¶ … Security in Healthcare The recent advances in technology -- databases that store personal medical records and information -- are bringing tools to patients, doctors and other healthcare professionals that were simply not available just a few years ago. There is hope that eventually, a doctor in Hawaii that is treating a medical emergency for a tourist from Florida, will be able to access the digitally kept medical and healthcare records for that injured tourist. In other words, there will likely be in the foreseeable future a national database -- that perhaps links state databases with each other the way the FBI and local law enforcement agencies are linked -- that will be of enormous benefit to citizens and their healthcare providers.

But before that nationally linked database can become a reality, there are a number of potential problems that need to be ironed out. For example, legislation needs to be enacted that will certify safety in terms of patient privacy and security. Currently, there is legislation on the books -- the Health Information Portability and Accountability Act (HIPAA) Privacy Rule that is supposed to be sufficient to safeguard personal medical files. President Barack Obama pushed for this legislation; also, at his behest the Congress voted to include $20 billion in the recently passed stimulus package that gives states money to launch the technology needed to establish databases for the purpose of putting medical records in digital form.

But as promising as these events are, according to an editorial in the Journal of the American Medical Association (JAMA), "Invasions of privacy and security breaches" pose "major obstacles to the implementation of health IT" (Gostin, et al., 2011, p. 1373). Public policy should be pointed toward achieving what Gostin refers to as the "dual benefits of personal privacy and improved research" (1373). This paper agrees wholeheartedly with that goal.

Background / Introduction

The American society has truly entered an era that might one day be called "the digital epoch" because so many important transactions, communications, records, information files and other personal materials are in digital form. This is on the one hand an amazing time to be alive, because anyone with a personal computer and online access can communicate and interact with others elsewhere on the planet. Citizens can do their banking online, can pay bills online and order Christmas presents online -- saving the use of autos and the resulting carbon footprint that fossil fuels produce.

On the other hand, this is a dangerous time because experienced hackers and other criminals are technically competent to break into even the most secure Website. And while having one's medical records online makes it far easier for "doctor A" to find out what medications the patient has been prescribed by "doctor B," there is also the element of uncertainty and angst that the patient necessarily goes through, wondering if his or her records will be kept private and secure.

This paper delves deeply and investigates the subject of security and confidentiality vis-a-vis the digital storage of medical records. It also presents the dangers that are very real in the sense that scoundrels like those associated with Wikileaks and other interlopers are not going away any time soon. If Wikileaks could access 779 classified prisoner dossiers from those alleged terrorist individuals incarcerated at Guantanamo Bay (Cuba), penetrating a U.S. Defense Department databases, they can most certainly hack their way into a healthcare-related database in Miami, Florida, or Seattle, Washington, to dig up some dirt on a public official they wish to embarrass. The security issue must be assured, otherwise it will mean innocent citizens will have their most personal health issues at risk.

Analysis of the Issue

The key to understanding the positives and negatives regarding the security of personal healthcare information is to investigate a wide swath of available literature. Dr. Robert Kolodner is National Coordinator for the Office of the National Coordinator for Health IT in the U.S. Department of Health and Human Services. He testified before the House Oversight and Government Reform Committee in 2007, asserting, among other important remarks, the following: "Safeguarding personal health information is essential to our national strategy for health IT." Any strategy that does not fully preserve and protect...

He went on to assert that protecting health information in the current digital environment "requires a coordinated effort by all stakeholders" (Kolodner, 2007).
Kolodner concludes by stating the obvious, that secure policies and procedures cannot possibly be developed "in a vacuum." There must be input and participation from all the stakeholders, including the patient, the patient's doctor, the medical facility where the patient receives care, and the families of the patients (in most cases). What alert citizens and investigative journalists need to do is stay vigilant regarding all government and private industry actions that relate to safekeeping of personal, private healthcare files.

My Position

It is clear that personal medical records in many states and cities are now being stored in digital files, and on the surface this is a good thing. It is a good thing because in 99.9% of the cases doctors, nurses and medical staff members can be trusted to respect those personal medical files. Indeed, here is one scenario that illustrates the value of digital files for citizens' healthcare records. Let's assume there has been an emergency in Indiana -- an elderly woman is involved in a traffic accident -- and the patient arrives at the regional hospital unable to speak to the attending physician. With digitally accessible files, the doctor can log on to a database that will allow him to see this patient's medical history, what medications she has been given, what her doctor wrote during her last checkup, and more.

That is the positive side of keeping personal healthcare records in digital databases. The down side is that there most certainly are evil people lurking in various places around the planet, there faces hidden, their skills at hacking into secure computers and databases better than the best technology technicians' ability to block them. If society is moving towards keeping all medical records in digital files, there needs to be assurance from the stakeholders that those files are safe and secure.

Support For My Position

An article in the journal ACM Computing Surveys (Dogac, et al., 2005, p. 277) describes an "electronic healthcare record" (EHR) as: "Digitally stored health care information about an individual's lifetime with the purpose of supporting continuity of care, education and research, and ensuring confidentially at all times" (Dogac, 277). What the EHR (later in this paper it is referred to as a PHR -- a personal health record) actually includes is a great deal of information that can be of great value to the patient and his or her doctor. The EHR includes: "…observations (by doctors, nurses, etc.), laboratory tests, diagnostic imaging reports, treatments, therapies, drugs administered, patient identifying information, legal permissions, and allergies" (Dogac, 277-78).

At the time this article was published (2005), most medical information was stored in "all kinds of proprietary formats in a multitude of medical information systems," but the promise from this information was that making EHRs "interoperable" will be of enormous benefit to patients and their healthcare professionals (Dogac, 278).

A more recent article in the journal Healthcare Financial Management asserts that it is very clear that the "daily functioning of a healthcare provider" depends largely on the "integrity and reliability of the provider's information systems" (Glaser, 2010, p. 40). What Glaser means by that backs up this paper's assertions that competent professionals in the healthcare system realize fully that without a dependable, modern IT component that can keep financial and personal records for patients, any given system is to be considered inadequate and outdated.

Glaser insists correctly that the bar for security in healthcare IT "… has been raised," but given that fact, the dependence on electronic health records "…leaves the organization less able to tolerate viruses and other malware threats that can make the EHR unusable" (40). Understanding that the risks are there -- and this subject has been raised hitherto in this paper -- is critical to dealing with those threats. The threats that Glaser mentions on page 40 include: hackers, viruses, and worms. Hence the need for "increased diligence regarding healthcare IT security" is among the great challenges on healthcare in the United States today.

As the number of users increases, the threats can grow, Glaser explains. One threat comes from an unlikely source, smart phones, according to the author. Indeed, there is a new class of "powerful mobile devices" that are being marketed as consumer devices (think the iPhone, Blackberry, and other smart phones with increasingly sophisticated technologies) that are being used to gain access to medical databases. This is not to say that these smart phones are illegally accessing private files in databases. But some of the phone can be bought "outside of the normal purchasing and IT controls" and moreover, the medical service…