» Creating a Safe and Secure HIT System The Healthcare Transformation: Only Complete Publication on Healthcare Topics: Lean Sigma, Policy, HIT, EMR, Policy, Insurance, Wellness, Globalization, etc.

Posted in February 8th, 2010

For last several months, I have been debating about how to protect data privacy of medical records while making them as accessible as possible.

Most of the people have their bank records. With a password, they seem to be fairly safe. There are occasional thefts which are no different than even now paper copies of medical records are compromised.

So, I do not think one is any less secure than the others. And the justification of personal privacy may be unfounded.

Rather, I shall say that may be IT system in healthcare has not reached the maturity of even financial system then. May be!

Here an idea for healthcare privacy. If we look at the records for an individual, it consists of

Personal Information such as demographic
Personal health record such as exercise, diets, calorie counts etc
PCP records: In most of the cases, PCP has a complete information of an individual. May not be detail enough, but they do have record of most of the health issues.
Specialists such as cardiologist, dermatologist, urologist, etc.
Test Results

The health information is used by physicians, insurers, and researchers. Researchers specially do not need to know the person and their personal identity as log as they have their total description such as age, ethnicity, gender, etc.

Hence to create a system that shares information with all without much risk to security breach, one may create different buckets of information on a line suggested in the bullet items.

Each of these categories are connected, however the personal identifiers are coded. The key to that may be either a password or may even be hardwired into one’s mobile phone. Each segments information can be shared as per the roles and responsibilities.

As for as the PHRs go, very soon the technogy will be such that these will be input from the phone anyway.

Anyone can get all the data. Researchers can use it as for them individual names are not important. For the hackers, it again will have no values as they would not know who does it belong to.

And to find out who does it belong to, they may have to hack into millions of individual cell phones (if we use that to store inormation for authentication) or any other system that has been deemed appropriate to carry authentication information.

1 user commented in " Creating a Safe and Secure HIT System "