Security and confidentiality of health information systems: implications for physicians. (Surfing the Information Technology Wave).THE HEALTH INFORMATION SYSTEMS MARKETPLACE is rapidly changing. Whereas the first phase largely targeted developing integrated delivery systems integrated delivery system Integrated provider Medical practice A coordinated health care system formed by physician groups and hospitals which ↑ efficiency and ↓ redundancy in providing health care; IDSs coordinate delivery of a broad range of health and reducing costs, the focus for competitive survival is quickly expanding to include the quality of care that is provided. Both individual physicians and integrated networks have recognized that rapidly adopting and deploying a new generation of information systems will be essential to remain competitive in a quality conscious environment. Clinicians today are forced to evolve and learn essential computer skills and understand system dynamics System dynamics is an approach to understanding the behaviour of complex systems over time. It deals with internal feedback loops and time delays that affect the behaviour of the entire system. . By understanding the technology, where best to obtain it, and the implications of connectivity, they are becoming a valuable resource to patients, payers, and the entire health care system. These systems enable physicians to document patient encounters and aggregate the information from the population they treat, while capturing detailed data on chronic medical conditions See carpal tunnel syndrome, computer vision syndrome, dry eyes and deep vein thrombosis. , medications, treatment plans, risk factors, severity of conditions, and health care resource utilization and management. Today, the knowledge-based health information systems (KBHIS) should offer instant, around-the-clock access for the provider, support simple order entry, facilitate data capture and retrieval, and provide eligibility verification, electronic authentication Electronic authentication (E-authentication) is the process of establishing confidence in user identities electronically presented to an information system. E-authentication presents a technical challenge when this process involves the remote authentication of individual people , prescription writing, security, and reporting that benchmarks outcomes management based upon clinical/financial decisions and treatment plans. They should also support claims adjudication/financial services and document imaging with combined text, voice, data, and image capability. The systems are instrumental for implementing statistical controls in health care, both as tools and as measures of meaningful TQM/CQI. Finally, enterprise-wide implementation of these systems significantly contributes to reductions in liability and proactive loss avoidance. The computerized patient record (CPR Cardiopulmonary Resuscitation (CPR) Definition Cardiopulmonary resuscitation (CPR) is a procedure to support and maintain breathing and circulation for a person who has stopped breathing (respiratory arrest) and/or whose heart has stopped (cardiac ) collects data across multiple episodes of care and facilitates data collection, presentation, and analysis through a clinical workstation. It is an integral part of any knowledge-based health information system to incorporate and integrate transactional (financial/administrative) information, as well as analytical (clinical/medical) data in a user-friendly, readily accessible, and secure form. Obstacles on the way to the Promised Land A survey at a 1997 Healthcare Information Management Systems Society (HIMSS HIMSS Healthcare Information and Management Systems Society ) conference included about 1,500 physicians, health care executives, and information specialists. Twenty-five percent of survey participants identified the physician's office as the department most in need of computer technology. Fifty-five percent predicted clinical solutions will be their primary focus as they apply such technology. At the same time, more than a third described their investment in computer-based patient records computer-based patient record Electronic medical record Health informatics A 'personal health library' providing access to all resources on a Pt's health history and insurance information as "significant,' up from 29 percent last year. Another 18 percent have a plan to implement such a system, and 18 percent are evaluating the technology. Unfortunately, there are technical, financial, logistical, and behavioral obstacles on the way to the Promised Land. When a new mother comes home from the hospital, the pile of mail awaiting her about cribs, formulas, diaper services, and the "New Mommy" classes can easily outweigh her bundle of joy. Let's take a quick look at what circumstances or events made the infant industry so frighteningly efficient. Access to personal, identifiable health data In the 1930s, state-of-the-art data processing data processing or information processing, operations (e.g., handling, merging, sorting, and computing) performed upon data in accordance with strictly defined procedures, such as recording and summarizing the financial transactions of a technology consisted of machines for storing punched cards with 60 to 80 different categories being tabulated. The German National Socialist Adj. 1. national socialist - relating to a form of socialism; "the national socialist party came to power in Germany in 1933" Nazi regime employed thousands of people to record national census data Onto Hollerith punched cards. Information collected by the Hollerith machines manufactured by DEHOMAG DEHOMAG Deutsche Hollerith-Maschinen Gesellschaft mbH was submitted to police stations and local statistical and registry offices. Detailed personal and genealogical data were compiled from tax records, insurance data, employment records, and, ostensibly os·ten·si·ble adj. Represented or appearing as such; ostensive: His ostensible purpose was charity, but his real goal was popularity. , confidential census returns. Popular compliance was promoted by a wide variety of educational and propaganda publications. Initially, few officials and even fewer citizens realized the broader ramifications ramifications npl → Auswirkungen pl or connections between data collected by government bureaucrats and the implications of mass murder after 1939. Locating the victims--Jews, Gypsies, disabled persons, and others--was the first step. In recent testimony before the National Committee on Vital and Health Statistics, Subcommittee on Privacy and Confidentiality, John E. Hartwig, deputy inspector general, said that oversight of health care practitioners and institutions to combat fraud and abuse is not possible without access to personal, identifiable health data. He believes that since it is illegal for any government employee to sell the information, there have been no large scale abuses by law enforcement agencies A law enforcement agency (LEA) is a term used to describe any agency which enforces the law. This may be a local or state police, federal agencies such as the Federal Bureau of Investigation (FBI) or the Drug Enforcement Administration (DEA). . It is also illegal for employees of the IRS An abbreviation for the Internal Revenue Service, a federal agency charged with the responsibility of administering and enforcing internal revenue laws. and Social Security Administration to sell information in agency files. However, many employees within these agencies were caught looking into files and selling personal information. IRS employees have been caught snooping on a number of celebrities and high-profile individuals, such as Dolly Parton par·ton n. Any of the point particles believed to be a constituent of hadrons, now known as quarks. No longer in technical use. [part(icle) + -on1.] and President Clinton. During a recent crackdown on employees browsing through tax returns, the IRS fired 23 employees, disciplined 349 others, and counseled an additional 472 for accessing confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead without authorization. This internal investigation and the outcome probably represents only the tip of the iceberg tip of the iceberg n. pl. tips of the iceberg A small evident part or aspect of something largely hidden: afraid that these few reported cases of the disease might only be the tip of the iceberg. , because civil service protections make it extremely difficult for the IRS to fire an employee. In addition, the recent Social Security Administration Web site fiasco explains why consumer advocacy groups argue that it's relatively easy to find out a person's social security number, and that using it as a patient identifier would threaten the privacy of computerized medical records. Bill Braithwaite, who is spearheading the HHS's efforts to carry out mandates of the Kassebaum-Kennedy act, says they have hired a private contractor to review about 10 options involving using the social security number as a patient identifier. Despite these expensive efforts, he concedes that the issue might wind up in the laps of Congress to decide, because of its political sensitivity. Protecting patient privacy A recent report from a National Research Council committee urges assigning every employee in a health care organization a unique identifier With reference to a given (possibly implicit) set of objects, a unique identifier is any identifier which is guaranteed to be unique among all identifiers used for those objects and for a specific purpose. for logging onto the information system. It requires that organizations maintain audit trails that document internal access to clinical information, limit unauthorized system access, and plan for providing basic system functions in case of emergency. It advocates encrypting all patient information before transmitting it over public networks, including the Internet. It supports establishing organizational accountability to develop and revise policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental for protecting patient privacy. It also urges developing clear company sanctions for breaches of patient confidentiality patient confidentiality Medical practice A Pt's right to privacy and freedom from public dissemination of information that the Pt regards as being of a personal nature. See HIPAA, Medical privacy. and enabling patients to request audits of their CPR to determine when the records were accessed and by whom. The report calls for establishing a new organization that would share computer threats within the health care industry, similar to the computer emergency response team at Carnegie Mellon University Carnegie Mellon University, at Pittsburgh, Pa.; est. 1967 through the merger of the Carnegie Institute of Technology (founded 1900, opened 1905) and the Mellon Institute of Industrial Research (founded 1913). that oversees the Internet. In testimony before the National Committee on Vital and Health Statistics, Subcommittee on Privacy and Confidentiality, Denise Nagel, MD, representing the National Coalition for Patient Rights and the Association of American Physicians and Surgeons The Association of American Physicians and Surgeons (AAPS) is a politically conservative association of physicians, medical professionals and students, patients and others,[1] founded in 1943. , stated that the only true protection to the patient is to keep sensitive medical information out of the networked computer in the first place. The Medical Records Confidentiality Act of 1995 did not go far enough, since it contains many exemptions to prohibitions against transmitting patient identifiable information. It actually encouraged developing huge medical databases for the purpose of further disseminating identifiable information, although nowhere in the bill are these databases sanctioned. The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when of 1996 (a.k.a. the Kassebaum-Kennedy) requires the federal government to set standards for protecting electronic medical records by February 1998 and to be enacted by Congress by August 1999. If Congress fails to act, the Secretary of Health and Human Services Noun 1. Secretary of Health and Human Services - the person who holds the secretaryship of the Department of Health and Human Services; "the first Secretary of Health and Human Services was Patricia Roberts Harris who was appointed by Carter" must draft regulations to take effect in the year 2000. Active legislative issue In 1996 alone, there were more than 100 privacy-related pieces of legislation introduced, and 40 states have looked into one or more aspects of these issues. The bills have addressed patients' access to their medical records, confidentiality rights, disclosure and authorization, health databases and registers, and comprehensive health information privacy laws Information privacy laws cover the protection of information on private individuals from intentional or unintentional disclosure of misuse. The European Directive on Protection of Personal Data, released on July 25, 1995 was an attempt to unify the laws on data protection within . In California, for example, Section 56 of the state civil code authorizes companies to access medical records of their employees if they can show that they need the information to make medical insurance contributions. A major loophole in that law, that I describe as "reverse consent," allows hospitals and other health care facilities to release medical records unless the patient has specifically forbidden such release in writing. In 1997, The 75th Texas Legislature The Texas Legislature is the state legislature of the U.S. state of Texas. The legislature meets at the Texas State Capitol in Austin. In Texas, the Legislature is considered the most powerful branch of state government because of its aggressive use of the power of the purse to passed a bill by Senator Frank Madia that will allow hospitals to release directory information--things like nature of disease or injury and city of residence--without written authorization, unless the patient requests otherwise. It also passed a bill introduced by Senator David Sibley David Sibley may refer to :
HMO n. A corporation that is financed by insurance premiums and has member physicians and professional staff who provide curative and preventive medicine within certain financial, denied or delayed approval for necessary medical treatment. Furthermore, under the Employee Retirement Income Security Act The Employee Retirement Income Security Act of 1974 (ERISA), 29 U.S.C.A. § 1001 et seq. (1974), is a federal law that sets minimum standards for most voluntarily established Pension and health plans in private industry to provide protection for individuals enrolled in these plans. of 1974, (ERISA See Employee Retirement Income Security Act. ERISA See Employee Retirement Income Security Act (ERISA). ), companies that develop their own medical plan, rather than contract with an outside health care provider, are exempt from all state confidentiality laws. The Fair Health Information Practices Act introduced by Rep. Gary A. Condit (D-Ceres) in May 1997 is a step in the right direction, even though it fails to address most existing loopholes used in procuring confidential patient data. This proposed legislation was attacked by researchers in June 1997 in Washington during a House Subcommittee meeting, on the grounds that it could inadvertently hinder medical research. The bill requires that patients be given the opportunity to decline to have their personal medical information released. Researchers from the Mayo Clinic Mayo Clinic: see Mayo, Charles Horace. Mayo Clinic voluntary association of more than 500 physicians in Rochester, Minnesota. [Am. Hist.: EB, 11: 723] See : Medicine and Glaxo-Wellcome testified that such an option could affect the reliability and validity of research findings, leading to the design of potentially incorrect medical treatments. Representatives of GlaxoWellcome further argued that it would restrict researchers access even to databases that do not contain personal identifying information, as long as they contain codes that could be linked to identifying information in separate databases. Other experts, representing the American Psychiatric Association's Council on Psychiatry and the Law, argued that the legislation does not go far enough, since it does not offer patients the right to keep their records completely outside of computer databases if the danger of disclosure is great. Enforcing security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security A number of security measures have been proposed over the years, such as cryptography, electronic signatures to verify originator, dial-back devices to confirm the phone number accessing the system, and "sanitizing" data by removing patient IDs. Implementing these and other emerging technologies is critical, in view of the fact that the U.S. government routinely scans its 4,000 databases looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. welfare and tax cheaters. The rapidly expanding health information systems contain large amounts of confidential information that, without proper legislative, regulatory, organizational, ethical, and technological safeguards, would be easily accessible to both unauthorized users, as well as dully authorized users intent on stealing, altering, or destroying the information contained in the system. In May 1997, the FBI arrested a computer cracker See cracker. who broke into a San Diego San Diego (săn dēā`gō), city (1990 pop. 1,110,549), seat of San Diego co., S Calif., on San Diego Bay; inc. 1850. San Diego includes the unincorporated communities of La Jolla and Spring Valley. Coronado is across the bay. Internet service provider's computer and stole 100,000 credit card numbers. The thief used a "packet sniffer See network analyzer. (networking, tool) packet sniffer - A network monitoring tool that captures data packets and decodes them using built-in knowledge of common protocols. Sniffers are used to debug and monitor networking problems. " program to gather information from a dozen companies conducting electronic commerce. The only reason he was caught is because he tried to peddle them to an undercover FBI agent for $260,000. This case is uniquely bothersome because this individual was able to hack into this third party, copy the information, and encrypt It to be sold. Health care executives might suddenly face the reality that a headline-making disclosure of confidential patient information, linked to either the Internet or via remote access to patient records, occurred in their organization-one incident that can bring the house down. Every health care organization should incorporate policies and procedures regarding health data confidentiality, privacy, and security into their ethical behavior policy. In addition, every health care organization needs to have a contingency plan A plan involving suitable backups, immediate actions and longer term measures for responding to computer emergencies such as attacks or accidental disasters. Contingency plans are part of business resumption planning. in place with designated physician executives willing and able to handle this type of public relations public relations, activities and policies used to create public interest in a person, idea, product, institution, or business establishment. By its nature, public relations is devoted to serving particular interests by presenting them to the public in the most disaster, including mass-media crisis management. All experts agree that implementing and enforcing adequate security measures is a cultural and organizational problem and not a technological one. Unfortunately, IS security remains a "hard sell," since there is no immediate tangible benefit or return on investment. A bold experiment to transmit patient medical records over the Internet was launched in California last year. The project will test the application of stringent security procedures now in use at the National Security Agency. The project coordinator, UC San Diego Medical Center, hopes that the project's success will help allay patient and provider fears about moving sensitive information over the Internet. Part of the program will involve granting the patient full access to their medical record. Patients will designate authorized physicians and will be able to select what degree of access they have to their medical records. Many people consider their medical records more important than their financial information. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. a poll conducted by the Los Angeles Times Los Angeles Times Morning daily newspaper. Established in 1881, it was purchased and incorporated in 1884 by Harrison Gray Otis (1837–1917) under The Times-Mirror Co. (the hyphen was later dropped from the name). in 1997, 85 percent of the general public placed protecting the confidentiality of patient medical records ahead of providing data for outcomes research. Such research, by the way, may involve not only the use of patient records without consent, but may require patient participation in research by completing highly intrusive questionnaires as a condition of receiving care. Protecting electronic medical records John T. Nelsen, representing the American Hospital Association American Hospital Association (AHA), n.pr a nonprofit national organization of individuals, institutions, and organizations engaged in direct patient care. The association works to promote the improvement of health care services. , stated last spring that, "A health information infrastructure is central to an integrated delivery system"-and I totally agree. However, while most providers express concern about unauthorized access to medical records, only 37 percent have taken steps to protect the confidentiality of data, according to an unscientific unscientific Unproven, see there survey conducted at the recent Health Information Management Systems Society (HIMSS) conference. Another 42 percent of health care organizations are beginning to implement measures to protect electronic medical records. Unfortunately, the remaining 21 percent believe it either premature or unnecessary to take such actions. In May of 1997, Columbia/HCA announced a $90 million, three-year agreement under which AT&T became its primary provider for long distance voice and data services. No matter where a patient goes in any Columbia/HCA facility nationwide, that patient's computer-based record will be available immediately to Columbia-affiliated physicians and clinicians. The contract also provides links connecting Columbia's facilities with six regional data centers and the corporate office. These data centers are hubs for the Columbia Patient Care System, a computerized system of patient information, creating a single and permanent electronic record for each patient. By consolidating volume discounts and network efficiencies under one carrier, Columbia hopes to save an estimated $23 million. Hopefully, a large portion of the projected savings will be applied towards an upgrade of its archaic security system. The organization currently uses only an ID and password mechanism-grossly inadequate for a large organization that has Internet connections and must provide onsite and remote access to 90,000 physicians. The challenge for Columbia will be finding and implementing encryption and digital signature systems strong enough and scaleable enough to accommodate its operations across the country. Fear of negative publicity Despite the obvious threat of the Internet, the Internet, the, international computer network linking together thousands of individual networks at military and government agencies, educational institutions, nonprofit organizations, industrial and financial corporations of all sizes, and commercial enterprises larger hazard In health care is from an internal breach over the company LAN (Local Area Network) A communications network that serves users within a confined geographical area. The "clients" are the user's workstations typically running Windows, although Mac and Linux clients are also used. or Intranet. An overwhelming 85 percent of IS professionals surveyed at a 1997 HIMSS conference expressed some commitment to implementing the Intranet. In addition, the results of a 1997 HIMSS/Hewlett Packard informal survey showed that internal security concerns outweigh external ones 42 to 17 percent. While some 75 percent of all U.S. corporations say they have experienced computer crime or a security breach, only 17 percent call the police for fear of negative publicity. Two recently conducted studies report that losses experienced by Fortune 1,000 companies as a result of computer break-ins were higher in 1997 than ever before, despite increased spending on computer security measures. A study by the Computer Security Institute and the FBI estimates 1997 losses from computer crime at $136 million, up 36 percent from 1996. About half of the respondents cited internal corporate networks as the favored break-in point. Meanwhile, a study by WarRoom Research LLC (Logical Link Control) See "LANs" under data link protocol. LLC - Logical Link Control found that a large majority of Fortune 1,000 companies have experienced a break-in by an outsider in the past 12 months, with over half reporting more that 30 security breaches during that time period. Nearly 60 percent reported losses of $200,000 or more for each intrusion. Mich Kabay, the Director of Education at the International Computer Security Association (ICSA See TruSecure. ), correctly notes that even these figures may be understating the problem: "It's not possible to have truly accurate information on break-ins, because you can't know how many of them went completely undetected and you can't be sure how many of them are not reported." (1) The state of security systems in most heath care organizations prevents us from identifying what information was accessed or how it will be used. Finding out from CNN CNN or Cable News Network Subsidiary company of Turner Broadcasting Systems. It was created by Ted Turner in 1980 to present 24-hour live news broadcasts, using satellites to transmit reports from news bureaus around the world. or subpoenas is not an acceptable solution to reducing the health organization's liability exposure and avoiding losses. As the complexity and extent of integration and sophistication so·phis·ti·cate v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates v.tr. 1. To cause to become less natural, especially to make less naive and more worldly. 