Data Security in Electronic Health Records

Data Security in Electronic Health Records

Stefane M. Kabene (Institute of Management. Ecole des Hautes Etudes en Sante Publique (EHESP), France), Raymond W. Leduc (University of Western Ontario, London, ON, Canada) and Candace J. Gibson (University of Western Ontario, London, ON, Canada)
DOI: 10.4018/978-1-61692-010-4.ch010
OnDemand PDF Download:
No Current Special Offers


Traditionally, patient information has been recorded on paper and stored in file folders at healthcare facilities and within physicians’ offices. The implementation of electronic health records (EHRs), the lifetime record of an individual’s health and health services delivered, allows for information to be stored on computers and offers the opportunity to store considerably more data, in much less space, with new efficiencies and value added as information is easier to access, legible, timely, non-redundant and readily available. However, there are many issues to consider with the implementation of a fully shared EHR. The protection of the information contained in the record is of the utmost importance as individuals stand to become quite vulnerable if that personal health information is compromised or accessed by unauthorized users. Therefore, one of the goals of this chapter is to uncover ways in which personal health information is being protected in EHR systems. The second objective, a broader one, examines what regulations, legislation and policies are in place that remove some of the uncertainty and risk and make the use of shared information safe and secure. Many of the techniques and technologies used so far are adopted from the corporate world, where data security has been an issue for some time. Current legislation in the United States and Canada at both the federal and state/provincial levels has addressed the general principles of data security and privacy but are still lacking in specifics with regard to cross-jurisdictional sharing of health information and the implementation and use of EHRs. Many of the researchers and studies on the subject find this to be one of the most important areas of concern moving forward. The opportunities for EHR implementation and use are exciting as they have the strong potential to improve both individual health care and population health, but without proper regulation and policies in place it is possible that the risks may outweigh the benefits.
Chapter Preview

Conceptual Framework

With the ability to store large amounts of data from multiple sources in a small space and relatively inexpensively, EHRs are becoming a desired goal in the healthcare industry. The electronic health record, the longitudinal record of an individual’s encounters with the health system and various health providers, is the goal of the ultimate multi-user, multi-facility, multi-purpose record. The EHR is envisioned as connecting institutional or facility-based electronic paper records (EPR) and the physician-provider electronic medical record (EMR) to provide a comprehensive lifetime record of care. The EHR will include information from different healthcare providers and in different formats, for example, text, voice, and digital images. This information, including demographic and clinical data, diagnostic results, alerts, reminders, and evidence-based decision-making support, should be accessible only to authorized users. A truly integrated electronic health record facilitates data linkage and data sharing among a number of different users in geographically different locations. The EHR supports care by multiple providers, and the use of health data for secondary purposes such as research, planning, management and administrative decision making. It provides value well beyond the capabilities of the current paper record. It also presents challenges in sharing information across jurisdictional boundaries and the maintenance of privacy and confidentiality (Crook, Gibson, Adam, Levesque, O’Reilly-Brunelle & Hwee, 2009; Dick, Steen & Detmer, 1997).

Potentially, patient information including everything from family medical history, laboratory results, medication information, and even a genomic map of the individual could be stored for access to anyone who might have an interest in the information and is authorized to access it. Patients would be able to look up lab results from home, or have prescriptions refilled and delivered (Wiljer et al, 2008). A Health Canada review (EXOCOM Group, 2001) of privacy technology stressed the benefits for healthcare professionals as faster access to health records, facilitation of better care, reduction of costs, accommodation of future developments and support of clinical and health services research.

Complete Chapter List

Search this Book: