Common concerns regarding Health Information Technology solutions are the social, ethical, and legal implications.
Privacy and protection of PHI (personal health information) are of great concern with the evolution of EMRs, patient portals & telemedicine virtual solutions. As people take ownership over their health, more personal health Apps have become available which raises questions about how secure our health data is?
Hospitals and health care settings have policies and regulations guiding them around the access and security of health information systems. Authenticated logons, timeouts, monitored audits of chart access, and badge-activated single sign-on solutions are some of the ways health care providers protect patient data from unauthorized access. As we’ve seen, eHealth Ontario utilizes a validated authentication process when activating ONE ID accounts to ensure that the right provider is accessing the right data.
With mobile health apps gaining popularity, there is a greater concern for health data protection as there is not the same level of regulation or responsibility of consumer products. Many apps encourage sharing health data on social media or through networked communities.
Cushman et al. (2010) found that “…children and elderly patients voiced fewer privacy concerns related to the consequences of disclosing health information. Pediatric patients were more willing, even eager, to share personal health data” (page S54). When should children gain full access to their healthcare data? For younger children, parents or guardians can act as proxies to their health care portals but there comes a point when children have the right to take control of what health information can be shared with parents or guardians. There is the added concern for sensitive patient data and the measures required to ensure it is not inappropriately shared, even with their parents or guardians.
Telemedicine solutions for patients should be accessible to all and be easily usable for patients while delivering the same quality of care of in-person visits from providers. Information should remain accurate and well documented. Accessibility concerns arise for the elderly, those with language barriers, impairments, disabilities, minorities, or communities with cultural sensitivities. Providers should tailor to the needs of the patient.
Legal & Regulatory Considerations
Data privacy and security are an integral part of any healthcare digital solution. PHIPA legislation helps to regulate the confidentiality, privacy, and security of personal health information. With the increase of mobile health apps, this protection becomes in question as they are not all regulated in the same way. With many apps now requesting social media or networking sharing of personal health data, there arises an increased risk to privacy or cyberattack.
Consent and patient ID authentication are required for telemedicine visits. With mobile apps, data is often shared and may be sold for commercial use which brings to question whether more regulation is needed or possible.
Take a moment to review the following article regarding Mobile Health in Canada.
Cybersecurity is a hot topic and one we all need to be aware of in healthcare as the threats are real! Staff must learn to watch out for malicious attempts to access our healthcare systems such as through suspicious phishing emails, using inappropriate networks such as accessing work emails via public WIFI hotspots.
The Healthcare Information and Management Systems Society (HIMSS) is a global advisor, thought leader and member association committed to transforming the health ecosystem.
According to HIMSS,
‘Cybersecurity in healthcare involves the protecting of electronic information and assets from unauthorized access, use and disclosure. There are three goals of cybersecurity: protecting the confidentiality, integrity and availability of information’.
Visit Cybersecurity in Healthcare | HIMSS to learn more from HIMSS regarding cybersecurity in healthcare.
Backup Disaster Recovery
Hospitals and centers with EMRs or data repositories have complex secure backup systems to restore patient data in the event of a disaster. These systems, along with the backup recovery plan involve careful and tactful planning on the part of the IT leadership. Disaster recovery servers are typically stored offsite at a secure location with limited access. It’s a little like a spy movie but for good reason, patient PHI needs to be safe and secure!