You are here: UK Essays » Essays » Information Technology » Health Patient System

Cookie Information

Privacy Information

Health Patient System

In the health industry, the patient-doctor relationship is bound by trust - trust that has stemmed from a clause in the Hippocratic Oath: “All that may come to my knowledge in the exercise of my profession or in daily commerce with men, which ought not to be spread abroad, I will keep secret and will never reveal. (Hippocratic Oath, December 2006).

The cornerstone of a good patient record system, without regard to the storage medium used, is reliability and security. Medical records contain a large amount of sensitive personal information. This information is, broad, covering an extraordinary variety of detail, and with information technology it is more accessible than ever before. These records contain information that even has nonmedical use, and access to that information could be of interest to many parties. For this reason, patients tend to expect that their communications and records with the clinicians and other healthcare providers will remain confidential. Annas(1989) found that patients are not likely to disclose any intimate details freely unless they are certain that no one else, not directly involved in their care, will learn of them. This is the major fear that the health consumer today has with EPRs, as they may potentially be an impediment. The introduction of electronic patient records understandably raises issues about confidentiality, security and access.

Definition of confidentiality:

According to Medical Dictionary, confidentiality is the ethical principle or legal right that a physician or other health professional will hold secret all information relating to a patient, unless the patient gives consent permitting disclosure. Privacy is the main concern that health consumers are mainly worried about. Patients should have the right to decide whocan examine and alter what part of their medical records. Expectation of privacy allows trust and improves communication between the doctor and patients (Gostin L., 1997). Privacy' is a vaguely defined term that, in an online context, includes the right of an individual to determine what information is collected about them and how it is used.

The ethical duty of confidentiality is defined by the British Medical Association as `the principle of keeping secure and secret from others, information given by or about an individual in the course

of a professional relationship' British Medical Association (UK). In the UK the legal duty of confidentiality is underpinned by the Data Protection Act (1998).

Data Protection Act Principles:

Data Protection Act (1998) regulates the processing of information (`data') that could lead to the identification of individuals--including its collection, storage, and disclosure.

• fairly and lawfully processed

• processed for limited purposes

• adequate, relevant, and not excessive

• accurate

• kept for no longer than necessary

• processed in accordance with the data subject's rights

• secure

• not transferred to countries without adequate protection.

Personal data must be:

Confidentiality issues with regards to electronic patient records:

In 1995 the Louis Harris Poll found that 100% of Americans who were surveyed 74% expressed concern about the negative effects of a computer-based system. Their concerns were based mainly on privacy about their information (Givens, P., 1996). In 2005, the Harris Interactive survey found, almost 70% of individuals were worried that sensitive health information may leak due to weak data security (Westin, AF, 2007). The issues of privacy and security have been a major concern of consumers worldwide. These issues have limited the progress of EPRs and their uptake by consumers. Studies (Pyper C, 2004; Westin, AF, 2007) have shown that the health consumer believes that EPRs pose a problem when it comes to keeping their health information private and confidential.

Almost 70% of the individuals involved in the Harris Interactive survey were worried. The concerns included (Westin AF, 2007)

• Sharing of medical information without the consumer's knowledge;

• An increase in medical errors rather than a decrease with the use of computers;

• Reduction of any existing privacy rules; and

• Consumers not revealing all necessary information to their healthcare provider due to the fear of having their details being made available electronically.

Ryan and Boustead and Hunter showed, in their smaller studies, that the New Zealand health consumers have voiced similar concerns.

A cross-sectional survey (September-November 2005) was conducted in the 4 major cities in New Zealand. Participants were surveyed on computer use, knowledge of EPR-proposed benefits and issues, security issues, and demographics. A total of 300 surveys were completed and returned (a 75% response rate), with 180 (60%) being women. About 202 (73.3%) participants were highly concerned about the security and privacy of their health records. This feeling was further accentuated when participants were asked about security of electronic systems. Participants were worried about hackers (79.4%), vendor access (72.7%), and malicious software (68%).The results from this study indicated that the consumer is ready to accept the transition, as long as one can be assured of the security of the system.

