The article titled “Computer Security Expert’s Perspective on Electronic Medical Records” presents the views of an Information Technology (IT) security expert, Troy Thomas, on electronic medical records (EMR).
Thomas is the Chief Security and Privacy Officer for KeyCorp which is the parent company of Key Bank. Thomas has a bachelor’s degree in Computer Information Sciences from Cleveland State University, Cleveland, OH. Thomas asserts that the medical industry is slowly becoming computerized and, eventually, electronic medical records will be the norm.
He points out that, however, getting from a highly distributed, paper-based model to a fully computerized EMRs model will be challenging. Changing to a more computerized EMRs model will introduce risks that the current paper-based model does not have and will solve some of the inherent risks associated with the current model. The current paper-based model inherently has the following risks: records are susceptible to fire, flood, mold, termites, decay, fading of ink, and misplacement of an entire folder or subsections.
Paper records are easily copied or stolen, easily accessed by office personnel or people who just happen to be near an unattended folder of medical records. An EMRs model inherently has the following risks: computer equipment can fail or break, technology changes quickly, and information stored a long time ago may not be easily accessed at a future date. Information that was once stored can become inaccessible; information can be accessed by unauthorized individuals. Electronic information can be altered.
Introduction Information technology has had as much impact on our society as the industrial revolution. In the information age, companies are finding that success or failure is increasingly dependent on their management and use of information. Therefore, companies need a good information system that enabled an efficient and effective use of information to give them more competitive advantage ( ...
Electronic components do not react well to fire, water, dust, dirt, humidity, being dropped, or being abruptly unplugged. To mitigate these inherent risks, modern computer centers have strict environmental controls to ensure that computer equipment is run in an optimal environment and is backed up and available at an alternative site (for disaster recovery purposes) and has proper security controls deployed to ensure that information can be accessed by authorized personnel only. Technology controls exist that can prohibit information from being altered. For example, there are direct access storage devices that allow information to be written once and read many times. The inherent risks of the paper-based model and the EMRs model are vastly different but mitigating controls exist that can adequately address the basic inherent risks described thus far. Typical, practicing physicians, however, cannot be expected to set up a dedicated computer center with all of the environmental, physical, and logical access controls that are needed to adequately safeguard their patient records.
Therefore, for true EMRs to be really secure, a model or protocol is needed whereby physicians store their patients’ medical records at a reputable and secure data center that offers the physicians an outsourced service for accessing and storing EMRs. Unfortunately, a centralized computing model introduces new inherent risks: for example, are the outsource agencies reputable and can they be trusted with patient medical record information?
With medical record information coming in from multiple physicians, a unique patient identification number would be needed so that records could be appropriately combined within patient files. With so much information in one place, clear controls would be needed to ensure that the people accessing the information receive only the information that is truly needed. Ensuring that quality information is captured and maintaining patient privacy will be the most challenging aspects of EMRs. Computers don’t improve quality. However, computers can make quality issues and mistakes much more visible and potentially harmful.
The vast development of technology is the evident in hospitals in other countries as they have developed and implemented different forms of Patient Record Management System making practitioners and health professionals’ work easier than the manual way of gathering patient’s record that the hospitals had before. In Philippines, only a few hospitals (Saint Lukes Medical Center, Makati Medical City ...
The author highlighted that the EMRs journey will probably parallel some of the issues that exist with electronic voting where so many questions such as whether society can trust the vendors who sell the voting equipment. Can a vote be altered after it has been cast? How does society effectively centralize a highly decentralized model? Can foreign governments hack American voting equipment and influence an election? How is a person’s voting history stored and secured? In the end, EMRs will be a reality in the healthcare industry.
The benefits of centralized electronic patient medical records outweigh the risks associated with changing the model. Ultimately, it is a question of trust, not technology. Will physicians trust their patients to stay with them when their patient medical records are more easily transferred to another doctor? Will patients trust that their medical records are appropriately safeguarded against inappropriate access and that the information contained within their records is accurate and of high quality? Ultimately, Thomas believes the answer to these questions is yes in the long run.