Health-Care Data at Euclid Hospital Security and Control: A White Paper
Protecting Health-Care Data
The efficiency of the modern healthcare system is increasingly becoming reliant on a computerized infrastructure. Open distributed information systems have been initiated to bring professionals together on a common platform throughout the world. It needs to be understood that easy and flexible methods of processing and communication of images; sound and texts will help in visualizing and thereby cure illnesses and diseases effectively. Another aspect is that the easy access and usage can risk patient privacy, accountability, and secrecy associated with the healthcare profession. Therefore, Information Technology -- IT must be able to focus mainly on improving the health of the patient and should not put the patient's health in danger. (IO Press)
This implies that right data has to be made available to the right person at the right time. IT strongly affects the confidentiality between the patient and the doctor, as it greatly surrounds and mediates it. Information systems and healthcare establishments are developing an integrated system wherein various users can engage in interaction and communication. The process of integration will transcend the borders of local healthcare enterprises and will progressively extend into the homes of patients and into the healthcare community as a whole to make way for the "mobility of patients, the exchange of medical and administrational data and transfer of bills and money." (IO Press)
Euclid Hospital plays a significant role in protecting the healthcare data of its patients who numbered about 33,000 in the previous year. Irrespective of the number of patients, Euclid has a proven track record of extending quality medical care to the satisfaction of the patient. In keeping with the line of the National Research Council -- NRC report issued in 1997 'For the Record: Protecting Electronic Health Information' Euclid recently implemented a web-based Euclid Medical Record Management System -- EMRMS that includes NRC security and recommendations which involve confidentiality. (A WWW implementation of National Recommendations for Protecting Electronic Health Information)
The following measures have been implemented for the protection of Euclid hospital records (a) Individual Authentication of Records: In order correctly understand about the authenticity of the individuals on any computer system having healthcare data under EMRMS, every caregiver has been assigned a username and password. This policy allows individuals to be held liable for every action which are taken after logging in.
(b) Access controls: Each and every user has not been given access to all information which is available under the EMRMS. This is because Euclid believes that a Laboratory Technician has no business to have access to the detailed data which is contained in the patient's psychiatric details. Healthcare providers must be permitted to see the clinical information on a need-to-know basis. Hence at Euclid, the most apparent implementation of such controls will be to allocate accessibility to various healthcare computing functions based on the job role. (A WWW implementation of National Recommendations for Protecting Electronic Health Information)
(c) Audit Trails: Even though a web-based system is vulnerable to unauthorized hacker attacks from outside the system, inappropriate healthcare data access from within the organization is to a greater extent more common. Normal human inquisitiveness encourages healthcare staff not involved in the care of the patient to view the records of celebrities and of their associate staffs. Euclid's EMRMS has a detailed retrievable audit trails which logs all accessibility to information for holding authentic users to be liable for actions which are taken while making use of the healthcare computing system. The logs are inclusive of date, time, information accessed or viewed and of course the user ID which is available for patient review on demand.
(d) Physical Security and Disaster Recovery: Unauthorized personnel are not denied access to hard copies and electronic storage. Back-up tapes are prepared on a weekly basis and they are stored at a different location from Euclid hospital in order to avoid damage in case of a physical disaster. (e) Protection of remote access points: - Euclid's EMRMS has a three layer Firewall which provides a strong centralized security and intrusion protection system and every remote access is being protected by a single session or by encrypted passwords. (f) Software discipline: All the systems are equipped with the latest Virus scanning programs and there is a limit for downloading from the Internet to the servers. (g) System assessment: Monthly audits are undertaken to evaluate the vulnerability to password cracking programs and to ascertain the processes which are implemented to identify vulnerabilities in the system. (A WWW implementation of National Recommendations for Protecting Electronic Health Information)
(h) Supporting Authentication: It is seen that normally healthcare providers share usernames and passwords which defeat the very purpose of authentication, access controls and audit trails which are offered by particular passwords. To discourage this type of practice, at Euclid, authentication is being considerably reinforced by requiring that logon be supported and paired with the physical possession of 'hardware token' like magnetic strip swipe card IDs or devices which have rapidly changing passwords.
(i) Access validation: Under the simplest form of access control, at Euclid, various system functions are available which are dependent on the job role. An added sophisticated implementation would tailor the content which is available within functions through the job role. For instance, a doctor as well as a billing coder can view the patient discharge summary. However the details of the patient's psychiatric assessment will not be available for the coder but can be seen by the doctor. (j) Electronic Authentication of Medical Records: EMRMS has built up an electronic signature to sign the submitted digital medical records and cryptographic digital signature is used while retrieving records to ensure that medical records are not altered during the transmission process. (A WWW implementation of National Recommendations for Protecting Electronic Health Information)
II. Privacy and Confidentiality of Health-Care Data
a. Legislative Protection of Privacy
The need for adopting a nationwide legislative protection of healthcare privacy has been felt as the country tries to bring about national healthcare reforms through new technological applications like tele-medicine which can cater to the needs of the population across the state borders. The Federal Privacy Act of 1974 was the first endeavor in this direction towards protecting privacy in legal terms. However its scope was limited to some extent. Following several legislations over the years, the American Health Management Association -- AHIMA, drafted a model of legislative language which defined a code of fair information practices. (Johns, 322-325)
The important provisions in AHIMA's model language consisted of the following principles of fair health information practices. These are the patient's right to know about his health-care information which has been maintained by any person and also regarding its purpose; Restrictions regarding collecting healthcare information. This pertains to collecting information only to the extent to which it is required to fulfill the objective for which it was intended; Collecting and using the information for necessary and legal purposes only; Notification to the patient by the person maintaining the healthcare information. This involves a written statement regarding the fair practices which are adhered to and they are also communicated verbally to each patient; Restrictions on the use of the information for purposes other than for which it has been collected; Patient's or his representative's right to access the health information and obtain copies of it; Required reasonable safeguards for the security of healthcare information. This involves its storage, processing, and transmission; Additional protective methods to ensure the accuracy, reliability, relevance, completeness, and time frame of the healthcare information must be established. (Johns, 325)
b. Patient Rights
The personal and health care information of a patient consists of those which has been provided by the individual and which is recorded by the healthcare provider while providing care to the patient. Patients have their right to talk in confidence with the health care providers and also to have their information pertaining to health care to be safeguarded. They also have the right to review and copy their own medical record and request that their physician amend their record if it is not correct, relevant, adequate, or complete. (Patient Rights and Responsibilities) Thus patients need to know that the information provided by them is being kept as confidential, and the health care provider organizations need to guarantee that confidentiality. Adoption of security measure is taken by Euclid so as to protect the confidentiality of patient information. (Part Four: Privacy, Confidentiality & Security)
c. Access to Health-Care Data
Access to patient information at Euclid is through Unique Patient Identifiers -- UPIs which play an important part in the management of patient care delivery and information. This ensures the prevention of unauthorized availability and correct identification of the needed information. Besides, the use of UPIs to access patient care information helps in standardizing the access methods and reinforces access control. This thereby avoids the need for repeated use and revelation of an individual's Personal Identification Information like name, sex, age, race, social security number, marital…