The findings indicated that generally participants were concerned about their health information

Table 4

Participants' Concerns about the Confidentiality and Privacy of Their Health Records

(MedGenMed. Medscape, 2007.

Published online 2007 January 11)

The 2 main problems included vendor access to the system and the actions of hackers and crackers who might harm the system deliberately. When grouped into the categories of agree, neutral, and disagree, Figure 2 demonstrates the perception that all of the problems given will affect EHRs as well.

Figure

Graph illustrating participants' perceptions of problems that affect other electronic systems, and how they will affect electronic health records.

It indicates that 72.7% of participants believed that vendor access would be a real problem with EPRs, whereas 79.4% were worried about hackers. This fits in with the strong concern with regard to access that was found by the earlier question. Malicious software (68%) was also a concern by the participants. On the other hand, 56% and 53.6% believed that long-term accessibility and failure to back up would be a problem, indicating that the primary concern is with unregulated access to the system.

When informed about the various security mechanisms that might be implemented with EHRs, the results pointed out that if implemented then participants believed that EHRs would be more secure.In each case, over 80% of the respondents agreed that the security mechanism would make the EHR more secure.

Participants' Perceptions on Whether Security Would Increase If There Are Various Security Mechanisms in Place

(MedGenMed. Medscape, 2007

Published online 2007 January 11).

The biggest concern raised was about hackers. Overall, 79% of the participants of this study believed that hackers would pose a big problem for EHRs, whereas 61% of the participants who preferred the paper medium chose that medium because of their concern about hackers

Research was conducted in three early adopter primary care trusts in England wherethe Summary Care Record (SCR) and HealthSpace are being piloted. All were in areasof relative socioeconomic deprivation. The objective was to document the views of patients and the public towardsthe summary care record and HealthSpace (a personalhealth organiser accessible through the internet from whichpeople can view their SCR), with a particular focus on thosewith low health literacy, potentially stigmatising conditions,or difficulties accessing health care.103 semi structured individual interviews were taken and seven focusgroups.Individual participants were recruited from generalpractice surgeries, walk-in centres, out of hour's centres, andaccident and emergency departments. Participants in focus groupswere recruited through voluntary sector organisations; theycomprised advocates of vulnerable groups and advocates of peoplewho speak limited English; people with HIV; users of mentalhealth services; young adults; elderly people; and participantsof a drug rehabilitation programme. (Greenhalgh, 2008).Participants were asked if they had received informationabout the SCR and HealthSpace and about their views on sharedelectronic records in different circumstances.

The study showed that most commonly cited factor influencing the decision was personal experience. People who had had an adversedrug reaction, an episode of loss of consciousness, lost medicalrecords, or a "near miss" medical error, and those with seriousor complex health problems tended to view the EPR positively ("I suffer from these ministrokes, if I'm away on holiday and I had one of them,they would know exactly," older person in focus group). Thosewho had been the victim of mistaken identity (in the NHS oroutside it), an incorrect medical diagnosis, or identity fraud(such as stolen credit card) tended to be opposed to it. Also most of them feared malicious or inappropriate access of their health record. (Greenhalgh, 2008).

Even if the information recorded was confidential, one more major issue is the security of data which is considered next.

Data security and issues related to unauthorized access:

Data security continues to be an ongoing challenge. The growth of EPR creates new issues, as lapses in data security are increasingly being reported(CNN.com, 2006) Bergman(1994) found that politicians, consumer advocates, and the general public have voiced concerns about risks to the privacy and confidentiality of patient information. However, when compared with the security of the paper chart, the EPRs electronic audit trails and passwords actually improved internal security. Dassenko and Slowinski stated that each EPRs subsystem contains a user profile defining the organization, user name, title, job function, and work area. This information is used to determine what information can be accessed and for what patient populations an individual is authorized. In addition, Dassen and Slowinski (1995) reported that detailed records were created each time a user accesses certain categories of patient data, and that these access logs became part of a patient's permanent computer based record, thus ensuring a reasonable level of confidentiality and discouraging inappropriate use. The security system not only creates access trails, but also documents patient chart movement and print requests. (Kian.L, 1995).

