Electronic Medical Records

Introduction

The implementation of information systems in the healthcare industry has resolved a number of critical problems. These problems include improving the efficiency and quality of patient data and storage. However, it's come to be understood that computerized records keeping systems have introduced a new set of problems. Indeed, recent years have seen the proliferation of significant data breaches of information systems, in the healthcare sector, and in other industry sectors. Thus there is clearly a deficiency in protecting confidential data. Moreover, this problem appears to be quite widespread in the US. This paper will examine the nature of these problems.

Information Security

By 2014, the implementation of a nationwide electronic health record (EHR) is planned by way of federal legislation for all health maintenance organizations (HMOs). Healthcare data systems are widely considered the most crucial element in the overall improvement in the quality of healthcare and also a means to reduce costs. Appari and Johnson (2010) report research that the annual savings in the US of adopting an EHR system would be around $81 billion (Hillestad et al., 2005). These significant cost savings should act as a major incentive for change.

However, information security healthcare-related expenditures are comparably lower in the US than in other industrialized countries. US healthcare firms usually spend about 3 to 5 percent of revenue per annum. This also trails the average for comparable spending by financial sector firms in the US which is about 10 percent per annum (Bartels, 2006). There is growing evidence that this inadequate spending has been the cause of a number of data breaches. Indeed, unauthorized data disclosures are the second most common breach of data in the US. These events are a cause for concern in that they leave patients exposed to serious economic hardships, anxiety and perhaps even ostracism (Appari & Johnson, 2010). Recent research into patient attitudes about data security found overwhelming concern about health-related internet sites' unauthorized sharing of their personal data with third parties.

Patient Privacy

Privacy is a central facet of doctor-patient relations. That is, without privacy it would not be possible for proper healthcare to be provided to the patient. Yet there are circumstances in which a patient might withhold crucial information from a physician, such as a diagnosis of HIV infection, out of fear of discrimination (Appari & Johnson, 2010). Nevertheless, the main prerequisite of quality healthcare delivery is the full disclosure of the patient's medical history. This is particularly crucial to avoid any adverse drug interaction problems.

There are two potential threats to the privacy of patient data; first, is the organizational threat. This threat emerges when there is improper access to medical records performed by internal actors who have abused their access privileges. Another potential threat is from an external actor who is able to exploit the weaknesses of an organization's information systems. The second is a systemic threat. These threats occur when an actor in the flow chain of data uses the information in ways that are outside its intended purposes.

Systematic threats may take the form of an insurance company denying a policy to a patient based on information received about their medical status. Another example is an employer who receives such information and employs it for such purposes such as blocking a career advancement opportunity or even firing an employee. Yet these threats can result in malpractice lawsuits with considerable penalties.

A recommended way to reduce unauthorized intrusions into patient privacy is by means of stricter access control mechanisms. There is research, focused around algorithms and frameworks development, on implementing information access regimes based on roles and contexts. Appari and Johnson (2010) report research that proposes an improved role-based access control (RBAC) system which includes such roles as well as attributable permissions. This system would have the benefit of access privileges management by reducing a large number of controls and permissions to a more feasible quantity. This procedure would also reduce associated administrative expenses.

Data Integrity

A key concern of information security is guaranteeing that the data being collected is accurate and reliable. Indeed, the widespread implementation of electronic records in the health care industry has involved the creation of vast repositories of patient information. This data is used to make crucial health care decisions. Healthcare information systems often address this issue by means of an alert design system that stops any further action (Appari & Johnson, 2010). However, when an alert design is poorly conceived it can lead to serious compromises of data integrity. For instance, there is research demonstrating how alerts can be particularly overbearing to the end-user experience. Indeed, alert prompts of an excessive nature can cause users to begin overriding and ignoring them. This can lead to serious compromises to the patient's data (Appari & Johnson, 2010).

Final Conclusion

In conclusion, it was found that the implementation of information security has led to many improvements in terms of efficiency and quality of medical records. However, it has also found a number of issues related to data integrity, information security, and privacy. These issues may improve through the development of better information security procedures. As medical information becomes more digitized, healthcare providers must make data security, privacy and integrity a major priority.

References

Appari, A. & Johnson, M.E. (2010). Information security and privacy in healthcare: Current state of research. Information Journal of Internet and Enterprise Management, 6(4): 279-314.

Bartels, A. (2006). US IT spending benchmarks for 2006. Forrester Research Report.

Hillestad , R., Bigelow , J., Bower, A., Girosi, F., Meili, R., Scoville, R. & Taylor, R. (2005). Can electronic medical record systems transform health care? Potential health benefits, savings, and costs. Health Affairs, 24(5):1103-1117.