The Role of Privacy in Health Data: Concerns and Solutionsfrom the Field of Health InformaticsMatthew PrenticeHIMA 5060-Spring 2013
Executive SummaryA pivotal requirement in the future of public health is the attainment, storage, and use of private healthinformation about individuals. The rise of technology late in the last century and into the millennium has led toincredible benefits to promoting the health of the population. However, the passage of intimate data throughelectronic sources also affects the privacy of all individuals within the healthcare system. The unintended releaseof private information can lead to several serious issues pertaining to discrimination, whether it is related withemployment, government programs, or health insurance. In addition to concerns with discrimination, asignificant issue is the effect of this potential privacy breach on deterring individuals from seeking care withinour healthcare system. Although the technological revolution may be to blame for this dilemma, it will also bethe source of innovations to combat the problem. Recent advances in the field of health informatics, along withthose arising in the near future, will provide the solutions to the issues which it created.
Introduction• The security of data, computer equipment, personal information and electronic servicesfrom unlawful or accidental access is essential for any individual or company that usescomputers.• Threats to personal health information can be due to: Human Intento Hackers, malware, etc. Equipment Failureso Network crashes, software inconsistencies, down-time, etc. Environmental Hazardso Climatic events, power surges, etc.• Security of data is critical.• Internet and technological revolution has increasedconnectivity, thus increasing the risk of security breaches.
Background• As recently as 2012, reports by the Presidential Commission for The Study ofBioethical issues acknowledge the need for protecting health information.• Professionals agree that data sharing in general needs guidelines.• Currently the Health Insurance Portability and Accountability Act, or HIPAA is thestandard in security requirements.• Compiling an individual’s records for transmission is known as Health InformationExchange (HIE).• Used by regional organizations, which are slow to evolve their protectionsystems.• The self-sustainability and effectiveness of HIEs is questionable (Addler-Misteinet al, 2011).
Background• Each year there are an estimated 25 million authorizations for the disclosure of healthrecords in the US.• Americans are concerned about the potential security issues.• The Certification Commission for Healthcare Information Technology (CCHIT)provide inspections and certification for electronic health record technology.• A significant issue with the transmission andstorage of electronic health records is that mostare tied to billing systems.• Seemingly only intended for the purposes ofbilling rather than patient care (Cimino,2013).
Background• Yasnoff et al, 2013 summarizes the current issues with health informaticstechnology related to personal health information:1. Complex and expensive 24/7 response to queries is difficult and costly.2. Prone to error and insecurity. The institution-centric approach requires exponentially moretransactions and is more likely to provide incomplete records.3. Increased liability. Because patients have no opportunity to review or annotate data, theburden of data correctness falls on clinicians, institutions, and the HIE4. Not financially sustainable. Financial sustainability should not require clinicians andhospitals to underwrite costs (ultimately passed on to patients or insurers).5. Unable to protect privacy. Leaving data at their source makes managing privacypreferences impossibly complex because patients would need to set and maintainpermissions separately at each location providing care.6. Unable to ensure stakeholder cooperation. Because providing records is totally voluntary,they are inherently incomplete and possibly misleading as a result.7. Unable to facilitate robust data searching. Because each record must be obtained from allsources and integrated each time it is needed, search becomes sequential, which isprohibitively inefficient.
Solutions to the Problem• Hardware Security Secure access to rooms.o Access cards. Adequate facilities.o Climate controlled and fire protection.• Software Security Identity confirmationo Unique identifiers for users.o Strong passwords. Virus protection Biometricso Rapidly evolving field.o Finger prints, palm vein patterns, eye recognition, even DNA.• Internet Security Network and browser security measures.o Protocols such as Secure Sockets Layer (SSL).
Solutions to the Problem• System Availability and Disaster Resiliency Reliabilityo Procedures for both planned and unplanned outages (down-time).o Preparations can help reduce or avoid losses to privacy.• Health Record Banks Patient-centric community health record banks. Patients are in charge of their private health information. Beneficial for several reasons including:o Patients control information -> solves problems withprivacy.o Local stakeholder cooperation.o Financial sustainability by earning revenue fromresearch use with permission.o Coexistence with institutions keeping their ownrecords.
Conclusions• On the eve of the Patient Protection and Affordable Care Act, the dynamic state of thehealthcare system in the United States requires the quick and cost-effective storage andtransfer of personal health data between multiple entities.• The implementation of novel systems, as well as theadherence to federal regulations will promote strategiesthat limit risks to privacy.• The evolution of technology and health informatics createdthe current concerns for health information privacy.• It will be developments within the field of healthinformatics that solve these concerns.
ReferencesAdler-Milstein J., Bates D.W., Jha A.K. (2011). A survey of health information exchange organizations in the United States: implications for meaningful use. Ann Intern Med, 154(10).Burr WE, Dodson DF, Polk WT. (2011). Information security. In: Electronic Authentication Guideline. National Institute of Standards and Technology (NIST) Special Publication 800-63.Caruso RD. (2003) Personal computer security: Part 1.Firewalls, antivirus software, and Internet security suites. Radiographics, 23, 1329–37.Cimino JJ. (2013) Improving the Electronic Health Record—Are Clinicians Getting What They Wished For?. JAMA, 309(10), 991-992.Cucoranu I.C., Parwani, A.V., West, A.J., Romero-Lauro, G., Nauman K., Carter, A.B., Balis, U.J., Tuthill, M.J., & Pantanowitz, L. (2013). Privacy and security of patient data in thepathology laboratory. Pathol Inform. 4, 4.Department of Veterans Affairs Office of Inspector General. (2006). Review of issues related to the loss of VA information involving the identity of millions of veterans. Retrieved fromhttp://www.va.gov/oig/apps/info/OversightReports.aspx?igRT=ai/&igPG=4.Halamka J.D., Mandl K.D., Tang P.C. (2008). Early experiences with personal health records. J Am Med Inform Assoc. 15(1), 1-7.HIT Standards Committee. (2009). Privacy and security standards applicable to ARRA requirements. Retrieved from http://healthit.hhs.gov.Kroll K. (2007). Fighting Fires In Data Centers. http://www.facilitiesnet.com . Retrieved from http://www.facilitiesnet.com/datacenters/article/Fighting-Fires-in-Data-Centers--6657.Ohno-Machado, L. (2013). Sharing data for the public good and protecting individual privacy: informatics solutions to combine different goals. J Am Med Inform Assoc, 20:1.Pitts SR. (2012). Higher-complexity ED billing codes—sicker patients, more intensive practice, or improper payments? N Engl J Med., 367(26), 2465-2467.Presidential Commission for the Study of Bioethical Issues. Privacy and Progress in Whole Genome Sequencing. Retrieved fromwww.bioethics.gov/cms/sites/default/files/PrivacyProgress508.pdf.Presidents Council of Advisors on Science and Technology. (2010) Realizing the Full Potential of Health Information Technology to Improve Healthcare for Americans: The PathForward. Washington, DC: Executive Office of the President, 40.Thompson C.A. (2005). Biometrics offers alternative to password entry. Am J Health Syst Pharm, 62, 1115–6.Yasnoff W.A., Sweeney L., Shortliffe E.H. (2013). Putting Health IT on the Path to Success. JAMA, 309(10), 989-990.