EMR Benefits: Security

Security is an advantageous attribute which comes with EMR systems. Centers for Medicare and Medicaid Services (CMS) published a privacy, security & meaningful use guidelines which computer systems that store patient information need to conform to imply to HIPAA privacy guidelines. ^[1]

Publicizing confidential medical records can be overwhelming and the outcomes may have a tremendous impact on a patient's personal life. "Victims could seek litigation against the healthcare practice in which the breach occurred. If the breach affected multiple patients, the practice is headed down a long road of legal tribulations." ^[2]

Confidentiality of patient medical records can be better protected from misuse by the use of well-designed EMRs. The reason for this claim is that monitoring and securing patient medical records in electronic forms is more achievable than any paper-based structure. Although different potential threats exist for any EMR system, a well-designed EMR system has a great potential to facilitate medical record confidentiality. For instance, EMR software developers have the option of using biometric data or multi-factor authentication to ensure that only authorized personnel have access to such data. Further, this method would allow for a data-trail to monitor this access. Installing and enabling encryption is another way to protect and secure patient health information. Encryption is the conversion of data into a form that cannot be read without the decryption key or password. While achieving data encryption is a hard complex mission for any paper-based medical record structure, it is easily possible to implement it for any EMR solution. ^[3]

Sophisticated e-prescribing capabilities can ensure secure communication of prescriptions from clinicians to any pharmacy the consumer requests. ^[4]

Data Consistency and Integrity

Data consistency refers to the level in which the recorded data in the storage medium can be matched with the original and valid state of information which has initially stored. A consistent data with high level of integrity must be always identical with the original state it has stored. In any paper-based medical record, there is a chance that different sort of inconsistencies occur. Maintainability of data integrity in electronic forms of medical records has a significant impact on patient medical record security. ^[5]

Access Control and Auditing

In general, access control refers to an act of controlling the access of individuals to any resources of the organization. The term "access" might have different meanings which may refers to "view", "modification", "deletion", or "creation" of records. Auditing is simply the act of monitoring user activities based on their privileges to the resources. In the field of medical records, these two paradigms refer to the act of giving permission to the authorized person and monitor their activities based on their permissions.

Maintaining access control and auditing in traditional paper-based medical records is hard to implement and achieve. The reason for this complexity comes from the fact that data segmentation in paper-based records is not easily achievable as most of data resides on a series of related documents. Therefore, restricting a person from accessing part of a document (E.g. symptoms or prescriptions) and also monitoring that person activities is nearly impossible or extremely costly. By using an electronic medical record system, it is possible to implement a proper way to provide access control and data auditing.

References

↑ Centers for Medicare & Medicaid Services. Privacy and Security Standards. http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/PrivacyandSecurityStandards.html
↑ Electronic Health Records Security and Privacy Concerns. http://www.ironmountain.com/Knowledge-Center/Reference-Library/View-by-Document-Type/General-Articles/E/Electronic-Health-Records-Security-and-Privacy-Concerns.aspx
↑ Mendoza, E. Security considerations when choosing an EMR system. http://search.proquest.com.ezproxyhost.library.tmc.edu/docview/195651099/fulltextPDF
↑ Phillips, J.L., Shea, J.M., Leung, V. & MacDonald, D. (2015). Impact of Early Electronic Prescribing on Pharmacists’ Clarification Calls in Four Community Pharmacies Located in St John’s, Newfoundland. JMIR Medical Informatics; 3(1):e2. http://www.ncbi.nlm.nih.gov/pubmed/25595165
↑ Rode, D. Data Integrity in an Era of EHRs, HIEs, and HIPAA: A Health Information Management Perspective. http://csrc.nist.gov/news_events/hiipaa_june2012/day1/day1-b2_drode_integrity-protections.pdf

[Privacy-Standards-CMS-1] Centers for Medicare & Medicaid Services. Privacy and Security Standards. http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/PrivacyandSecurityStandards.html

[EHR-Security-Concerns-2] Electronic Health Records Security and Privacy Concerns. http://www.ironmountain.com/Knowledge-Center/Reference-Library/View-by-Document-Type/General-Articles/E/Electronic-Health-Records-Security-and-Privacy-Concerns.aspx

[Mendoza-Security-Considerations-3] Mendoza, E. Security considerations when choosing an EMR system. http://search.proquest.com.ezproxyhost.library.tmc.edu/docview/195651099/fulltextPDF

[4] Phillips, J.L., Shea, J.M., Leung, V. & MacDonald, D. (2015). Impact of Early Electronic Prescribing on Pharmacists’ Clarification Calls in Four Community Pharmacies Located in St John’s, Newfoundland. JMIR Medical Informatics; 3(1):e2. http://www.ncbi.nlm.nih.gov/pubmed/25595165

[Rode-Integrity-5] Rode, D. Data Integrity in an Era of EHRs, HIEs, and HIPAA: A Health Information Management Perspective. http://csrc.nist.gov/news_events/hiipaa_june2012/day1/day1-b2_drode_integrity-protections.pdf

[1]

[2]

[3]

[4]

[5]

EMR Benefits: Security

Contents

Confidentiality and Secrecy

Data Consistency and Integrity

Access Control and Auditing

References

Navigation menu

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

Tools