Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Security Challenges of Electronic Medical Records

President Obama has made the widespread deployment of Electronic Medical Records (EMRs) a priority in his latest stimulus plan. Feisal Nanji, Executive Director at Techumen, gives an overview of the security challenges this ambitious plan poses.
Page:

Under his recently unveiled fiscal stimulus plan, US President Barack Obama seeks to invest up to US$20 Billion in federal funds to achieve widespread deployment of Electronic Medical Records (EMRs). A principal reason for his initiative is to improve our nation's health care system by reducing long term costs and increasing effectiveness of our health outlays. So what exactly is an Electronic Medical Record and what does this new direction mean for security and privacy professionals?

At its core, an Electronic Medical Record (EMR) is the effective capture, dissemination, and analysis of medical and health related information for a single patient. All participants in the health care delivery system have a stake in efficient information flows. They include health care providers, insurers, government agencies, claims processors, and patients. Thus the term EMR has a slightly different meaning depending on one's perspective. Indeed, Electronic Medical Records managed by individuals are termed Personal Health Records (PHRs). PHRs capture all relevant personal health details, including diagnoses, X-Rays, and similar items into a single repository. Individuals are then empowered to make health decisions for themselves, to easily choose among providers, to selectively disclose medical conditions, and to receive optimum care during emergencies. Both Google and Microsoft offer services for individuals to create, manage, and store their PHRs. We expect that there will be an explosion in demand as the computer-savvy population ages.

The focus of this article, however, is on the secure use of EMRs by institutions and health providers in a regulatory arena rife with complexity and with strict privacy and safety requirements. Consider a typical hospital with a relatively well functioning EMR system. Using EMRs, doctors can conduct much of their business totally electronically. This is in sharp contrast to traditional care environments where paper shuffling is the norm. Using EMRs, doctors can review patient histories and charts, obtain laboratory results, generate referrals for specialist consultations, prescribe medicines, and diagnose images all without the use of paper. This sounds utopian, and in many ways it is.

But the soft underbelly of EMRs is the difficulty in adequately securing such records. Key security and privacy concerns for EMR systems include:

  • Hacking incidents on EMR systems that lead to altering of patient data or destruction of clinical systems

  • Misuse of health information records by authorized users of EMR systems

  • Long term data management concerns surrounding EMR systems

  • Government or corporate intrusion into private health care matters

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: ACT, Billion, Google, Microsoft, Sharp, Solace

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: medical records
Latest Blog Posts
Whitepapers
  • IDC MarketScape: Worldwide Business Process Platforms 2011 Vendor Analysis
    Enterprises adopting business process management (BPM) software have wide-ranging needs, from highly dynamic task management to complex, high-volume processing with a focus on straight-through automation and the ability to rapidly detect exceptions. This IDC MarketScape focuses on what we call business process (BP) platforms, which are optimized to support midrange to more complex use cases. Read on.
    Learn more »
  • Improving Productivity in the Connected Enterprise Through Collaboration
    In the market for collaborative applications, a large convergence is beginning to take hold, and the consumerization of IT is central to this movement. The technologies that people use as consumers are impacting the way employees, customers, and partners want to interact and collaborate at work. People want to take the same technology experiences that are available at home and plug them into their daily work lives. This movement is setting worker expectations as both employees and corporate consumers. Workers need to have the choice and flexibility to consume the applications they want, where they want, and on their preferred device. Read on.
    Learn more »
  • Risk management: ensuring the security of your hosted information
    Organisations of all sizes are becoming victims to cybercriminals, data breaches, information theft and security risks. But before you go out and spend a fortune on security software, solutions and consultants, the starting point is to identify and measure your business’s exposure to those risks. In this whitepaper, “Exploring, Identifying and Measuring” risk, we examine how to identify risk and share an approach for identifying and measuring risk in your organisation.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments