While the #digital age has enabled many to take charge of their health, it has also put their privacy in an increasingly precarious situation leaving many practitioners and patients to wonder just how vulnerable private medical histories have become with the increasing digitization of records, also known as Electronic Medical Records (EMR).
Technology offers a wide range of possibilities for improving health care, including streamlined monitoring of patient progress, easy access to healthcare professionals, and hospital efficiency. If you’re one of the thousands of healthcare organizations on the verge of making the transition from paper to pixel, there are many factors to consider.
The Driving Force Behind the Digitization of the Healthcare Industry
We all want information faster and with as little effort as possible. As technology progresses, so do the expectations of users. This is driving innovation in access to digital health records, and along with this is a continued concern over privacy and security.
If technology makes information easier for users to access, does that make them more exposed compared to their paper predecessors?
We tend to believe that paper records are “secure” due to the fact that they are physically hard to access. But, in reality, paper records are far from secure; there are no passwords or audit trails, and no way to know if something was seen, copied, or removed. These shortcomings are the very reason records are being digitized.
EMRs can easily be stored behind firewalls with password-protected access. All logins are tracked, including audit trails of what was seen, changed, or deleted. The capabilities of EMR systems are not the core issue, as they can be used in a very secure way. Not all of these systems are used properly, which is primarily where the exposure comes into play. What Healthcare Practitioners Need to Know
As the adoption of digitized health care becomes more widespread, action will need to be implemented by doctors, hospitals, and ultimately the legislators who create and approve health care policies. Here are some things to consider for your EMR:
- Have your data professionally hosted – locking a server in the office is a temporary solution, but offers nowhere near the security that a professionally managed data centre has, with manned front entrances 24/7, redundant power, Internet, and backups.
- Check your audit logs – on a daily or weekly basis, scan through summary level audit reports looking for anomalies. Things like users who are accessing more records than normal, or have experienced too many failed login attempts can raise red flags.
- Backups are essential – if you already have your vendor host your system, then this is likely already done for you. If not, ensure that the data backed up is encrypted and that the device you back up on to has all the information you currently hold, and that it is securely handled.
- Elect a system administrator – every organization should have a System Administrator, who has the responsibility to ensure the best possible security measures are taken with respect to the set-up, audit, back up, configuration and user training.
- Ensure all staff sign an agreement – create an Information Managers agreement that outlines every user’s responsibility to only access the data they need to perform their obligations. Avoid sharing passwords, always lock screens and monitor and review all employee activity. It’s important to communicate that actions will be tracked through audit logs and reviewed regularly.
What your Patients Need to Know
Digitization represents an important change for patients. With digital tools, patients can take a more active, participatory role in their health care and wellness decision-making. Digitized consumers are more engaged, and can more effectively take part in their health destiny.
Patients should always be made cognizant of the risks associated with online medical records and virtual care, but they should welcome technology advancements. Digital health care is improving access to health treatments and providers, and improving the efficiency of the patient-doctor relationship.