Sunday, September 1, 2019

Electronic Medical Records and Safety Essay

The article titled â€Å"Computer Security Expert’s Perspective on Electronic Medical Records† presents the views of an Information Technology (IT) security expert, Troy Thomas, on electronic medical records (EMR). Thomas is the Chief Security and Privacy Officer for KeyCorp which is the parent company of Key Bank. Thomas has a bachelor’s degree in Computer Information Sciences from Cleveland State University, Cleveland, OH. Thomas asserts that the medical industry is slowly becoming computerized and, eventually, electronic medical records will be the norm. He points out that, however, getting from a highly distributed, paper-based model to a fully computerized EMRs model will be challenging. Changing to a more computerized EMRs model will introduce risks that the current paper-based model does not have and will solve some of the inherent risks associated with the current model. The current paper-based model inherently has the following risks: records are susceptible to fire, flood, mold, termites, decay, fading of ink, and misplacement of an entire folder or subsections. Paper records are easily copied or stolen, easily accessed by office personnel or people who just happen to be near an unattended folder of medical records. An EMRs model inherently has the following risks: computer equipment can fail or break, technology changes quickly, and information stored a long time ago may not be easily accessed at a future date. Information that was once stored can become inaccessible; information can be accessed by unauthorized individuals. Electronic information can be altered. Electronic components do not react well to fire, water, dust, dirt, humidity, being dropped, or being abruptly unplugged. To mitigate these inherent risks, modern computer centers have strict environmental controls to ensure that computer equipment is run in an optimal environment and is backed up and available at an alternative site (for disaster recovery purposes) and has proper security controls deployed to ensure that information can be accessed by authorized personnel only. Technology controls exist that can prohibit information from  being altered. For example, there are direct access storage devices that allow information to be written once and read many times. The inherent risks of the paper-based model and the EMRs model are vastly different but mitigating controls exist that can adequately address the basic inherent risks described thus far. Typical, practicing physicians, however, cannot be expected to set up a dedicated computer center with all of the environmental, phy sical, and logical access controls that are needed to adequately safeguard their patient records. Therefore, for true EMRs to be really secure, a model or protocol is needed whereby physicians store their patients’ medical records at a reputable and secure data center that offers the physicians an outsourced service for accessing and storing EMRs. Unfortunately, a centralized computing model introduces new inherent risks: for example, are the outsource agencies reputable and can they be trusted with patient medical record information? With medical record information coming in from multiple physicians, a unique patient identification number would be needed so that records could be appropriately combined within patient files. With so much information in one place, clear controls would be needed to ensure that the people accessing the information receive only the information that is truly needed. Ensuring that quality information is captured and maintaining patient privacy will be the most challenging aspects of EMRs. Computers don’t improve quality. However, computers can make quality issues and mistakes much more visible and potentially harmful. The author highlighted that the EMRs journey will probably parallel some of the issues that exist with electronic voting where so many questions such as whether society can trust the vendors who sell the voting equipment. Can a vote be altered after it has been cast? How does society effectively centralize a highly decentralized model? Can foreign governments hack American voting equipment and influence an election? How is a person’s voting history stored and secured? In the end, EMRs will be a reality in the healthcare industry. The benefits of centralized electronic patient medical records outweigh the risks associated with changing the model. Ultimately, it is a question of trust, not technology. Will physicians trust their patients to stay with them when their patient medical records are more easily transferred to another doctor? Will patients trust that their medical records are appropriately safeguarded against inappropriate access and that the information contained within their records is accurate and of high quality? Ultimately, Thomas believes the answer to these questions is yes in the long run.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.