EHR privacy breaches
There’s been a lot of talk about privacy protections, or lack thereof, in electronic health records, particularly in context of the economic stimulus proposal that includes $20 billion for health IT. CNN had a story Tuesday about the security of payer-generated health records.
Embedded video from CNN Video
Fear mongering or real concern? I think there’s some of both going on here.
Meanwhile, I’m counting the minutes until I get my next round of hate mail for linking to the “liberal media.” Controversy is fun!
Fear mongering doesn’t imply that there isn’t a cause for concern here.There are both benefits and drawbacks to electronic records. In my opinion there are two key points that needs to be emphasised when discussing this with the layman.1. (drawback) It makes your journal universally available (well within one health facility, or even universally given a wider deployment of connected EHRs). This means that “anybody” (well, technically the correct role, but in practice anybody) can read their neighbour’s (or the latest celeb’s) journal.2. (benefit) It is trivial to implement access logs. Notice access control is not trivial, but logging access is fairly simple.This also means that there is a potential risk in breaching privacy.This is actually a big change from the paper journal, though it requires physical access, after the access is acquired there is no trail of your access. This means that because you know the nice old lady down at archives you in principle has full access to any record with no trail kept after a few days (when she forgets who you pulled up).