A Viewpoint of Security for Digital Health Care in the United States: What's There? What Works? What's Needed?

A Viewpoint of Security for Digital Health Care in the United States: What's There? What Works? What's Needed?

Steven A. Demurjian (University of Connecticut, USA), Alberto De la Rosa Algarín (University of Connecticut, USA), Jinbo Bi (University of Connecticut, USA), Solomon Berhe (University of Connecticut, USA), Thomas Agresta (University of Connecticut Health Center, USA), Xiaoyan Wang (University of Connecticut Health Center, USA) and Michael Blechner (University of Connecticut Health Center, USA)
DOI: 10.4018/978-1-4666-8756-1.ch062
OnDemand PDF Download:
List Price: $37.50


In health care, patient information of interest to health providers, researchers, public health researchers, insurers, patients, etc., is stored in different locations via electronic media and/or hard-copy formats. All potential users need electronic access to health information technology systems such as: electronic health records, personal health records, patient portals, and ancillary systems such as imaging, laboratory, pharmacy, etc. Controlling access to information from multiple systems requires granularity levels of privileges ranging from one patient to a cohort to an entire population. In this paper, we present a viewpoint of the state of secure digital health care in the United States, focusing on the resources that need to be protected as dictated by legal entities and regulations, the available approaches in the present state-of-the art, and, the potential needs for the future of security for digital health care. By utilizing a real world scenario, the authors explore the limitations of health information exchange in the United States, and present one possible architecture for secure digital health care that builds on existing technology alternatives.
Chapter Preview

1. Introduction

Over twenty years ago, two articles related to health care security were published that were noteworthy for the time. In (Biskup, 1990), privacy and confidentiality in medical information systems was explored, advocating a role-based approach, and detailing the state-of-the-art in available systems. In (Ting, 1990), a case study of mental health delivery from information and semantic perspectives was presented, providing scenarios of usage of information by physicians, nurses, etc., and promoting a role-based approach as the most appropriate solution. What is surprising is what has stayed the same and what has changed over the last 20 plus years in the health care domain in terms of tracking patient care (via paper or electronic form) and facilitating secure information exchange as a patient transitions between care settings, more specifically in the United States. For instance, in 1990, would anyone have predicted the introduction of the Health Insurance Portability and Accountability Act1 of 1996 (HIPAA) Privacy and Security Rules for protected health information? At the time, health care delivery was based more on paper than electronic health records (EHRs). How about the Genetic Information Non-discrimination Act (GINA)2 of 2008? GINA aims to protect a patient's genetic information against discrimination in health insurance and employment. Or even the Ethical, Legal and Social Implications (ELSI) research program? ELSI was introduced to manage genomic data for personalized medicine. There have also been dramatic changes in patient care, including: EHRs in some medical doctor offices (“implementation rates reached 68% in family practices in 2011”3 while “just 27% of physicians used EHRs with multi-functional capabilities”4); and, personal health records (PHRs) for patients to store their own health information (and download medications from a pharmacy, share data with providers, etc.). Evolving needs for health care delivery include a Patient Centered Medical Home5 where one provider coordinates care for patients with chronic diseases; an accountable care organization (ACOs)6 to coordinate providers regarding Medicare patients with chronic conditions; and the upcoming Meaningful Use Stage 27 capability for patients to be able to view, download, and transmit their records which will require the development of a standardized transmission of all types of medical information. These three and other evolving initiatives will require secure data collection from multiple health information technology (HIT) systems.

Complete Chapter List

Search this Book: