Privacy and Confidentiality in the Electronic Medical Records - Term Paper Example

? Privacy and Confidentiality in the Electronic Medical Records Acknowledgement I would like to thank my supervisors for their expertise advises, academic guidance and enthusiasm for this research, as well as the time they spent in guiding me throughout this process. I also thank my family for their financial support and their academic support. To all, I say thank you. Abstract Coming up with an Electronic Medical Record is a key concern and objective for many countries, so as to improve their healthcare delivery. However, in order to do so, there is need to have patient repositories. However, the implementation of ERM is hindered by patient concerns over their privacy and confidentiality of their information and data. The present IT solutions have failed to satisfy the patients’ privacy and trust issues in the medical records. This research looks at the privacy and confidentiality issues in Electronic Medical Records. Table of Contents Acknowledgement 2 Abstract 3 1Introduction 5 1.1 Background Information 5 1.2 Problem statement 6 2 Linking the existing Medical Records 7 3Electronic Medical Records 7 4 Benefits of EMR 8 5 Electronic Medical Record Privacy and Trust 9 6 EMR Privacy 10 7EMR Trust 11 8Preventing the privacy-violating Inferences in the EMR 12 9 Conclusion 13 10References 14 Baatarjav, R. (2010). Privacy management for EMR. Proceedings of the 4th International Conference on Information Systems Security, Hyderabad, India, 16-20, volume 5352 14 1 Introduction The use of electronic medical record keeping has resulted to increased interest in evaluation of the past records of the patient aimed at improving healthcare delivery. Such research has been using the patient data but then the issues of confidentiality and trust seem to be an issue that has not yet been handled in the studies. It is true that EMS is now a new evolution in the healthcare sector. The use of EMS gives several benefits to the patients, to the public health system and the government (Mark, 2003). There has been an increased use of EMS over the world, but further use and implementation of the concerns affected this project on privacy, trust and confidentiality issues. It is true that the present IT solutions have failed to ensure patient security and their privacy desires, and ensure that the medical data can be trusted. This study looks at the privacy and confidentiality issues in the electronic medical record. This study will cover the most important issue in electronic medical records, the issues of privacy and confidentiality of personal health information. To this date, it is known that the increased development of information technologies has resulted to certain changes in the healthcare system medical records (George, 2010). 1.1 Background Information Personal information is a valuable entity in a person's life, and its value has been increasing tremendously. The individuals who are to be in control of their information value the source of such personal information and value the control of the personal details since such details make one to be uniquely identified. The user's personal information also gives evidence of the value of such information through increased knowledge (Enhydra, 2011). The healthcare information is one of the most sensitive information of a human being that should not be easily disclosed to a third party. This is because such information contains an individual's intimate details and their health conditions that would result to stigmatization if it is disclosed. Such information cans be described as an individual's “biographical core of personal information” (Bell, 2005). Tremendous studies have shown that the value of human personal health information can be seen at the time of interaction of the patients with their healthcare providers. Day in day out, thousands of patients share their personal information with their health care providers for diagnosis, care and treatment. Such information is usually collected and stored by other health care providers for reference in the future. Past studies have shown the patients also interact and share such valuable personal information with other health care providers during treatments in different areas of referral. Thus, there seems to be the fact that as patients move from one health care to the other, they expose their valuable personal information that bring about issues of trust and confidentiality. Academic reviewed journals show that the knowledge of patients about lack of confidentiality and trustworthiness of the electronic medical records make them to be concerned, and some even try to hide on what they reveal to the medical practitioners which is a hindrance to their treatment. 1.2 Problem statement In this research, I have identified areas that have a great effect on the use of EMR system privacy and security which define the scope of this study. Such problems can be seen to be generic, and therefore do not link specifically to my earlier proposal. Each of the problems identified is related to a given research domain. 2 Linking the existing Medical Records Medical data having information about the patients are stored in various areas in different formats. However, it is true that to get these benefits in the EMR system, it is important that each of the patients need to be assembled from the patient's separate medical records. However, for this process to be possible, it requires coming up with an accurate link between the composite HER and its components in the EMR. Thus, the use of a trustworthy matching approach is needed to ensure the link works 100 % (Beale, 2007). So, the fact that only one need a unique identifier to link consumer information is an issue of concern to the patients and some of them are always withdrawing their attendance to the hospitals. 