nationally and each primary care trust is sending letters to patients in its area informing them that their surgery [medical practice - Ed] is about to upload their records unless they choose to opt out.

Doctors warned that this meant patients were not giving proper consent and a lack of response was taken as their agreement to their records being uploaded. There was also widespread criticism of the opt out process as a form was not included in the main pack and there was confusion over where it should be sent.

Earlier this year the accelerated roll-out of the system was stopped and a slower pace adopted but concerns have remained.

Electronic medical records system 'to be reviewed' - Telegraph

What are your thoughts? Should we always require an opt in or do the needs of the system to operate efficiently and at reasonable cost trump the opt in requirement?

Add your thoughts or comments by clicking on the Comments link

Jun 23, 2010 7:45:35 AM | E. Privacy Issues, H. Doing it Differently, Q. Thought Leadership

January 07, 2010

Data Privacy Day 2010 – Thursday January 28

(Published on behalf of Jean Eaton, Communications Director, CAPAPA - Canadian Association of Professional Access and Privacy Administrators)

Protecting your information means knowing what's worth protecting, and how to protect it. Canada's privacy and access laws give Canadians many rights and responsibilities about their personal information and the information held by governments.

Data Privacy Day is important to raise awareness and generate discussion about data privacy and access rights and practices. Canadian Association of Professional Access and Privacy Administrators – CAPAPA - is leading the nation-wide campaign across Canada to encourage discussion about privacy and access among a broad audience of Canadians.
 
Join CAPAPA on January 28, 2010 as Canada, the United States, and 27 European countries celebrate Data Privacy Day together for the second time. Get involved to raise awareness and generate discussion about data privacy and access rights and practices. 
 
For promotional materials that you may download to share at your place of work, click here
 
Collaborate with CAPAPA to coordinate promotional material and activities for your organization and in your community.  Click here for more information.
Jan 7, 2010 6:22:39 AM | E. Privacy Issues

July 23, 2009

A Warning for Canada - Three Plead Guilty to HIPAA Violations

Health Data Management: A physician and two former employees at St. Vincent Infirmary Medical Center in Little Rock, Ark., pleaded guilty to misdemeanor federal charges that they inappropriately accessed the medical records of local television anchor, Anne Pressly, who was slain in October 2008. The local U.S. Attorney’s office confirmed that all three entered guilty pleas July 20, acknowledging they violated the privacy provisions of the Health Insurance Portability and Accountability Act. A sentencing date has not yet been set. Each faces a maximum penalty of one year in prison, a fine of up to $50,000, or both.

Click here to read the article

Whether through ignorance or curiosity, the outcome had severe consequences. I wonder if these individuals had received formal privacy training before the incident(s) to ensure they understood what was appropriate behavior in terms of accessing confidential patient information.

Mark your calendar to listen to next week's Podcast which will focus on Privacy.

To add your thoughts or comments, click on the 'Comments' link.

Jul 23, 2009 10:40:27 AM | E. Privacy Issues

June 24, 2009

CMPA: Legal Risks of Using Email to Communicate with Patients

The Canadian Medical Protective Association has published an Information Sheet for Canadian physicians regarding the use of email to communicate with patients listing in detail the legal risks from the perspective of confidentiality, privacy and security, the timeliness of responses and the clarity of communication. In addition, the CMPA has provided a very useful template consent form that can be copied and used by physicians to ensure that patients understand the risks and responsibilities if email is used as a communication medium.

Download the Information Sheet and Consent Form (.pdf) [pages 5~8]

CMPA: The bottom line

  • Members should understand the legal risks associated with email communication with patients.
  • Before engaging in email communication, members should review any applicable statutory and/or College requirements that may impact the use of email for transmitting patient health information.
  • Patients should also be aware of the potential risks and agree to assume those risks. A signed consent form that outlines the risks of email communication, as well as the obligations placed on those patients who wish to correspond via email, provides a permanent record of the consent given.
  • Members working within an organization should be aware of the risk of access by the organization to any email communications, including those sent to patients and third parties, using an organization’s computer system. This caution is especially pertinent for members who are being assisted by counsel with a legal matter.
  • Members should establish policies and procedures for the handling of email communications. Employees should be informed (through a policy or otherwise) of the risks associated with inappropriate email communication.

To add your thoughts or comments, click on the 'Comments' link

Jun 24, 2009 11:24:37 AM | E. Privacy Issues

January 19, 2009

NY Times: Privacy Issue Complicates Push to Link Medical Data

The US is beginning to wrestle with the 'Elephant in the Room' - Privacy. The announcement last week of $20 Billion in funding to support Healthcare IT has triggered the debate on the importance of privacy and the need to protect medical information. This is a complex issue.

Source: NY Times. By ROBERT PEAR Published: January 17, 2009 WASHINGTON

President-elect Barack Obama’s plan to link up doctors and hospitals with new information technology, as part of an ambitious job-creation program, is imperiled by a bitter, seemingly intractable dispute over how to protect the privacy of electronic medical records.

Rahm Emanuel, the White House chief of staff-designate, said it was “essential” to protect personal health information. Lawmakers, caught in a crossfire of lobbying by the health care industry and consumer groups, have been unable to agree on privacy safeguards that would allow patients to control the use of their medical records. Congressional leaders plan to provide $20 billion for such technology in an economic stimulus bill whose cost could top $825 billion. In a speech outlining his economic recovery plan, Mr. Obama said, “We will make the immediate investments necessary to ensure that within five years all of America’s medical records are computerized.” Digital medical records could prevent medical errors, save lives and create hundreds of thousands of jobs, Mr. Obama has said.

“Health information technology will succeed only if privacy is protected,” said Frank C. Torres, director of consumer affairs at Microsoft. “For the president-elect to achieve his vision, he has to protect privacy.”

Click here to read the full article

To add your thoughts or comments, click on the 'Comments' Link below

Jan 19, 2009 9:50:50 AM | E. Privacy Issues
« Previous | Next »

Thomas Stringham

The Typepad Team

Search

Recent Comments