The EMR may be more secure for internal breeches of confidentiality, but must also be protected from external breeches such as hackers, who could potentially enter the EMR from an off-site location and download volumes of confidential information. Firewalls and encryption software are methods used to protect patient data from these violators (Kendall, 1999).

No complex IT system is completely reliable and secure. Very well-argued books (Schneier, 2003) by Bruce Schneier provide much evidence of this. With NHS CRS security failures are more likely to be directly due to insiders than, for example, criminal hackers exploiting an insecure Internet connection, though the insider actions may well have been engineered by plausible outsiders.

The NCRS security plans rest on the use of such mechanisms as smart cards, role-based access control, and software-implemented 'sealed envelopes'. (Health Committee Report).

SMART CARDS:

Smart cards can be adequately secure for use in the NHS but with cards there is a risk of having cloned cards. The problems with smart cards in a healthcare setting are more to do with misuse - such as sharing of cards and carelessness with pin codes.

There was an incident reported regarding the accident and emergency department staff of NHS hospital who shared smart cards when faced with waits of a minute or more to access their software. (House of Commons Health Committee sixth report, 2007)The extent to which unauthorized smart card sharing can be avoided is greatly affected by the speed and convenience with which they can be used. The speed depends on the complexity of the checks that have to be carried out by the system, and the accessibility of the data that is to be checked.

ROLE BASED ACCESS CONTROL:

Role-based access control has proved adequate for maintaining privacy in modest-sized EPR systems (Denley and Smith, 1999). But it is practically impossible to have role-based access control in very large and heterogeneous organizations such as the NHS. If there were relatively few roles, and role changes, then the technical problems of managing roles, and of verifying that role assignments are in line with security policy requirements, would perhaps be manageable - but it is very doubtful that this would be the case in a huge system like the NHS CRS.

SEALED ENVELOPES:

This mechanism, which typically employs cryptographic techniques, ensures that information held 'within' the envelope cannot be accessed until the envelope has been 'unsealed', a carefully audited action that can only be carried out by authorized individuals. But the question is who is an authorized individual. The secondary uses services could use the information for research purposes claiming authorization.

ANONYMISATION:

Another security technology to be employed is 'anonymisation'. Given a database with identified patient information in it, and the wish to extract information (e.g., for statistical or research purposes, the so-called 'secondary uses' in NHS parlance) from this database that does not need to include patient identification, then there is a need to anonymise the information adequately if patient confidentiality is to be respected. This should not just be a case of omitting patients' names and full addresses, as it can be all too easy to identify an individual by pulling together separate apparently non-sensitive information about them via a set of carefully-crafted searches. Complete anonymisation is exceedingly difficult which again causes a hindrance for the implementation of electronic patient records in the secondary uses service.

Most security failures are not due to inadequacies in the security mechanisms employed, but to failures (such as software bugs) in the IT system in which they are employed, or through the actions of people involved with the system, and that such failures are unavoidable, and so must be coped with.(Anderson,1994).

It is clearly evident that confidentiality and data security issues go hand in hand.

Donohue who reported that 60% of health consumers would be willing to go down the electronic route if their privacy and confidentiality can be ensured through stringent security measures.( Donohue, K, 2007)

The results have shown that EPRs do have an area that needs to be addressed before such records can be accepted by the health consumer. User acceptance of technology is important in any field, and more so in the health sector. The push toward consumer health informatics and the increased influence of information technology (IT) in the health sector are 2 reasons why the user acceptance is very important for the EHR system to be successful. This fits in with the model suggested by Venkatesh and colleagues. Health consumers' reactions to EPRs will improve once the consumers have actually used the electronic system. In order to be persuaded to use the technology, the health consumer needs to be assured that the technology is secure in every manner, from its physical operation to the way that it handles information.

Figure illustrates this model adapted to fit the EHR scenario.

Figure 3

(User acceptance model of electronic health records. Adapted from Venkatesh (2003) and colleagues ('Morris MG, Davis GB, Davis FD).

This study has highlighted the fact that security, privacy, and confidentiality are the major concerns connected to health information. These concerns are further heightened when a traditional paper-based record is transferred to the electronic medium. They become the major barrier to the health consumer's acceptance of the move to the EHR system. If the system is not accepted by the health consumer, it will not serve the purpose for which it has been established.

Financial issues:

“At a time when healthcare organizations need to reduce their costs, allocating capital to information systems is still a challenge” (Dick, Steen, and Detmer, 2003). The start up costs is quite excessive for nationwide implementation of electronic patient records. According to the National Audit Office, spending on the giant NHS CRS modernization project is likely to reach 12.4 billion pounds by 2014( National Audit Office). On 30 May 2006, the Minister of State for Reform (Lord Warner of Brockley) was reported in the media as having said that the full cost of the programme was likely to be nearer 20 billion pounds. (National Audit Office)

First of all, cost has kept organizations from implementing CPR systems. These costs can be organized into the following categories: software, hardware, infrastructure development and maintenance, implementation, education, planning, and administration. Software costs include development or purchase, maintenance, and upgrades over time, while hardware costs include purchase of workstations.2, 12, 24, 31. Infrastructure development and maintenance costs include servers, interfaces, workstations, network cables; network maintenance, and help desk operations.24, 31 Planning costs include development of an implementation plan, identifying measurable outcomes, and choosing meaningful metrics and goals. Administrative costs include time and commitment to make the project succeed and ensuring that the EPR product meets credentialing requirements.12, 24, 31

Implementation costs include:

• training

• overtime associated with entering patient data,

• business disruption during transition

• employee resistance to change,

• and lost productivity.

Return on investment:

Institutions have not been able to produce the ROI promised by vendors. Many factors that have been figured in vendors' ROI are dependent on difficult-to-change processes like point-of-care nursing documentation, physician order entry, and structured physician progress notes.8 ROI is difficult to calculate because each organization has its own business objectives and many of the benefits are qualitative rather than quantitative.15 It is also difficult to establish the baseline costs of doing business manually to compare to the post-CPR implementation data.

Technical issues:

• uncertain quality

• functionality

• ease of use

• lack of integration with other applications,

Resources issues:

• training and re-training

• resistance by potential users

• implied changes in working practices.

Technical knowledge an important requirement:

Another disadvantage to an EHR is that there is a substantial learning curve and it is helpful if the users have some type of technical knowledge. Today, clinicians are the primary users of EHRs as opposed to the main users of the past, which where clerks. One of the more challenging issues confronting EHRs is the fact that “physicians must be the users of the system, performing data entry (e.g., orders, progress notes) as well as information retrieval, if they are to realize the benefits of interactive on-line decision support” (Dick, Steen, and Detmer 12). Young recognizes that “usability” can be a major obstacle affecting the implementation of an EHR. The designers of EHR systems have only just begun to consider the needs of the users. There must be tools to enable the clinicians to “retrieve and understand data relevant to their decision-making tasks” (Young 106). In other words, systems must be user friendly; otherwise these systems will not be easily accepted, nor will they be used to their fullest capacity. Clinicians soon realize the benefits of instantaneous outcome tracking and reporting capabilities” (Wellen, Bouchard, and Houston) while putting down the pen and picking up the mouse involves a cultural shift.

Awareness of the system:

It was found that, although the technology supported simple information requirements, complex coordination, collaboration and awareness issues were left unsupported (Broome and Adams, 2005). And a study in the context of UK psychiatric healthcare services revealed 'important discrepancies between the assumptions of the role of the [EPR] and the ways that healthcare professionals actually use and communicate information within the particular work setting studied' (Hartswood et al., 2003). To quote another study (Adams et al., 2005): Random deployment of technology within communities, with poor design and support, is perceived by many as complex, inappropriate for their needs and a threat to current roles and practices, including the maintenance of clinician-patient relationships.

Other perceived barriers by people:

A research article published in the British medical journal shows various kinds of tensions that people have when asked to register for electronic medical records. (Greenhalgh, 2008). Research was conducted to find out attitudes of people towards summary care record in England. This research looks at certain specific issues that people are concerned about when having an electronic patient record.

