Privacy and Security of Health Data - Research Proposal Example

XXXXX XXXXX XXXXX XXXXX XXXXX Introduction Medical informatics is a recent trend in use of computers inhospitals. The computers use a computerized way to automate data processing and hospital operations. The system merges computers science, information systems and health care to provide a range of resources and methods to assist in data processing by aiding in data storage, processing and retrieval in medical practice. It in cooperates engineering, communication systems and expert systems to provide guidelines to practitioners in areas of medicine such as; dentistry, surgery, therapy, pharmacy, clinical care, nursing, medical research and public health. The medical information acquired from these areas of study should be stored safely. The records should be treated with utmost confidentiality and security. The information stored could be exposed to various dangers such as an unauthorized access, data alteration, electronic viruses and attack by hackers. Lack of practical approach with respect to security measures has severely affected the security of medical data. Despite the need for medical information protection being understood widely by a majority of medical practitioners, they barely know many threats they are prone to. This has nurtured the need for security tools that will provide substantial help to medical practitioners in solving security issues they might be oblivious of. This need for implementation of medical data security brings about by the need to safeguard the sensitive medical data records. As the need to shift to use of electronic patient records arise as opposed to the paper-based record, issues concerning the security of the patient records have emerged. With the rising use of electronic record systems to manage medical data, the system makes the medical data as secure as possible with least access from the unauthorized. This proposal seeks to illustrate on the various medical data vulnerability issues of key concerns with respect to most EMR systems. These issues finally compromise the security of the medical data. The proposal hence aim to look at the various sources of security breaches within the EMR system and propose the solutions to be put in place to counter the same. Problem Statement According to a survey conducted in 2003 by the Consumers Association and Health on behalf of the NHS Information security, showed that there were significant concerns with regard to medical data security and they felt that the records were susceptible to many security breaches. The patients in the survey also expressed their concern that their full medical records should be restricted to healthcare as well as the ambulance staff offering the treatment The privacy concerns included frequent hacking incidents on the system that resulted to alteration of the patients’ records and/ or destruction of the system. The other security issue put across was the abuse of the health records by the system users. Lastly, the government influence into the health care matters and the management of the data in the long term. There is wide support on the safeguards to be put in place. These include; public sharing agreement, training for NHS staff as well as a confidentiality clause. Justification Medical practitioners using EMRs are able to conduct their day to day operations electronically. This eliminates the use of the traditional paper system and inefficient retrieval of patients’ records from the large volumes of files stored. The doctors can easily review patient medical histories, check any laboratory results for previous tests, refer patients for consultations, diagnose and prescribe. Aims and Objectives The research proposal aims to outline various security threats that limit the effectiveness efficiency of the security records. It will prime in the electronic medical records systems (EMR) which have been rated most effective in the management of patient’s records. The research focuses to provide a viable solution to counter the security threats posed to the EMR systems so as to maintain confidentiality and privacy of patients’ data records. The research’s principal objective is to investigate on the ways in which medical data records are insecurely obtained and to propose measures to curb and /or minimize the susceptible security threats for the safeguarding of the records. Literature review A SWOT analysis which was conducted by US Health Care indicated the EMR as having several advantages ranging to less paper/storage, reduced redundancy or records as well as improved operational efficiency, improved data accuracy, improved reporting capabilities, improved patient control and transparency. Despite the above several advantages being attributed to the EMR, there were some weaknesses. These range from costs of adopting the system, interoperability problems due to the systems complexities and the extensive staff training required. The greatest threat, however, remains issues with regard to the data security. There is widespread fear regarding privacy with the policymakers insisting on the need for legal action for consumers’ privacy before the EMR is adopted fully. After SWOT analysis on EMR system implementation in the US rated medical data security as a paramount concern which needed to be implemented before the system would achieve full adoption by the consumers. The key security, as well as privacy concerns to the EMR systems, included; hacking of the customer information which resulted to the patient’s data being altered, total loss of the customer data or even destruction of the entire clinical systems. The second issue was the misuse of the health information by the authorized users of the EMR system by not observing confidentiality. The third issue was the possible intrusion of the private health care matters by the Government or other corporate entity. Methodology Instruments This includes the data collection methods and the tools used for analysis. The data collection methods are the ways that the research used to gather relevant data for the proposal so as to effectively evaluate the security issues threatening the EMRs. These included; observations, surveys previous reports, journals in regard to protection of medical