Securing Information Technology in Healthcare

From Clinfowiki
Jump to: navigation, search

This is a review for Denise Anthony, Andrew T. Campbell, Thomas Candon, Andrew Gettinger, David Kotz, Lisa A. Marsch, Andrés Molina-Markham, Karen Page, Sean W. Smith, Carl A. Gunter, and M. Eric Johnson's Securing Information Technology in Healthcare [1].


Introduction

The United States leads the world in most healthcare spending per capita, but is outperformed by many other countries in the adoption and use of healthcare IT, such as Electronic Medical Records (EMR). The United States government has encouraged healthcare organizations to adopt secure EMR and other Healthcare IT software programs through litigation such as the Meaningful Use initiatives and the HIPAA act.

Methods

The Institute for Security, Technology, and Society at Dartmouth College held 3 workshops for experts to come and discuss healthcare IT security and privacy concerns and solutions. These workshops were held two and then one year apart, in May 2010, 2012 and 2013. Participants came from various roles such as Physicians, policy makers, researchers, healthcare organization executives, small and large healthcare IT companies to participate in panel discussions.

Results

The first workshop was held in May 2010 and speakers focused on:

  • 1. Increased use of mobile health technology such as embeddable medical sensors come with increased risk of securing all this sensitive data.
  • 2. Authentication issues with EMRs and trusting the people in your organization
  • 3. Healthcare IT information flow complexity and the security and usability trade offs that result from this complexity.

The second Workshop was held in May 2012 and keynote speakers and panel discussions concluded:

  • 1. Widespread EMR adoption is challenged by lack of capital, ROI definition, IT resources and physician acceptance.
  • 2. Lack of usability in Healthcare IT can be a catalyst for PHI leaks.
  • 3. The inability to standardize healthcare data makes it difficult to because it is unclear what information needs to be accessed by whom.
  • 4. improved security for medical devices will enable medical device innovation

The third and final workshop was held in May 2013 and speakers focused on mobile health (mHealth) and the following conclusions were made:

  • 1. The understanding of how to keep PHI secured has not kept up with the innovation of new mHeatlh technology.
  • 2. The growth and availability of mHealth could vastly change the methodologies of medical research in low-resources settings such as Africa, but only if mHealth technology companies get funding because they would not make money doing it on their own.
  • 3. mHealth has new benefits for behavioral health, such as mobile tools for the self-management of schizophrenia, but this data is extremely sensitive and patients need to be aware of the risks.
  • 4. The burden of information privacy is on the mHealth is on the user (patients) and that these users should have more control over who can see their data.


Discussion

While all of health IT raises privacy concerns, mHealth remains to be the are of most concern. With the rate at which new private health data is being generated via mobile health technologies it is important to innovate security standards and educate users, which is whay the authors plan to hold another workshop in the future to continue the discussion.

Commentary

In this article, the authors wanted to shed some light on how big of a problem the rapid growth of healthcare IT technologies are advancing more quickly than the security advances to protect private health information. This really makes me think twice of what health apps I have downloaded and what information I enter in MyChart for instance. I think that many users/patients have no idea who all has access to their information via their providers EHR and other applications and monitoring devices and there should be a push to educate the public as well as optimizing the security for all of this vastly growing data.


References

  1. Securing Information Technology in Healthcare. IEEE Secur Priv. 2013 Aug 8; 11(6): 25–33. doi: 10.1109/MSP.2013.104. http://www.ncbi.nlm.nih.gov/pmc/articles/PMC4219362/