2. of health information systems increases, so too is their vulnerability to internal and external threats. One former cracker, who recently completed a prison sentence for his activities (a rarity all by itself), says networks are getting more vulnerable, not less: "You don't need even basic skill to get in." (1) Most health care organizations conceal their break-in problems, fearing that publicity will generate litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. , would make them look hapless, or attract more attacks. So, crackers do not get caught, other organizations are not alerted to dangers, and the medical consumers remain unaware of the magnitude of the problem. If all attacks were reported, major institutions would change their policies and procedures, vendors would improve the built-in security of the networks, system administrators would take appropriate precautions, government would beef up enforcement, and all of us would engage in safer computing. More glitches Patients' right to privacy, however, has to be balanced against physicians' need to quickly access and freely share clinical information. Traditionally, doctors can access all medical records. Any attempt to limit physician access to only his or her patient files causes immediate resistance. Providence Health System in Oregon, a $1 billion multi-facility network with more than 1 million members, discovered that the physicians it incorporated or affiliated with offered widely divergent and often inappropriate access to clinical information. Some physicians had given their passwords to staff, while others refused to sign confidentiality agreements. To tighten the security, as it integrated more information systems, Providence created a data management and security department. Unfortunately, they found out that physicians are among those who have the most difficulty accepting the department's newly imposed limits. A used computer recently sold by a Mountain View, California For the census-designated place, see Mountain View, Contra Costa County, California. For other places called "Mountain View", see . Mountain View is a city in Santa Clara County, in the U.S. state of California. The city gets its name from the views of the Santa Cruz Mountains. , company contained information on 2,000 customers of Smitty's Supermarket Pharmacy in Tempe, Arizona. The person who bought the computer, a computer consultant from Nevada, discovered the information, which included patients' names, social security numbers, and a chronological list of all medicines that they purchased at the pharmacy. The consultant said she noticed prescriptions for AZT AZT or zidovudine (zīdō`vy  dēn'), drug used to treat patients infected with the human immunodeficiency virus (HIV), which causes AIDS; also called for AIDS patients, Antabuse for alcoholics, and numerous antidepressant antidepressant, any of a wide range of drugs used to treat psychic depression. They are given to elevate mood, counter suicidal thoughts, and increase the effectiveness of psychotherapy. and psychotropic drugs. Ironically, the consultant, who suffers from multiple sclerosis, said she once lost a job after an employer learned she had the disease. These and similar incidents might explain the result of a survey commissioned by eTrust, a certification organization jointly sponsored by the Electronic Frontier Foundation See EFF. (body) Electronic Frontier Foundation - (EFF) A group established to address social and legal issues arising from the impact on society of the increasingly pervasive use of computers as a means of communication and information distribution. and CommerceNet. Only 15 percent of Web surfers purchase merchandise online because of privacy concerns. Data on visitors to sites about diseases could be combined with identifying information obtained through tracking and online questionnaires, and marketed to drug companies and insurers. Most Americans do not want "them" to know that they had hemorrhoids hemorrhoids (hĕm`əroidz) or piles, dilatations of the veins about the anus (external hemorrhoids) or those higher up inside it (internal hemorrhoids). , alcoholism, epilepsy, high cholesterol Cholesterol, High Definition Cholesterol is a fatty substance found in animal tissue and is an important component to the human body. It is manufactured in the liver and carried throughout the body in the bloodstream. , a genetic disorder or any other stigmatizing illnesses or disease. Information in one's medical file, including family history of late-onset diseases like Huntington Chorea, can result in one's life and property insurance rates being raised, loan and home financing applications denied, and employment refused. One of the biggest problems with protecting information contained in the medical record is the fact that no single party is solely responsible for protecting patient confidentiality, resulting in lack of uniform, active enforcement, Rep. Edward Markey introduced legislation in June 1997 that would require electronic marketers to notify consumers when information is being collected and how it will be used. Consumer advocates insist that patients should be notified when any entity is seeking access to confidential information, and that a written consent should be obtained before any information is released. Furthermore, as some patient advocates have suggested, if the information contained in the medical record is to be utilized for any purpose other than direct patient care, the consumer should be compensated by the inquiring entity for using such proprietary information. On the provider side, the Medical Board of California, In its eternal wisdom, published information