3 Electronic Medical Records There has been evolving trends in the healthcare sector for the stakeholders to ensure that their healthcare delivery is in line with the changes in the IT industry or technology. These evolving trends have resulted to the introduction of new models used in the healthcare sector for service delivery. Changes in the IT sector have influenced the healthcare delivery models in use today such as the use of electronic medical records (EMR) which is a new field in the medical informatics and public healthcare sector. Electronic Medical Records can be defined as the provision of health care services and information by use of technology (Internet and other related IT technologies) (Baker, 2004). There have been several systems that have been introduced in the healthcare to improve efficiency. These systems store the patient's information, mostly the one related to their previous medical history, and make them available in the future when needed by the healthcare professionals for the care purposes. This storage is necessary as it helps patients to be helped in their medical tasks such as in diagnosis. The increased need for an EMS is influenced by the following factors: ? The healthcare patients usually depend on several healthcare providers and this relies on their particular needs such as the general practitioners, the specialist and the physiotherapists. This scenario implies that patients will be likely to have several medical records in place. ? It is true that healthcare services are provided at various locations such as outpatient clinics and the hospitals. This implies that the patients' medical records would not be restrained to only one place. ? Moreover, the national healthcare changes promote the improvement of the patient care by sharing their information amongst the healthcare providers. Additionally, the government and the healthcare boards increasingly ensure that there is accountability and openness in the medical practice. ? Patients often have a desire to get engaging in the healthcare decisions ? Patients' are these days becoming mobile, and this implies that they are likely to attend to several healthcare providers who are based on the current location. For this paper, Electronic Medical Record System will be defined as a computerized healthcare information system that helps certain healthcare providers to have a record of patients' information in detail such as their demographics and summary of their medical diagnosis. 4 Benefits of EMR The EMR system is very important as it helps in the provision of comprehensive patient care in comparison to the traditional paper based record systems. By creating a record of the patients diagnosis, it implies that the healthcare provider has a complete and comprehensive record of the patient that will help in effective treatment and care of the patient. Moreover, EMR ensures that there is easy access to the patient information and their medical history from a centralized point of view. Mark (2003) asserts that the use of EMR by the healthcare providers saves them time and reduces the feeling of frustration by the manual system of record keeping. This system also reduces the scenario of duplication of paper work and thus, ensures better coordination of patient care, and does away with potential medical adventure. From these benefits, it is possible to assert that the flexibility of the healthcare providers to change the patient data implies that the data that is related to the patient present condition can easily be retrieved. 5 Electronic Medical Record Privacy and Trust The security and confidentiality of the information of a patient is critical in any healthcare setting, and therefore needs to be addressed effectively. The information security is mostly defined as a way of ensuring patient confidentiality in their information retrieval, the patient integrity and the availability of such information. With confidentiality, it implies that the patient information is not disclosed to any other party apart from the healthcare provider and the patient who knows such information, and should not be disclosed to any unauthorized persons (Baatarjav, 2010). However, integrity on the other hand is seen as a way of ensuring the accuracy and completeness of the information. Availability is seen as a property that makes such information to be gained access to for use or the ability to use the required resources as the need arises. These are very vital information security properties and are usually put in place by the legal authorities that are in charge of the electronic medical records to ensure that their security policies are satisfied. Despite these properties put in place, the EMR system users that include the patients and the medical providers, the privacy and trust prerequisites are not dealt within such policies. 6 EMR Privacy Privacy is an important security requirement and is a cause of concern to the patients who are involved in the e-health medical processes. Despite the increase of this concern, little has been done about it, a part from the government coming up with privacy laws such as the U.S. Health Insurance Portability and Accountability Act [142] (Mark, 2003). Based on Allan's view on privacy, he asserts that privacy is a claim of individuals, the groups or institutions who are supposed to determine for themselves and how, when, and the level of information sharing to others. However, despite these efforts, there is often a misconception that the data confidentiality considers the requirements of data privacy. It is true that the manual system of record keeping ensures that the user is the sole controller of their information. On the accessibility of such data on the issue of privacy, the manual system ensures that the subject has the power of data control and determines who accesses such information. However, in the EMR systems, it is the patients who are pressing up for the increase in data security for the safety of their privacy (George, 2010). There is a concern over the EMR privacy because this system usually consolidates most or all of a patient's medical records information that are likely to include the sensitive medical data that is supposed or is previously kept by an individual who is the healthcare provider. However, the process of ensuring that the previously separate medical record brings about the criticality of the EMR privacy includes both the information that is needed to know the subject and the likely shameful medical