Electronic Medical Records Management and Personal Privacy

Electronic Medical Records Management and Personal Privacy

Electronic Medical Records Management and the Control of Personal Privacy Information

The ethics and security of Electronic Medical Records (EMR) is acting as a catalyst of continual innovation today and will accelerate development in this industry over the next two decades. The continual improvements in technology, security and personalization are also being driven by the need for healthcare providers to stay in HIPAA compliance as well (Lorenzen-huber, Boutain, Camp, Shankar, Connelly, 2011). With compliance to HIPAA requirements combined with demographic trends favoring increasing research & development (R&D) in Electronic Medical Records management, the field is expected to grow at a compound annual growth rate surpassing nearly every other healthcare-related field through 2015

The ethics of EMR systems and their use by healthcare professionals, treatment personnel and the control that patients have over their use and review is now a key criterion for the design and use of these systems globally (Bernd, Fine, 2011). HIPAA compliance is also a core requirement, as this legislation requires auditing of records management practices and also defines how and where records can be accessed. The challenges to managing EMR systems effectively is predicated on how access privileges are defined, the level of authentication and cross-department and cross-facility allowed, and the safety and security of the data sets themselves (Harrington, Kennerly, Johnson, Snyder, 2011).

As of late 2011, EMR systems and the developers must also provide their source code in escrow within specific nations they operate in to ensure a continual support for patient records

(Bernd, Fine, 2011). In European nations who have much more stringent requirements than the United States on privacy, the costs and audits are much more stringent and focused than HIPAA (Lorenzen-huber, Boutain, Camp, Shankar, Connelly, 2011). Of the many databases and systems platforms used for streamlining and making more efficient healthcare, EMR systems are the most tightly regulated, with the greatest levels of oversight due to the potential risks to patients of having their healthcare histories compromised. The new product development process for EMR systems today is a synchronized process that combines the technology aspects of access speed, ease of search and security with the need to adhere to HIPAA regulations. What is emerging is a series of best practices that are defining how EMR systems will be installed, configured and used over time

. These best practices include the defining of patient record orthogonally, use of biometric access and a definition of protocols for sharing EMR records across healthcare providers (Harrington, Kennerly, Johnson, Snyder, 2011) .

Trends in the Use of EMR Systems and Platforms

The efforts of the enterprise software industry to this point has barely met the requirements for security and patient privacy, as reported by the continual audits to HIPAA requirements in the U.S. And comparable efforts globally (Lorenzen-huber, Boutain, Camp, Shankar, Connelly, 2011). Patients have demanded greater visibility into the updating and review processes for their medical records, including full access on a 24/7 basis (Bernd, Fine, 2011) . Unfortunately many healthcare providers can take up to three or four weeks to provide access to records, even if they are electronic. This is unacceptable given the fact that all of these records are digitized. The complaint many consumer rights organizations have is that while billing can be completed nearly in real-time, in takes up to six weeks at times to gain access to patient records due to outdated and outmoded security and validated procedures (Harrington, Kennerly, Johnson, Snyder, 2011) . The dilemma for many healthcare providers is that while they can gain access to patient records, the assurance of record accuracy and reliability is still questioned as there continue to errors in record access and use (Agrawal, Grandison, Johnson, Kiernan, 2007).

Initial studies of the use of EMR records on the Software-as-a-Service (SaaS) platform have shown that multitenancy and the ability to create metrics and key performance indicators that measure security and privacy have been effective in providing patients with greater control of their personal data (Harrington, Kennerly, Johnson, Snyder, 2011). The SaaS platform has been often criticized for the lack of initial security inherent in its development, yet the focus on EMR auditing and security has led to greater advances in hosted applications over time (Bernd, Fine, 2011).