about all licensed physicians on its Web site, including license numbers, medical schools, practice location, disciplinary action, criminal convictions, and malpractice judgments over $30,000. Unfortunately, it also listed physicians' home addresses without notifying them first. In response to numerous complaints, the Medical Board of California temporarily removed all physicians addresses. Before putting them back on the Internet, the Board is supposed to send letters to all licensed physicians informing them that their addresses will be published online. Physicians will then have an opportunity to submit a P.O. Box or other alternative. Conclusion The advent of new technologies in the area of authentication, like tokens, smart cards, badge readers, on-time passwords, and biometrics, have considerable potential to enhance patient privacy. Other, noteworthy technologies are digital signatures and certificate services, used to authenticate senders and receivers in electronic transaction, and key recovery systems that allow the session key to be recovered from the software itself, if needed. Equally or more important is the implementation of consent forms and tracking mechanisms to monitor disclosure and enhance privacy. Successfully adopting and implementing CPR systems requires both purchaser and vendor to be responsive and adaptive to the rapidly increasing public concern about privacy. Selected systems should provide a solid technical and operational solution to privacy and confidentiality issues. To achieve these complex goals, enlightened and empowered medical consumers are partnering with concerned physicians and demanding that legislators and regulators, along with the operators and manufacturers of medical record systems, design and implement political, ethical, and technological safeguards to adequately protect both medical consumers and physicians. Reference (1.) Internet Week. March 23. 1998. RELATED ARTICLE: TECHNOLOGY WILL DRIVE HEALTH CARE REVOLUTION A new national study has found that technology will revolutionize health care organizations' ability to meet consumer needs, Researchers with KPMG KPMG Klynveld Peat Marwick Goerdeler (accounting firm) KPMG Kaiser Permanente Medical Group KPMG Keiner Prüft Mehr Genau (German) KPMG Kommen Prüfen Meckern Gehen Peat Marwick and Northwestern University found that as health care organizations become more consumer-focused, their technology investments--such as the Internet and electronic commerce--will be strategic steps toward becoming more attuned at·tune tr.v. at·tuned, at·tun·ing, at·tunes 1. To bring into a harmonious or responsive relationship: an industry that is not attuned to market demands. 2. to and better able to satisfy the needs of consumers. As health care organizations seek to better serve consumers, they have identified technology as a key area in need of improvement. Nineteen percent of the health care organizations surveyed said that technology infrastructure was a barrier to accessing and leveraging the information necessary to achieve customer-focused business objectives. KPMG's Linda Rebrovick said, "Technology exists today to develop high-impact, customer-focused applications that, for example, allow enrollees of health plans to clarify benefit coverage, check on claims status, track deductible paid to date, and make complaints." She also noted that technology is a tremendous tool to facilitate real-time communications among providers, especially for specialty referrals and consultations. Ninety-two percent of the academic medical centers and 67 percent of all payer organizations surveyed have web sites. Taking note of these numbers, Rebrovick said, "As we move into the next century, simply having a presence on the World Wide Web to post "one way" information is no longer a differentiator among leading organizations, but a minimum requirement. Today's truly innovative organizations have recognized that the real challenge is in creating self-service applications for consumers--an interactive experience that allows consumers not only to access information, but also to dialogue online with experts and "push" personal clinical data to their physician's office." Victor S. Dorodny, MD, PhD, MPH, a practicing physician, is an expert on health systems, information technology and Computerized Patient Records Systems (CPRS CPRS Canadian Public Relations Society CPRS Computerized Patient Record System CPRS California Park and Recreation Society CPRS Comprehensive Psychopathological Rating Scale CPRS Center for Political Research and Studies (Cairo University) ). He is an Active Academician of the International Informatization Academy (IIA (1) (Information Industry Association, Washington, DC) In 1999, IIA merged with SPA (Software Publishers Association) to become the Software & Information Industry Association. See SIIA. ) and a board member of the Association of Medical Directors of Information Systems (AMDIS AMDIS Association of Medical Directors of Information Systems AMDIS Automated Mass Spectral Deconvolution and Identification System AMDIS Atomic and Molecular Data Information System AMDIS Australian Marine Data Information Service ). He is President of Health PRO Worldwide Inc., and he can be reached by calling 626/397-2031, via fax at 626/441-6105, or via email at HcarePRO@aol.com. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion