Health is a private matter
As hospital records move from paper to electronic form, maintaining patient privacy takes on new dimensions.
The pressure is on: health systems and governments throughout the world are encouraging doctors and hospitals to store patients’ medical records in electronic form.
The arguments in favor may seem obvious: if the system is efficiently networked, every doctor would have access to a patient’s entire medical history. Not only would all the departments of a hospital know exactly what the patient was in for, the patient’s general practitioner would get all the readings, and the insurer would get the bill. Even the patient’s psychotherapist and the city’s social services could be in the loop . . . not to mention the employer. And if, in six years, the patient moved to another city, the doctors there would have the information too.
A click away
This could however become a data protection nightmare. Under German law, says Thilo Weichert, data protection commissioner for the German state of Schleswig-Holstein, even within a single hospital, different departments are not normally allowed to see each others’ data.
“For example, the hospital’s psychiatrist may not see the gynecology data,” he says, “unless there’s a direct connection in the treatment requirements.”
So, at the same time as the pressure is on to use electronic medical records, there’s also pressure to limit how they’re used, and to ensure that the digital potential is only used for the benefit of patients.
The most obvious risk is physical. David S. Finn, Health IT officer at the internet security provider Symantec, says things have changed since records were on paper.
“It’s now so easy to pull records together,” he says. “You may be losing the records for a million people at a time, not just a couple of charts which the doctor took home to work on.”
And there have been scandals. In the US, the names and social security numbers of 26.5 million veterans, and some details about their health problems, were stolen when an employee took them home without authorization.
On the other hand, says Finn, “in some ways, information is now easier to protect: you know where it is.” You can lock down hard drives, you can create data audits to trace if records have been copied or downloaded.
Data and hospital policies
Finn has been with Symantec for two years. Before that he was CIO of Texas Children’s Hospital, but, he says, his message hasn’t changed.
“I spent twenty years telling staff, ‘It’s all about the data,'” he says, “Storing, securing and sharing data.” And the way to control data is not just with technology. “It’s also about policies, procedures and training. The bottom line is people,” he adds. “You have to convince them to take patient data security seriously. I tell them, ‘You’re going to be a patient yourself one day.'”
And there are enough people to convince. According to the LA Times, the US Department of Health estimates that “roughly 150 people, including nursing staff, X-ray technicians and billing clerks, have access to at least part of a patient’s records during a hospitalization. . . . And 600,000 payers, providers, and other entities that convert providers’ raw data into billing data have some access too.”
But the requirements of privacy, and the principle that the patient must agree to the transfer of information, can make the coordination of medical care more difficult.
“Even though government and insurers want to make general practitioners into ‘health pilots’ [piloting patients through the entire health system], this is not allowed in Germany unless the patient has given consent,” says Weichert. And even then, the GP only gets a letter from the specialist summarizing findings, without seeing the original data.
Legal details are different in every country, but, as Finn says, for the practitioner, it always means, “You have to understand the law and the intent behind it, and ensure that the right people, and only the right people, have access.”
He recognizes that the industry is only at the beginning: “The law gives good guidance, but there are situations which the law doesn’t speak to directly. We’re figuring it out as we go along, and there are a lot of resources within the industry working to help set community standards in an evolutionary process.”
Finn says the whole health industry, including health insurers and the pharmaceutical industry, now take privacy seriously, even if people don’t always know the right procedures.
But watchdog Weichert is not as sanguine. He’s not sure that hospitals always have the right priorities.
“In abstract terms, they do,” he says, “but data protection is expensive and complex at a time where savings are having to be made. There are deficits in every hospital, and the situation is disastrous when we examine individual cases.”
Finn insists that most breaches are accidental: a researcher failing to remove the name from an X-ray he’s copying, someone intending to copy one file and accidentally copying a thousand. “You have to understand the data-flows, and apply controls,” he argues.
Finn sees the biggest current risk in a new level of criminal intensity among malware operators. And there are specific threats for the health industry. For example, biomedical devices such as sonograms or monitors are being increasingly linked to networks, so that their readings get on the electronic medical record directly.
“They often have very primitive operating systems,” warns Finn, “and malware infecting them can get into the entire network. The equipment itself often has a person’s name, date of birth, insurance details punched directly into it, and that can help you gain access to other information – like credit card details.”
That’s useful data for crooks, but it’s a bit beyond the normal concerns of medical privacy. Patients are more worried about their employer learning that the reason they’ve been off work is because of depression and not backache, a new insurer finding out that they have a history of heart trouble, or the GP in a new city finding out about that abortion years ago.
Weichert sees privacy as fundamental to the relationship of trust with the individual doctor, and that has been so ever since Hippocrates.
“I think a strict policy is better,” he argues. “Sometimes you see a case where you think, ‘Couldn’t it be relaxed,’ and then you do something about that.”
But he’s convinced that data protection is in a hospital’s best interests: “Money is important, but investment in information systems which conform to data protection rules will improve the general efficiency of the system and benefit everyone.”
By Michael Lawton