Hello everyone,
This month's topic is such a meaty one, I'm gonna bypass the formalities and just jump right in, concentrating on the unauthorized access to medical files; we'll cover the so-called "acts of God" at another time.
Firstly, a couple of questions: do you use Internet banking? Do you interact with the Canada Revenue Agency (CRA) for such purposes as "Netfiling" your taxes?
Well, before you answer, I'd like to comment that if you're like the general population, these tools are lifesavers -- just imagine you now have the option/capability to file your taxes dressed in your jammies with your favorite cup of brew at 23:30 on April 29th/30th -- no pressure!
Or, you're on vacation in St. Kitts (West Indies) and there's a bill you forgot to pay before you left home; if you're like me and hate paying interest unless absolutely necessary, you'll soon be making your way to an Internet kiosk...
Many people I've spoken to with regards to e-Health security express a concern that hackers may be able to access their medical files; personally, if someone is able to see that I have a million dollars in my bank account, that wouldn't bother me much since knowing doesn't make him/her a better/richer person; similarly, if someone was to get access to my health file and learn that I had a serious itch that required monthly prescription renewals, the same would apply.
What would keep me up at nights would be learning that hackers had the capability to dip into my money, or alter my prescriptions to the detriment of my health.
However, I can appreciate that privacy is everything to some, but in reality, is the current paper file methodology we use today any more secure? I would argue not!
Let's explore this:
say for example, Dr. X has a very busy practise; it's summer time and a couple of med students or other appropriate part-timers are hired on to help.
What's to prevent the latter from occasionally taking a peek at your file? How would you know if they did? Suppose they knew you personally?
Fast forward to e-Health -- Dr. X has implemented an Electronic Medical Record (EMR) system and as part of their employment contract, staff are required to access patients' files on a "need-to-know" basis only; with the proper controls in place, an auditor should be able to produce a report showing who did what and when (remember when the IRS fired employees for snooping? =>: http://www.wired.com/threatlevel/2008/05/five-irs-employ/) -- try that with paper records!
In reality, nothing's 100% secure, however, laws are in place that can serve to punish those who circumvent the privacy of others for their own selfish purposes. The problem with our current paper system is that it's virtually impossible to police these laws!
As I've stated previously, if our EMR/EHR systems are implemented with the same type of rock-solid security that we see in our banking and the various Government web sites, we should be well on our way towards a much more efficient health system.
Well, that's it for now; next month we'll be discussing the ways that EMR/EHR systems are becoming personalized (Personal Health Record -- PHR) -- you'll be amazed at what's in store!
Also, to perk things up a bit, I'll be introducing a "where-am-I" picture campaign; if you can correctly guess where the blog picture was taken, I'll send you a prize.
So until then, go boldly forth, remembering to stay aware of your surroundings.
Ernest A. James
President/CEO
Regal Informatics Inc.
No comments:
Post a Comment