A Viewpoint of Security for Digital Health Care in the United States: What's There? What Works? What's Needed?

1. Introduction

Over twenty years ago, two articles related to health care security were published that were noteworthy for the time. In (Biskup, 1990), privacy and confidentiality in medical information systems was explored, advocating a role-based approach, and detailing the state-of-the-art in available systems. In (Ting, 1990), a case study of mental health delivery from information and semantic perspectives was presented, providing scenarios of usage of information by physicians, nurses, etc., and promoting a role-based approach as the most appropriate solution. What is surprising is what has stayed the same and what has changed over the last 20 plus years in the health care domain in terms of tracking patient care (via paper or electronic form) and facilitating secure information exchange as a patient transitions between care settings, more specifically in the United States. For instance, in 1990, would anyone have predicted the introduction of the Health Insurance Portability and Accountability Act¹ of 1996 (HIPAA) Privacy and Security Rules for protected health information? At the time, health care delivery was based more on paper than electronic health records (EHRs). How about the Genetic Information Non-discrimination Act (GINA)² of 2008? GINA aims to protect a patient's genetic information against discrimination in health insurance and employment. Or even the Ethical, Legal and Social Implications (ELSI) research program? ELSI was introduced to manage genomic data for personalized medicine. There have also been dramatic changes in patient care, including: EHRs in some medical doctor offices (“implementation rates reached 68% in family practices in 2011”³ while “just 27% of physicians used EHRs with multi-functional capabilities”⁴); and, personal health records (PHRs) for patients to store their own health information (and download medications from a pharmacy, share data with providers, etc.). Evolving needs for health care delivery include a Patient Centered Medical Home⁵ where one provider coordinates care for patients with chronic diseases; an accountable care organization (ACOs)⁶ to coordinate providers regarding Medicare patients with chronic conditions; and the upcoming Meaningful Use Stage 2⁷ capability for patients to be able to view, download, and transmit their records which will require the development of a standardized transmission of all types of medical information. These three and other evolving initiatives will require secure data collection from multiple health information technology (HIT) systems.