IMPACT OF STIGMATIZING ILLNESS:

Many participants assumed that someone with a potentiallystigmatizing condition would not want an SCR. The idea of a "virtual sealed envelope" for sensitiveinformation was viewed positively by only some participants in thefocus group (who cited sexually transmitted diseases or terminationof pregnancy as examples of things people would want to keepprivate) but negatively by others. Mental health service usersand those on a drug rehabilitation programme, for example, expressedconcern that doctors might get a distorted picture of theirhealth needs if key information was missing, or assume a morestigmatizing diagnosis than the one that was "sealed" Some but notall people with HIV thought that their status was nothingto be ashamed of and that seeking to hide it in a "sealed envelope"would add to the stigma.

Decreases access to health care for vulnerable groups:

Advocates of people with limited spoken English said that theEPR might make it easier for disempowered minority ethnic groupsto access and register with a new general practitioner as somegeneral practitioners were (allegedly) known to use lack ofthe proper paperwork (such as proof of identity) as a reasonnot to register a patient..They also thought that the presenceof an SCR would enable an unscrupulous general practitionerto preview someone's record before accepting them andselectively turn away those with complex, expensive to treat,or poorly controlled diseases. Participants in several focusgroups suggested that once the SCR was introduced nationally,illegal immigrants might "go underground" rather than seek health care.

Increases prejudice:

Many participants were concerned that a diagnosison the SCR might lend false objectivity to impressionistic orone off assessments, especially of a person's mental state,thereby coloring the judgment of others in the future.

Effect on clinician patient trust relationship:

A positive attitude towards the SCR was often linked to impliedtrust in the honesty and motives of NHS staff. In situations where trust in the clinician was low, the SCRand HealthSpace were seen as potentially able to legitimize thepatient's account of reality. For example, some patientshoped to use these technologies to "prove" that they had genuinelybeen ill on a previous occasion or were really taking the tabletsthey claimed to be taking. Where trust was high, access to one'smedical record was viewed as unnecessary and even undesirable.At one general practice, for example, there was strong resistanceto the idea of HealthSpace as patients seemed to think thatthis would undermine their good relationship with surgery staff("It's a terrific surgery so there's no need forsomething like HealthSpace," individual participant).

Some participants (especially mental health service users) thoughtthat NHS staff had dismissive attitudes towards them, and somehad little confidence that the SCR would be used as intended.Trust (or lack of trust) in a member of NHS staff seemed tobe a feature of the relationship with a particular individualrather than of that person's formal role or job status)and seemed to be closely linked to continuity of care ("I'mperfectly happy for anybody at my doctor's to look atmy records because I know everybody at my doctors. I'mmore happy for them to have my files, but anybody else, no,"participant in drug rehabilitation focus group). Most participants,particularly those with chronic illnesses, wanted to have anSCR but also wanted to control who had access to it at the pointof care.

The state as protector or exploiter of the citizen's data:

Not a single participant thoughtthat these measures would guarantee the security of their data,most feared a small risk of identity fraud, disclosure,or blackmail. Around one in 12 people thought that the SCR was a bad idea"on principle," viewed the intention to create one as an infringementof their rights, and drew explicit parallels with governmentplans to introduce identity cards and the clamp down on socialsecurity fraud (which some saw as covertly linked to the SCR).Some were concerned that once consent for an SCR had been given,pressure would build from a host of public and private sectororganisations to access the data, and the unscrupulous governmentwould soon be tempted to make money from a range of secondaryuses.

Themes raised in focus groups (seven groups, 67 participants)

• Createsa route for hackers to access the SCR

• Not fit for purpose—couldjust as easily write personal health data down in a book orkeep a file on a personal computer

• A person's medicalrecord could be accessed by a partner without their full consentif they were in a coercive domestic relationship

• Registrationprocess is complex and requires high IT literacy; this willdiscriminate against people with low literacy and those whoare dyslexic

• Registration process requires a consistent dateof birth, consistently spelt surname, and three pieces of identification—forexample, utility bill, driving license; refugees and asylumseekers might not have these documents and might use differentspellings of their surname.

Networking the computers that create these records makes tremendous health care sense, but the pipe flows both ways the door that lets information out can also let unwanted visitors in. "In the past, when information sat in file cabinets or on very local computer networks, the range of unauthorized activity was relatively limited," she explained. "But when you're talking about an information highway that connects the entire world, this magnifies things considerably." Hackers aside, the other threats involve authorized personnel using their access inappropriately. Seaton said this is the biggest threat to Electronic health records. The problem is the people. The teenage computer hacker, he said, is only one of five different threats to computer systems. Others are unauthorized modification of information, actual theft of information, the destruction of information with a computer virus, or access interruption.

Solutions:

'A complex system that works is invariably found to have evolved from a simple system that worked' (Gall, 1975).The widespread adoption of patient controlled health records that are proposed will depend on solutions being found to severalchallenging technical and policy issues.

BACK UP PROCEDURES:

There is a need to developacceptable procedures for backing up data, anticipating recoveryin case of disasters, agreeing on whether emergency overridesof patient's policies are ever acceptable, whether it is possibleto retract access to data once it has been given, who is trustedto conduct audits and what rights they have to sanction violatorsof policy, and many otherprocedures.(Kenneth D Mandl, 2001)

NEED TO DEVELOP COMMON STANDARDS:

The immediatepriority is to ensure that electronic records are fit for thepurposes for which they are used. As the authors argue, commoncommunication protocols and message formats based on publiclyavailable standards are a prerequisite for any further progressin electronic patientrecords (Kenneth D Mandl, 2001).

TIGHT SECURITY CONTROLS:

There are several security technologies available that will help prevent unauthorized access to protected health information. Some of these technologies include firewalls, passwords and “properly designed and monitored audit trails can enhance user accountability by detecting and recording unauthorized access to confidential information” (Dick, Steen, and Detmer 14). System designs must consider how individually identifiable medical information will be protected and also meet regulatory requirements. “Whereas stringent security measures should be applied to protect the confidentiality of patient information, it is also in the patient's best interest for the [EHR] to be accessible for appropriate, legitimate uses by authorized users” (Dick, Steen, and Detmer 15). . “Laws must not be so stringent as to prohibit access to those with a legitimate right to information” (Young 107).

When health care institutions of any size develop information systems, he said, they must address all these issues. Staff policies and procedures to protect patient information should be part of every health-service enterprise, no matter how small, the committee concluded, and security measures, both for facilities (such as proper locks) and people (such as identification badges) should be instituted. Computers and networks should be tightly controlled, and software measures such as passwords and encryption keys should be used. Finally, there should be stringent ramifications for any breach of security. If a doctor is the only one authorized to copy information from a health database but gives the password to a secretary that is a breach of security. Respecting patients' privacy must be given as high a priority as seeing the records in the first place. (Michael O Reilly)

(CANADIAN MEDICAL ASSOCIATION JOURNAL, JULY 1995)

Reliability and security, and hence safety and privacy, are 'weakest link' properties. The larger the system, the more people involved, the easier it will be, for example, for an unscrupulous reporter or private investigator to find a weak link in the form of a legitimate user who can be fooled into committing, or bribed to commit, an act which will breach the system's privacy rules. (An experiment some years ago at the North Yorkshire Health Authority showed that about 30 phone calls were received each week attempting to trick staff into revealing confidential information (HC, 2006)

If security controls are too time-consuming they will be evaded, as exemplified by the recent case of smart-card sharing in response to excessively slow logging-in procedures at the South Warwickshire General Hospitals Trust (Collins, 2006).

There needs to be a statement of the 'guaranteed' reliability and security levels of the various technical services to be provided to users by the NPfIT system, for example, concerning the possibility of confidential information being widely leaked from EPRs, of EPR data being corrupted or lost, or of access to EPRs being unavailable for unacceptably long periods. System reliability and security specifications, like the functional specifications, will need agreed amendment from time to time. Such specifications are as necessary at each stage of an evolutionary system procurement process as they are in situations where the (usually misguided) aim is to produce a complete system specification ab initio (i.e., one that it is assumed will guide the rest of a huge and lengthy development project).

Mandl and colleagues address the question of privacy by proposing a personal health record controlled by patients themselves.Data protection legislation in Europe⁽Council of Europe, 1981) and the Caldicott report'sguidelines for the NHS⁽Department of Health., 1997) differ from the rules applicable inthe United States, but the need for a balance between privacyand legitimate demands for information is international. Patients'control of records solves some problems but may prevent professionalsfrom accessing the information they need in order to fulfil, orshow that they have fulfilled, theirresponsibilities

Like safety issues, privacy issues, such as the confidentiality of patient records, require the combined efforts of two types of expert - experts in the law, medical ethics, public policy, etc. on the one hand, and IT experts on the other, in order to determine the system requirements. The role of the IT experts will centre on explaining the possible privacy-related implications of both the chosen functional requirements placed on the IT system (e.g., whether the system has adequate provisions for protecting patient identities), and of the possible failures of the system (e.g., the likelihood of accidental or deliberate leaking of potentially compromising information about a celebrity and the possibility of sabotage by disaffected individuals).

:

Given that complex IT systems will invariably fail on occasion, it is critical in determining what services are to be provided by a system to consider how the surrounding organisation will manage to cope when the system fails (Schneier, 2000). For example, since EPRs will certainly be leaked and patient confidentiality breached on occasion, and possibly on a grand scale, it is vital to have procedures in place beforehand by means of which victims can gain prompt redress, and those responsible can be traced and penalised. (Unfortunately the Caldicott Guardian scheme (Department of Health (DoH), 2007), which might be assumed deals with such matters, is such that security breaches are not reported to patients, but only to the relevant Caldicott Guardians, and who I am told have much responsibility but little power.)

Similarly, there need to be robust plans about what to do if and when EPRs, or other critical patient records, become inaccessible for an undue period or data are lost (as has happened recently at the Nuffield Orthopaedic Centre (Bowers, 2006), and in Milton Keynes General Hospital (Gibson, 2007) for example).

For example, it has been reported that the recent failure at CSC's Maidstone data centre left clinicians throughout the West Midlands and the North-West without access to their patients' computer records for the entire 2-day outage (e-Health, 2007c). (It is worth pointing out that each LSP is intended to have responsibility for patient numbers that are comparable to the populations of various medium-sized European Union member states!) Centralised back-up facilities, for example, could be very valuable, especially if the backed-up data are encrypted, and all the key holders can be trusted. One further point - safety considerations indicate a need to design systems in such a way as to ensure (or at least to encourage) high data quality. The best way to do this is to arrange that EPRs be updated as an immediate by-product of clinical activities, so that these activities can directly benefit from such data capture, for example, through the immediate detection of prescription errors.

To sum up, a very good summary of the fundamental security dilemma facing NPfIT is that one can (with difficulty) achieve any two of (a) high security, (b) sophisticated functionality, and (c) great scale - but achieving all three is currently (and may well remain) beyond the state of the art.

Achieving public trust and confidence:

The general public needs to trust not just the IT systems, but also the medical staff or government officials (present and future) who control them. In particular, they need to be confident that the information that is collected about them, especially if it is gathered together into what is in effect one huge data repository, is not misused. The public thus needs believable reassurances concerning what other systems (inside and outside the NHS) will be allowed to have access to the national summary care record service, and what other systems will have access to the full care records hosted by LSPs, under what legal controls.

NEED FOR STANDARD TERMINOLOGY:

Another obstacle which Young states as being a problem for the implementation of an EHR is “one of the overarching issues is lack of a common vision for and lack of definition of the EHR” (106). There are several various terms associated with an HER “each indicating a specific vision that differs from others” (Waegemann 3). Since there are multiple interpretations of what exactly an EHR is, and what the EHR requirements are, users are unable to identify their current and future needs. “Without a clear understanding, users have a difficult time selecting systems that will meet their needs and vendors have difficulty supplying such systems” (Dick, Steen, and Detmer 11). Organizations however, are currently in a difficult position, they must be careful not to choose a short-term, limited-ability system because it would then be difficult to move towards a global system. However, such “global” systems are really not available yet.

Another enormous obstacle in the implementation of an EHR is the “lack of standardized terminology, system architecture, and indexing” (Young 106). In order for an EHR to be shared, not only must there be a standard language developed, but a unique health identifier must also be developed. Today there are many vendors with just as many software applications. Data cannot be shared unless a gooey interface is written, and unfortunately these interfaces are not always accurate or dependable. “By adding a standard EHR platform, clinicians will be able to use a range of best-of-breed clinical applications which all share a common standard EHR architecture” (Schloeffel et al. 3). When a standard language is developed systems will then have greater flexibility and will have capacity for the diverse requirements of the different healthcare disciplines. “Although there has been progress in developing individual coding standards for data elements, none has emerged as a comprehensive standard” (Dick, Steen, and Detmer 13).

Physicians must also feel very content with the standard language otherwise they will not use it for entering data. Since the ultimate goal of an EHR is to have the ability to share the record, not only with other facilities and physicians, but also worldwide, a unique health identifier is required. Leadership is key with this issue. “Until standards exist for uniquely identifying individuals and coding and exchanging health data, the value from capturing and aggregating data will go unrealized and each organization will be its own pioneer” (Dick, Steen, and Detmer 14).

Conclusion:

“The EHR provides the essential infrastructure required to enable the adoption and effective use of new healthcare modalities and information management tools such as integrated care, evidenced-based medicine, computer-based decision support, care planning and pathways, and outcomes analysis” (Schloefell et al. 2). Although the benefits that support implementation of an EHR are clear, there are still barriers too, therefore the concept is still not accepted. “However, this could also be said of almost every other area of positive change and improvement within healthcare systems (Schloefell et al. 9). There must be more involvement by the government and the private sector “to make changes where possible to instigate, motivate, and provide incentives to accelerate the development of solutions to overcome the barriers” (Young 109). There are many factors that must be considered before an organization should implement an EHR. The organization must first obtain as much information as possible about this new concept, and then the information must be carefully reviewed and the pros and cons discussed. Only then should the organization make their decision about this very

important issue. “The [EHR] as a part of a Clinical Information System (CIS) is a powerful tool which ties together documentation of the patient visit (clinical information), coding (diagnosis, and treatment procedures), which then translates into more accurate billing processes, reduces reprocessing of medical claims, and that translates into increased customer satisfaction with a provider” (Koeller 12). Although the technology is available, progress towards an EHR has been slower then expected. “Widespread use of [EHRs] would serve both private-and public-sector objectives to transform healthcare delivery in the United States” […] ERHs would also “enhance the health of citizens and reduce the costs of care” (Dick, Steen, and Detmer 17).

To attain the wide accessibility, efficiency, patient safety and cost savings promised by EMR, older paper medical records ideally should be incorporated into the patient's record. The digital scanning process involved in conversion of these physical records to EMR is an expensive, time-consuming process, which must be done to exacting standards to ensure exact capture of the content. Because many of these records different healthcare professionals over the life span of the patient, some of the content is illegible following conversion. The material may exist in any number of formats, sizes, media types and qualities, which further complicates accurate conversion. In addition, the destruction of original healthcare records must be done in a way that ensures that they are completely and confidentially destroyed. Results of scanned records are not always usable; medical surveys found that 22-25% of physicians are much less satisfied with the use of scanned document images than that of regular electronic data.^[8]

Hallvard Lærum, MD, Tom H. Karlsen, MD, and Arild Faxvaag, MD, PhD (2003). "Effects of Scanning and Eliminating Paper-based Medical Records on Hospital Physicians' Clinical Work Practice". Journal of the American Medical Informatics Association 10: 588-595. doi:10.1197/jamia.M1337. PMID 12925550. Retrieved on 2006-07-30.

Sign up and be the first to receive our latest offers: