Difference between revisions of "EMR Benefits: Security"

Revision as of 20:49, 13 September 2015

Security is an advantageous attribute which comes with EMR systems. Centers for Medicare and Medicaid Services (CMS) published a privacy, security & meaningful use guidelines which computer systems that store patient information need to conform to imply to HIPAA privacy guidelines. ^[1]

Confidentiality and Secrecy

Publicizing confidential medical records can be overwhelming and the outcomes may have a tremendous impact on a patient's personal life. "Victims could seek litigation against the healthcare practice in which the breach occurred. If the breach affected multiple patients, the practice is headed down a long road of legal tribulations." ^[2]

Confidentiality of patient medical records can be better protected from misuse by the use of well-designed EMRs. The reason for this claim is that monitoring and securing patient medical records in electronic forms is more achievable than any paper-based structure. Although different potential threats exist for any EMR system, a well-designed EMR system has a great potential to facilitate medical record confidentiality. For instance, EMR software developers have the option of using biometric data or multi-factor authentication to ensure that only authorized personnel have access to such data. Further, this method would allow for a data-trail to monitor this access. Installing and enabling encryption is another way to protect and secure patient health information. Encryption is the conversion of data into a form that cannot be read without the decryption key or password. While achieving data encryption is a hard complex mission for any paper-based medical record structure, it is easily possible to implement it for any EMR solution. ^[3]

Sophisticated e-prescribing capabilities can ensure secure communication of prescriptions from clinicians to any pharmacy the consumer requests. ^[4]

Data Consistency and Integrity

Data consistency refers to the level in which the recorded data in the storage medium can be matched with the original and valid state of information which has initially stored. A consistent data with high level of integrity must be always identical with the original state it has stored. In any paper-based medical record, there is a chance that different sort of inconsistencies occur. Maintainability of data integrity in electronic forms of medical records has a significant impact on patient medical record security. ^[5]

Access Control and Auditing

In general, access control refers to an act of controlling the access of individuals to any resources of the organization. The term "access" might have different meanings, which may refer to "view", "modification", "deletion", or "creation" of records. When all records were kept in paper format, it was difficult to monitor the access to these records as anyone who had physical access to the record could open and read it. It was not possible to exactly determine who opened the charts. In the electronic format, first of all one has to be in the correct user class to access and then one has o log on with a user name/password combination. It is easy to keep track of by whom and when the chart was accessed. Similarly any data entry also requires in most EMRs an electronic signature, which may be the password before that data is entered. This allows the organization to keep an audit trail. EMRs by virtue of being easily accessible from multiple locations can tempt staff to open the charts but at the same time by keeping an audit trail makes it easy to find the staff who accessed the chart without any administrative or medical needs. While it is easy to monitor the access of the staff, risk of data breach from hackers gets intensified. In the paper world, one has to physically come to steal the medical records but now data if not kept safe from hackers can be exploited remotely.

Improve Legal and Regulatory Compliance

EMRs can facilitate and improve legal and regulatory compliance in terms of increased security of data and enhanced patient confidentiality through controlled and auditable provider access ^[6]. In a study by Bhattacherjee et al, Florida hospitals with a greater adoption of health information technology had higher operational performance, as measured by outcomes of Joint Commission on Accreditation of Healthcare Organizations (JCAHO) site visits ^[6]

Certification

Product certification seeks to make the first step a little easier. ^[7]

References

1. ↑ Centers for Medicare & Medicaid Services. Privacy and Security Standards. http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/PrivacyandSecurityStandards.html
2. ↑ Electronic Health Records Security and Privacy Concerns. http://www.ironmountain.com/Knowledge-Center/Reference-Library/View-by-Document-Type/General-Articles/E/Electronic-Health-Records-Security-and-Privacy-Concerns.aspx
3. ↑ Mendoza, E. Security considerations when choosing an EMR system. http://search.proquest.com.ezproxyhost.library.tmc.edu/docview/195651099/fulltextPDF
4. ↑ Phillips, J.L., Shea, J.M., Leung, V. & MacDonald, D. (2015). Impact of Early Electronic Prescribing on Pharmacists’ Clarification Calls in Four Community Pharmacies Located in St John’s, Newfoundland. JMIR Medical Informatics; 3(1):e2. http://www.ncbi.nlm.nih.gov/pubmed/25595165
5. ↑ Rode, D. Data Integrity in an Era of EHRs, HIEs, and HIPAA: A Health Information Management Perspective. http://csrc.nist.gov/news_events/hiipaa_june2012/day1/day1-b2_drode_integrity-protections.pdf
6. ↑ Cite error: Invalid <ref> tag; no text was provided for refs named benefits_.26_drawbacks
7. ↑ Heubusch, K. (2008). Certified EHRs. Journal of AHIMA, 79(8), 34-36. Retrieved from http://ezproxyhost.library.tmc.edu/login?url=http://search.proquest.com/docview/212569443?accountid=7034