Some Have Privacy Concerns with Electronic Health Records

20 Sep

There are many reasons to advocate the transfer to electronic medical records. It has cost saving benefits and even can help improve the quality of care patients receive. However, if there is an improvement that needs to be addressed, it may be the privacy issues, something that opponents of electronic records often point out.

Veriphyr, a Los Altos, California-based identity and access intelligence solutions provider, conducted a survey of 90 healthcare IT managers. What they found should be a concern EHR proponent and opponents alike.

According to the survey, over 70 percent of healthcare organizations reported a breach of personal health information over the preceding 12 months. Most of these breaches were committed by nosy employees: 35 percent looked at the medical records of their co-workers and 27 percent accessed records of friends and relatives.

“While the loss of patient data on hard drives and USB sticks gets a lot of coverage, the top concern of compliance officers is the few employees who misuse the legitimate access to snoop on patient data,” says Alan Norquist, CEO of Veriphyr.

Norquist suggests that the focus on resolving the privacy problem should not be on digital security as much as tools that monitor who accesses the files. He goes on to suggest that healthcare organizations need identity and access intelligence tools that can monitor logs of employee access to patient data.

His reasoning is sound, because he points out that the main problem is not deviant outsiders hacking into the system, rather it’s employees who have access to the records.

“The problem is not authentication to keep the bad guys out, but monitoring the employees who have almost unrestricted access to patients’ data. The reason this data is greatly unrestricted is because in a life or death situation you would not want to prevent a doctor or nurse from getting the patient data they need right away,” says Norquist.