records available for such patients. Note that in the technology era, the disclosure of private information would not be easily dealt with, and is likely to remain like that for indefinite time. As a result of this, patients are often very careful relative to the use of EMR. Studies by George (2010) show that the usability of this system in a survey where the participants were 73.5 %, they raised great concern over the security and the privacy of their medical records (Baker, 2004). This study shows that patients are more than willing to agree to change to the EMR systems once their privacy which is a matter of concern is solved. Patrick Leahy, who was a judicial officer in the US, highlighted the benefits of ensuring EMR privacy, and stated that if the EMR does not come up with the necessary measure to ensure the protection and privacy of user information, then there is no need of having the system in place. He continued to state that this is the main reason for the reluctance of most of the US citizens to seek medical help. It is true that the medical practitioners who feel that there is privacy risk are wrong and that they are likely to be shocked by the inconsistence of their medical duties. Additionally, refusal to give patients the control over their own information and private data would result to the withdrawal or the same patients trying to delete most of their sensitive information from their EMR systems to ensure their own privacy, which would be a blow to the healthcare provision. People feel the impact that the disclosure of their information would have to their close relatives or the people whom they love and care about. Additionally, hiding or deleting customer information would be the appropriate move in order for some of the people the patients care about to get the health insurance. 7 EMR Trust The EMR system users and the medical healthcare providers usually rely on historical data. The use of historical data by the practitioners is helpful in making or building their diagnosis in an accurate manner. In the healthcare profession, medical data by assumption is taken to be trustworthy and that any kinds of data given by the patient is highly valued and treated in an equal way (Bell, 2005). However, by the emergence of technology and the use of EMR system, this has not been the case. Studies show that the use of EMR medical data has come from the healthcare provider, and in most instances has not been satisfying the patient safety requirements, such as a person who is usually known not to give accurate information or enter incomplete medical data. Also, a medical officer may enter medical data that does not satisfy the medical safety practices. As a result of this practice, I believed that EMR medical data does not ensure any form of trust (Beale, 2007). It is important to further note that the use of medical data has greatly influenced its usefulness. Studies show that the blood pressure of a patient say 20 years down the line cannot be accorded with full trust, and be used in making a medical diagnosis in this day. The present system design does not give a means to evaluate the effectiveness of it in terms of trustworthy of the given medical data, either when such data was taken or at the time it was retrieved for use. 8 Preventing the privacy-violating Inferences in the EMR Since the patients often want access over the control of their information, it is important that such information is not shared to unauthorized persons (Baker, 2004). This has often been an issue of concern amongst the healthcare professionals and the patients. Although the manual paper system gives access to the control mechanism for the patients, this has not been used in explicit, as it seems to be the only sure way to guarantee patient privacy and confidentiality. This method will be important to ensure that the EMR system users are not interfered with their private data that is often available publicly. This would include for example, not disclosing information that a patient has been diagnosed with particular ailments but, then this would not be enough if the healthcare exposes information such as diagnosis with certain symptoms for the patient (Bell, 2005). However, malicious users can make use of such interference and able to get the probability that the given hidden data is for sure a sexually transmitted disease. Thus, having an interference detection mechanism will help to curb this problem. Additionally, the use of a channel restriction mechanism will be vital in reducing the level of interference in the case when the probability of inferring the protected data is usually less. 9 Conclusion This research has looked at the privacy and trust issues of the EMR that is an issue of concern amongst the patients over the disclosure of their data and information. Ensuring that there is trust of the patient’s medical records is very important so as to bring back many patients who have lost the trust they had on the EMR system. It is important that patient information is treated with utmost confidentiality in all manners, and necessary approaches should be taken to achieve the same. 10 References Baatarjav, R. (2010). Privacy management for EMR. Proceedings of the 4th International Conference on Information Systems Security, Hyderabad, India, 16-20, volume 5352 Baker, R. (2004). PCASSO: Applying and extending state-of-the-art security in the healthcare domain. In Proceedings of the 13th Annual Computer Security Applications Conference (ACSAC’97), San Diego, USA, 8-12 Dec 2004, pp. 251–260. Beale, T. (2007). An interoperable knowledge methodology for future-proof information systems. Retrieved from http://www.deepthought.com.au/it/archetypes. Bell, N. (2005). Secure computer systems: Unified exposition and multics interpretation. Technical report. Enhydra, S. (2011). Open source workflow. Retrieved from http://shark.ow2.org/doc/1.1/index.html. George, H. (2010). Electronic Medical Record (EHR) privacy and security use cases. Retrieved from http://www.infoway-inforoute.ca/en/Home/home.aspx, Mark, T. (2003). A guide to understanding discretionary access control in trusted system. TechnicalReportNSCD-TG-003 Version 1. Read More