In the late 1960’s, Dr. Lawrence L. Weed developed the Problem Oriented Medical Record (POMR).  His vision was to have electronic medical records with standardized progress charts for all patients.

Fast forward 30 years, and you would be hard pressed to find a medical group or health care system that used Electronic Health Records (EHRs) to exchange patient data with one another. Most medical records were still in the form of physical documents, stored in a file folder and shared between a few key members in the medical facility.

In today’s digital age, there has been an ever-increasing movement toward the use of EHRs by healthcare systems in the United States. This is due in part to the American Recovery and Reinvestment Act (ARRA) of 2009, which calls for a Nationwide Health Information Network (NIHN), wherein all medical records will be in EHR format, conforming to a nationally recognized standard. The proposed deadline for this transition is 2014.

Many privacy and security experts tend to think that the 2014 deadline for adoption of EHRs could pose significant security risks. Healthcare facilities that rush to meet HITECH’s meaningful use requirements for incentive payments could overlook critical security flaws, leaving systems open to threats. Others, like Latanya Sweeney, PhD, believe new kinds of harm can result from the design of the NHIN. Among other things, Sweeney mentions de-duplication and identity, testing and liability, mechanisms for corrections, and data segmentation as just a few examples from the “large array of trust issues any NHIN design must address to be widely accepted.”

Proponents believe the system’s design is secure. Newly proposed privacy rules were announced on July 8, 2010 by the Department of Health and Human Services (HHS), as well as the launch of the new Health Privacy Website.

The HHS news release quotes Georgina Verdugo, the Director of the Office for Civil Rights at HHS: “The benefits of health IT can only be fully realized if patients and providers are confident that electronic health information is kept private and secure at all times. This proposed rule strengthens the privacy and security of health information, and is an integral piece of the administration’s efforts to broaden the use of health information technology in health care today.”

Do you think current safeguards and new rules aimed at strengthening the privacy and security of health information is enough? Do the potential risks outlined by Dr. Sweeney outweigh the rewards?

by Ryan Abbott
Operations Analyst, Kroll Fraud Solutions

Tags: ARRA, EHR, electronic health records, HHS, HITECH, medical record

Categories: Data Security Industry, Data Security Issues, HITECH.