Question

describe the security safeguards for electronic health records

Answer 1

An electronic health record is an electronic version of medical records of a patient which includes vital data such as medical history, problems, immunization reports, diagnoses, demographics, important signs, laboratory data, radiology reports, medications, progress reports etc. Shifting paper based health records to electronic format addresses the issues related to the use of paper as a means of recording health care data in most health care organizations. Electronic health records have the following benefits:

⁃ Low cost

⁃ Improved health care quality

⁃ Evidence based medicine usage

⁃ Ensures mobility of records

In health care organizations, Electronic Medical Records( EMR) are very beneficial to physicians, patients and health care services. The adoption rate of EMRs is relatively low because of the concerns about privacy and security of the patient information. There are lot of concerns regarding the protection of high quantity health care data. To maintain electronic health records effectively the following requirements should be satisfied:

⁃ Achieving complete data

⁃ Resilience to failure

⁃ Being Highly available

⁃ Being consistent with security policies

⁃ Funding technology

⁃ Certain aspects of organization and attitude

The technology for effective storage and manipulation of electronic health data includes the systems used for storing, accessing, processing, sharing and transmitting health care information as well as supporting health care delivery and health care system management. While addressing the issues related to efficient health care data storage the following aspects have to be taken care of:

⁃ Privacy: It refers to the right that someone has to determine for themselves when, how and the level at which accessing personal information is transmitted or shared by others

⁃ Security: It is defined as the level at which accessing someone’s personal information is restricted and allowed for those authorized only

⁃ Confidentiality: It can be defined as restricting information persons that are not authorised to access data during either storage, transmitting or when they are being used.

The following measures are incorporated in electronic health records (EHR) systems to protect the data and ensure privacy, security and confidentiality:

⁃ Access Control: The means for access control includes tools like passwords, PIN numbers, to limit access to patient records to authorized individuals such as doctors or nurses.

⁃ Data Encryption: Encrypted information cannot be read or understood except by someone who can ”decrypt” it, using a special ”key” made available only to authorised individuals.

Efficient data encryption scheme should be used and that can easily be implemented by both the health care professional and the patients. The preferred access control model is Roll-Based Access Control(RBAC) while the best authentication mechanisms are passwords/ logins and digital signature. The effective management of healthcare record requires multidisciplinary team which involves telecommunication, instrumentation, and computer science to enable the interchange of medical records.