Electronic Health Record (EHR) System Potential Threats and Measures Taken to Protect It

Since the early 1980s, discipline engineering science book improved and revolutionized e very(prenominal) aspect of our lives. We use selective information technology to do our daily chores like shopping and reading the latest global tidings at the comfort of our living room. It replaces old challenges with impudently possibilities. However, one of the aras that had evolved to this new demand in information technology simply rather in a slow phase is the health c atomic number 18 industry. Todays healthcare includes hospitals and private clinics.A lack of an effective management of information nearly a disease and the treatment for saving lives stooge be sic at risk. In previous years health check information was stored simply on paper and in one location, usually a diligents primitive care physicians office or health check institute. People tend to immigrate to a different area or country, and then making it surd to transfer piles of paperwork and medical c heckup records to every point of medical induction which a patient is seeking treatment.It is even more complex when around patients visit more than a single physician or an invention and the do of organism treated by a different bite of nurses, consulting specialists, diagnostic technicians and administrative staff. Paper- taild medical record schemas are also adding the unessential expense to a medical mental hospital. Registration clerks, nurses spend precious term away from patients attending to huge piles of paperwork. This adds up an enormous pecuniary burden inclusive for the storage of the medical records and wages for the administrative plump for staff.Miss-kept or missing medical records adds to the lost of precious time and can lead to unnecessary or duplicating of clinical tests. However, until recently, usage of information technology has increased and become prominent part of the healthcare industry. M both liberal hospitals and private hospitals have made the novelty from old-school paper medical records to EHR, electronic health Record remains. Early stages of an EHR arranging were base on a simple side but have advance tremendously. Now EHR System is Web-based which are entrancewayible across earningss and utilizing GUI, Graphics User Interface for interactivity.Web-based EHR are easy to use, have the capabilities to organize and link information, strong multimedia initiation capabilities, works on most hardware platform and operating remains in the market which communicate through the Internet and provide admission charge to medical records using web browsers and web technologies. Jamie R. Steck(1998), Director of IT from the Central do Clinic stated that Efficiency has increased dramatically. We did an in-motion study in our records room, which showed that filing electronically is 80 percent more efficient than filing manually, and weve seen proof of that on a daily basis. Study shows that EHR is more efficient than th e normal process of filing the paper-medical records. Health institution of many sizes faces many demands and challenges when making the transition from paper records to EHR. Healthcare institutions are working hard to reduce their credit on handwritten records. EHR has improved patient care through great and quicker gate to patient information thus reducing medical errors due to paper-records. It also significantly reduces test result and patient wait-times with a faster and more efficient workflow.It also reduces record-keeping time thus lessen paperwork for administrative staff. EHR establish a better information and improved communication theory in a medical institution. It reduces the possibility of misplaced and lost records thus ensuring the patient record test results are available when needed. It reduces cost on paper and supply. But just as much as its ancestor, EHR are subjected to privacy violations. Today, healthcares systems in developed countries are changing dra matically. These countries are facial expression into more inexpensive communication means using the meshwork to win a more efficient and high quality EHR.With the increase of health care system on information technology, we must also watch into the increasing number of threats resulting from distribution and the implementations of the EHR System. Patients and doctors are aware of the surety requirements base upon the system with the usage of communications over open and insecure network such as the internet. There are concerns over the privacy and earnest of electronic health information and they fall into two general categories 1. concerns nearly inappropriate releases of information from individual brasss 2. oncerns about the systemic flows of information throughout the health care and related industries National Research Committee (1997, p. 54) The freshman category can result either from an classical users who intentionally or unintentionally access or distributes in formation in violation of the institution indemnity or from hackers who break into a institutions calculating machine system. The second category refers to the open disclosure of patient health information to parties that may act against the interests of the patient or may also be alleged as invading a patients privacy.EHR stored at medical institution are vulnerable to internal or outer threats. Internal threats includes authorized system users or medical personnel who villainy and misuses their privileges by accessing information for inappropriate reasons such as viewing their friends, neighbors, colleagues or to leak information to the press for spite, revenge, or profit. External threats or unlicensed access, which is related to the open architecture of Internet, sometimes by vindictive originator employees, angry patients, network intruders, hackers or others may steal information, damage systems, or disrupt operations.Till today, there have been modest amounts of evidenc e to bore the exposure of EHR to external attacks as there are still no tools for detecting attacks on EHR in the healthcare industry. In a grimace reported by Marbach, William D. (1983), so-called 414 group broke into a computing machine system at the National Cancer Institute in 1982, although no damages were reported. Study by the Federal Bureau of Investigation and the computer Security Institute (CSI), CSI Director Patrice Rapalus(1996, p. 2) said, The information age has already arrived, but most organizations are woefully unprepared . . . making it easier for perpetrators to steal, spy, or sabotage without cosmos noticed and with little culpability if they are. Set of laws are being introduced for patient record privacy put strict demands on healthcare providers to cling to patient information while using EHR while sharing the information with other patients. Six main factors are integrity, dependability, availability, confidentiality, authenticity and accountability. Patient records involves very sensitive selective information, which should only be disclosed to authorize users, thus confidentiality of the call for information is essential.Integrity and availability of the services are also important. To run the desire measure of information system security, a range of security policy models have been proposed and implemented in healthcare. One of the most wide use of security policy being adopted by medical institutions to nurture patients information in a EHR System is the Role base Access Control policy. Role Base Access Controls (RBAC) is the common policy being used in an ERH System. These include two basic types of access control mechanism that are used to protect data which are discretionary access control (DAC) and mandatory access controls (MAC).DAC is very supple hence it is not suitable for protection of health records. MAC on the other hand is stricter, allowing ample space for flexibility and it requires all users discourse t he records to follow a set of rules administered by the system admin. RBAC in EHR System should have the advantages of both DAC and MAC. With the RBAC approach, EHR System should adopt the roles and the authorization management in its system. In RBAC, it identifies which staffs in a medical institution are authorized to view a patient medical record. It restricted the data from being abuse or falling to the wrong hands.Each and every medical staff in a medical institution are charge a specific role and operates the EHR System according to their role. Medical staffs are only allowed to view patients record that they are allowed to access. Not all data are being revealed to the every role. G. Pangalos(1998) states that EHR System identifies the following roles in its system 1. Patients. They have access to their get health institution, individual(prenominal) and demographic data. 2. Physicians. primary(prenominal) Users of EHR System. Make diagnosis, admissions and treatment. Act o n behalf of patients. 3. Doctors. prudent for the laboratory tests and evaluation results. 4. Nurses. Responsible for providing daily care to patients. Dont need to know any sensitive personal patient data. 5. Other Healthcare Professionals. Responsible to dress treatments for example psychiatric consultation. 6. Administration. Responsible for collection of the administrative, social, personal and non-personal demographic and redress information about the patient. 7. Local authorities. Specifically Government bodies have access to health records for research or investigation purposes and any sensitive personal data will not be reveal. Department of Health and tender-hearted Services (1998), in the proposed rule for security and electronic standards, .. each organization that uses communications or networks would be required to protect communications containing health information that are transmitted electronically over open networks so that they cannot be easily intercepted and interpreted by parties other than the intended recipient, and to protect their information systems from intruders trying to access systems through external communication points. (vol 63, No 155)As of the statement above given by the Department of Health and Human Services, all information that are sent over the internet must only be accessed by authorized receiver. Todays technologies allow users to prove their authenticity and with data encryptions allow data to be transmitted safely over the medium. Data encryption should be at a satisfactory level of security to protect against intruders, thus data integrity have been compromised. User authentication must also be present with the encryption and data transmission process to ensure that the data sent are received by authorized receiver.Other than data encryption, a good firewall should also be implemented on the database host to avoid external intruders from accessing unauthorised data. Although these policies and counter measures are being implemented, unauthorized data leakages do still prevails. Medical records of celebrities and famous throng are sought after by the media around world. This is due to the interest of people and money. So patient plays a part in protecting their own medical records. They have to put their trust in the medical institution where their records are being kept.