The idea of an Electronic Medical Record (EMR) the foundation stone of computerized medicine, offering health care professionals numerous possibilities such as the creation of diagnosis-support systems, conflicting drug detection, and the instantaneous transfer of records from one institution to another. However, EMRs have several hurdles to overcome before being implemented on a wide basis in today's medical world. Medical Informatics: Computer Applications in Health Care and Biomedicine lists four major recurring issues facing EMRs:
The focus of this page will be mainly on list item number two, as we survey some of the most common concerns raised about implementing EMRs on a large scale.
The Health Insurance Portability and Accountability Act of 1996 established, among other things, a list of confidentiality rights concerning an individual and his or her medical records, or "Protected Health Information (PHI)". Two notable rights granted under the Privacy Rule of HIPAA are:
The goal of data security in EMRs is to provide for these rights as well as conforming to the Hippocratic Oath.
The traditional paper-based medical record is considered by many to be old and outmoded for a variety of reasons, such as its relative ease to misplace or inadvertently destroy, the need to fax or mail it to another location and the time required to do that, as well as its tendency to be personal and customized to a particular physician, thus making it difficult to encode. While the EMR model satisfies most of these woes, it is not without its own issues. In some EMR models, the EMR itself is web-accessable, meaning records or even whole databases may be succeptible to virus corruption or software breaches. With an internet-transferrable medical record, it is possible for a malicious party to sell or alter thousands of people's health informations en masse - something nigh impossible to do with traditional records. In this fashion, the revenge of a disgruntled employee or nosiness of a third-party marketing firm can have much farther reaching effects. However, since the health and monetary savings of EMRs far outweigh the potential dangers, their implementation is necessary.
The solution to many of the security problems facing EMRs today can be found already solved, like internet protocols which support secure transfer of data between hosts (https, ssh, etc.) The reason for this is that, from a computer science perspective, EMRs are no different than other data being transferred across a network. Therefore, the problems associated with keeping the information secure are problems which were for the most part already in existence, and thus already countered.
Joe Fisher