Medical record privacy and security
description
Transcript of Medical record privacy and security
![Page 1: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/1.jpg)
MEDICAL RECORD PRIVACY AND SECURITY
Internet Web Systems II- Spring 2010
Vinay Veeramachaneni
![Page 2: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/2.jpg)
Overview
EMR/EHR (United States) Why EMR/EHR? What is Privacy and Security? The Law Example Scenarios How to Protect? Existing Systems Conclusion
![Page 3: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/3.jpg)
Human Factor
Medical and health records maintained on paper.
Records were send by fax, mail or asked by phone.
Possibility of error is most likely by human.
Point-of-Care is hard to regulate.
![Page 4: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/4.jpg)
Role of Technology
Availability of faster Internet and bandwidth
Low cost of hardware Low cost of storage Storage at multiple locations/mirrors to
recover from failure Software providing enhanced
authentication
![Page 5: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/5.jpg)
EMR/EHR Objective
Digitalize and maintain patient medical records.
Electronically maintain and update health records.
Invest about $20 billion to improve health care (Stimulus package).
Eliminate Health disparities.
![Page 6: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/6.jpg)
Why EMR/EHR ?(1)
Lower health care costs Reduce medical errors Improve point-of-care Improve access to data Improve quality of health care Enhance the use of EMR by providers
and hospitals.
![Page 7: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/7.jpg)
What is Privacy and Security? Ability to keep information about
themselves private or reveal to a selected individual.
Protect an individual’s trust. Confide with trusted individuals. Security is preventing any unauthorized
access to personal information. Store in a reliable location. Prevent any illegal use of information.
![Page 8: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/8.jpg)
Circle of Trust
Patient
Government
Physician
Hospital
Healthcare Provider
![Page 9: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/9.jpg)
-Loss of privacy-Loss of employment-Loss of insurance-Improper treatment-Reluctant to medical care-Social discrimination
Related places
hacking Outsourcing
Causes and Effects of Insecure Medical Records
Possibility of illegal use
Information breach
Sell to researchers
Sell to Pharmaceutical companies
Re-route prescription drugs
Household members
Employers
Ransom
Societies
Social Web
Poor handling by medical professionals
![Page 10: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/10.jpg)
Poor handling
Losing records Discussing in public areas including
social web. Bribery Miscommunication Poor analysis Use of data without consent
![Page 11: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/11.jpg)
Medical Social Networking Used for peer-to-peer communication Used to connect members with various
physical and mental ailments Impact on the drugs physicians
prescribe (Stanford Business School) E.g.: PatientsLikeMe, SoberCircle,
Doc2Doc, Healtheva, SurgyTec,…… Educational purpose. Discussing related cases and cure.
![Page 12: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/12.jpg)
Example Scenarios
Hackers hold Virginia medical records for ransom (Washington post, May 4 2009). Hackers threatened the state government that they will sell the medical records of 8 million patients and prescription drug monitoring records, unless the government pays a $10 million ransom.
One outsourced medical transcriptionist threatened to post patient medical records online.
![Page 13: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/13.jpg)
Example Scenarios
Private medical records for sale: Patients’ files outsourced for computer input end up in black market. (www.dailymail.co.uk 18th Oct 2009)
Confidential medical records of patients of Britain’s Hospital were illegally sold in the black market in this case to under cover federal agents.
![Page 14: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/14.jpg)
Example Scenarios(2)
Medics tweeting and posting data in social Websites.
An insurance agent found out the abortion of his niece and told her parents.
An employer illegally accessed the medical record of the employee’s HIV status.
![Page 15: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/15.jpg)
HITECH Act – Health Information Technology for Economic and Clinical Health Act, 2009.
“Meaningful Use” of EHR and set of standards.
HIPAA act, 1996 – Health Insurance Portability and Accountability Act
American Recovery and Reinvestment Act.
The Law
![Page 16: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/16.jpg)
How to Protect? Fair practice Patient and professionals’ training Prevent mishandling of data Optimize the information Provide better authentication Securing the facilities (Hospitals and
Healthcare Institutions) Limit use of social networking, not to
discuss about patients Provide standards and responsibilities
![Page 17: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/17.jpg)
How to Protect?
Do not enter personal data Identify theft Red flag any misuse Penalties Report any illegal activity Report Phishing Websites Business treaties that provide data
protection.
![Page 18: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/18.jpg)
Security (11)(North Carolina State
University)
Study on Certification Commission for Health Information Technology (CCHIT)- US HER certification organization.
OpenEMR software Static Analysis summary of 1210 alerts Vulnerabilities like Cross-site scripting,
nonexistent access control, path manipulation, error information leak.
![Page 19: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/19.jpg)
Study of Errors (OpenEMR)
Cross-site Scripting
Error Message Information Leak
![Page 20: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/20.jpg)
Existing Systems
Shibboleth (Johns Hopkins) Verisign eClinicalWorks EMR (Tufts Medical) E-MDs www.omniMD.com Dr.I-Net
![Page 21: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/21.jpg)
Business Intelligence Cost Savings Improved Margins Improved Patient
Satisfaction Better care (Research by
Microsoft) (Nemours-Pediatric
Health System)
![Page 22: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/22.jpg)
Conclusion
Privacy is always an ongoing debate also with personal identity and financial data.
Digitalizing medical data became a law in United States and also implemented globally.
Just as any financial organizations, hospitals also must provide enhanced authentication.
Pros Cons
- Cost efficiency- Faster response- Easy patient transfer- Reduce medical errors- Faster access to data
- Concerns of privacy- Problem of hacking- Lose patients- Reluctant to medical care- Social discrimination
![Page 23: Medical record privacy and security](https://reader036.fdocuments.in/reader036/viewer/2022062722/56813b2c550346895da3f3a8/html5/thumbnails/23.jpg)
Sources1. http://www.omnimd.com
2. http://whereismydata.wordpress.com/2008/09/24/exapmles-of-misuse-of-medical-records--where-is-my-data/
3. http://en.wikipedia.org
4. http://www.doseofdigital.com/healthcare-pharma-social-media-wiki/
5. http://www.gsb.stanford.edu/news/research/mktg_nair_drugs.shtml
6. http://www.krollfraudsolutions.com/pdf/2010_Kroll-HIMSS_Study_FINAL.pdf
7. www.hhs.gov
8. http://www.netreach.net/~wmanning/privacy.htm
9. http://www.data-storage-today.com/story.xhtml?story_id=13100CRGCVD5&full_skip=1
10. http://www.healthcareitnews.com/news/officials-outline-criteria-meaningful-use
11. Towards Improving Security criteria for certification of HER system