Privacy & Security
With telemedicine evolving, efforts are underway to provide medical care to refugees in camps using a cloud-based electronic health record built on blockchain, says Brian de Francesca, CEO of Ver2 Digital Medicine.
Buyers of technology such as hospitals have power so their demands for more secure products will be heard by manufacturers, says Parham Eftekhari, executive director of the Institute for Critical Infrastructure Technology.
Nathan Wenzler, senior director of cybersecurity at Moss Adams, says the idea that AI needs no management simply isn’t true and, instead, smart people must be involved to make decisions about the data and findings.
The HELP Committee on Tuesday heard feedback from stakeholders about how the proposed rules from CMS and ONC should be fine-tuned for optimal effect.
The health system will invest $5.5 million in new network security improvements and shell out $2 million for class action claims after the hack exposed the data of 4.5 million patients.
Angelique Carson, editor of The Privacy Advisor at IAPP, says that despite the moaning and groaning leading up to the General Data Protection Regulation, now that it's in place EU citizens are better protected.
Maggie Brunner, program director of Cybersecurity, Emergency Communications & Technology with the National Governors Association, discusses trends in state security, compliance and strategies.
The ultimate goal is patient safety and freeing up money to invest in care.
After a delay to strengthen privacy and security protections, the expansion of the government’s centralised digital medical records system is complete. The rollout of My Health Record reflects a significant shift towards the digitisation of healthcare and Australia’s vision to make patient records more accessible.
This has resulted in the creation of new opportunities to improve care across a range of health services.
The possibilities, while endless, also open up a range of challenges regarding privacy and consent – challenges which nearly 300,000 Australians aren’t prepared to face, having opted out of the system by November 2018.
CONNECTED BUT SECURE
Using digitised services ranging from online health records to remote monitoring tools such as wearables or apps, organisations are seeking to improve patient outcomes.
On the flip side, this heightened level of connectivity also creates additional points of exposure. It may be a bitter pill to swallow, but Australians have shown that they are unwilling to comprehensively divulge all medical information due to privacy and security issues.
What is required the establishment of a proper trust relationship among patients, care providers and digital services. The two critical pieces in doing this are authenticated identity and consent management.
Systems must be secure whilst also facilitating immediate access to patient data and history to inform care regimes. They must also maintain certain levels of user control to ensure that only relevant information is shared with the authorised third party.
As connected care becomes more commonplace, the potential for identity theft also increases, especially if access and controls systems aren’t established from the onset. Ensuring privacy and security of patient data means verifying user identity and permissions to ensure that the mantra “no data about me, without me,” rings true.
CREATING A BETTER SYSTEM
Balancing health data interoperability with patient privacy is another challenge.
Case in point: Sweden’s rollout of electronic health records (EHRs) and the resulting increased regulatory pressure spelt out the need for open healthcare API standards. The use of data from clinical trials, registries and patient outcome databases for research purposes also came under scrutiny when the General Data Protection Regulation (GDPR) was being finalised.
However, in every challenge there is an opportunity.
Researchers are now able to undertake research and apply deep learning on EHRs to predict healthcare-associated infections. It is these kinds of developments that Australian researchers can look to emulate through secure access to EHR databases.
Regardless of the outcome, this kind of progress shouldn’t come at the detriment of meaningful patient control. A simple opt-in checkbox restricts sharing capabilities, limiting a patient's ability to direct how their data is accessed and used on a daily basis.
A patient’s health status can deteriorate or improve in a matter of minutes, and their ability to consent needs to be able to adapt in the same way.
User-Managed Access (UMA) offers patients a simple and powerful way to manage health data ecosystem impacts, allowing them to determine who gets access, for how long and under what circumstances.
Implementing the Health Relationship Trust (HEART) standards, which profile UMA, helps promote patient control and ensure the secure exchange of patient information.
A SEAMLESS EXPERIENCE
With the My Health Record, patients want to interact with a single health portal. This brings with it the expectation that patients want to take charge of their health and digital identity. In this situation, reducing friction from secure authentication experiences becomes more important than ever.
The continued digitisation of the healthcare system, beyond the creation of digital records, means providers must establish systems which accommodate users, devices and the systems which securely facilitate data sharing and recording.
This transformation needs to factor in the consolidation of once-isolated systems and devices to create a unified patient profile across all digital channels. This ensures that services are consistent and personalised, delivering better health outcomes.
A robust customer identity and access management (CIAM) strategy can enable strong authentication and authorisation, while offering a single view of the patient and relevant data, and keeping controls firmly in the hands of the patient in a way that makes managing their health and relationship with healthcare providers seamless.
As digital transformation continues to drive advancements in healthcare, safeguarding patient data will influence widespread adoption. Whether data collected is by devices and apps or through a visit to the doctor, an effective CIAM strategy is critical for organisations wanting to deliver connected care and foster trust with patients.
Eve Maler is Vice-President of Innovation and Emerging Technology at ForgeRock.
Jason Johnson, information security officer at Marin General Hospital and HIMSS Northern California Chapter president-elect, explains the importance of a security leader keeping the faith of users.