data, interviews with the doctors and other medical practitioners. The research also involved the use of questionnaires for the health care specialist and the Government workers in charge of public health. Through observation using video cameras, the researcher will view selected patients on treatment in a government hospital where he can view the procedure and access to his medical records by the practitioners attending him. This method gives an insight on how the data is accessed by authorized users (nurses, doctors and the pharmacist) from the hospital. The direct observation will allow the researcher compare the results of the questionnaires and interviews with the real behavior observed. Documentation will focus on the large number of files and forms that are relevant for this research. These documents will show the events and procedures of the different operations undertaken in health care practices. This will help the researcher to keep records of references and detailed information on the events taking place. These documents include the forms, health record documents and minutes of meetings with the permission of the authority in the hospital. The interviews are to be conducted on the management of the hospital to provide information on the privileges of the medics on the EMRs and accesses to the database by different categories of users. The result of the interview will show the structure of the health care organization and operations taking place in the organization. The researcher may seek to interview victims of data theft and corruption. This would give information on what users could probably alter the patients’ data and what level is the access granted. This would also tell more on the government intrusion on the health care records stored in these hospitals. The questionnaires are to be administered to the patients and the health workers to have their comments on the security of their data records stored in these hospitals, access and what threats have they faced as they use the EMRs such as hacking, loss of data its integrity. Analysis This research will generate volumes of data that will be analyzed to give a conclusive result. The data will be broken down into different subjects for sampling. The purpose of the analyzed data is to provide an insight on the security issues of concern of EMRs in a health care setting. The data from questionnaires and interviews will be surveyed independently. The results will be likened with direct observations data. This will help give a distinct difference between the qualitative data and quantitative data for analysis. A medical record of every participating patient after the consultation was reviewed in order to capture the age as well as gender information, number of visits to the physician seen during the study and number of previous during which the EMR was in use. Video observations using closed-circuit cameras of all the patients of the study physicians enabled he researcher to analyze the interaction form and extent through the use of the SEGUE Framework(Set the stage, Elicit information, Give information, Understand patients perspective, End encounter). The research focus was maintained on the six of the SEGUE tasks to evaluate the completeness of information elicited by the study physicians. This information collected included the emotional and psychological issues, patients’ agenda, health care details of the patient, clarity of information, moral encouragement and response to patients’ questions. The EMR access levels were also examined in terms of data alteration, acquisition and data entry to maintain consistency and integrity. The results of each interaction will be sampled and reviewed to come up with concrete conclusion of the research proposed. The information acquired from the patients through videotaping and the questionnaires will be examined too. An insight will be provided by the encounters and the different interaction with the EMRs will be assessed to ascertain the practitioners who have interacted with the systems. The results will be summarized in tables showing the practitioners and the tasks accomplished. The information will be clarified according to the SEGUE framework. It will show the proportions of the videotaped patients, different access levels and privileges as discussed by the management. There will be a sampled result on the different threats faced and the frequency of their occurrence. A qualitative analysis on the videotaped encounters will be provided to show the interaction of the physicians and the patients and their communication. This will also evaluate the patients’ satisfaction of the service provided and their feelings towards giving their private information to the doctor. This will focus on the data acquisition (note taking) on both ends and retrieval of the records by the authorized users. Conclusion and recommendation Security issues in EMRs can be addressed effectively with the cooperation of practitioners interacting with the system. Their perception and attitude towards the system should be positive to yield viable procedures and protocols to be used to maintain data security, integrity and privacy. There is need for several proposed measures to be put in place to ensure that the EMR satisfies the clients in terms of properly securing consumer’s data. The current regulatory framework on the part of common law should be reviewed to recognize on the obligation that should arise between concerned parties with regard to disclosure of confidential information. Secondly, using anonymous data should be adopted for those seeking the data for research purposes. The data should not contain any personal information. In the event the researcher feels that they need disclosure of the information, this should be done after obtaining consent to use the information. Finally, coded data should be used to minimize chances of information being tampered with in the case of hacking. The code would hence need to be decrypted if the information is required. . . . References Amatayaku, Margaret.(2003). Handbook for HIPAA Security Implementation. Chicago: Amer Medical Assn. Sullivan, June.(2005). HIPAA: A Practical Guide to the Privacy and Security of Health Data. New York: American Bar Association. Read More