EMR Survey Finds Best Value Resides in Secondary Uses, but what about Data Security?

I read a good article on FierceEMR recently surrounding a PricewaterhouseCoopers survey on electronic medical records (EMRs) that indicated that the secondary use of this information may be an organization’s greatest asset over the next five years. An overwhelming 76 percent of respondents agreed, and pointed to the abilities for mined data to decrease healthcare costs, predict public health trends and improve patient care. EMRs, with vendors such as Allscripts, NextGen and QuadraMed blazing the trail, have been a huge focal point of healthcare payers and providers, pharmaceutical companies and the general public with healthcare reform a primary platform of the Administration.

The PwC report highlighted that hundreds of billions of terabytes of health data are now being collected in EMRs. The focus of the report calls on all the wonderful potential that de-identified and aggregated data can produce for doctors, researchers, insurance companies and pharma manufacturers. According to the press release, the healthcare industry won’t see the full value of EMR and other healthcare IT investments until it adopts standards and subsequently finds secondary uses of EMR data.

While there is significant opportunity with EMR data, the report only briefly calls out concerns, centered on respondent’s feelings that the industry needs better guidelines on how information can be used and shared. Full-on security of the data has been a topic largely ignored by the populous pushing for healthcare reform and EMR standardization.

What about Data Security?
What is glossed over is the need to secure access to EMR data. With so much data being collected, analyzed and shared, organizations need to get a handle on who has access to this data, through which systems and with which safeguards. Who is authorized, how are they authenticated, and how can companies ensure compliance with policies and procedures?

We’ve seen the problems caused by celebrity medical records being breached by hospital employees. Take that issue and multiply it exponentially as the billions of terabytes of EMR data translates into billions of dollars in market opportunity over the coming decades for healthcare providers, insurance companies and pharmaceutical manufacturers. This will spawn a new wave of insider threats, and healthcare access management must be dealt with during the formative stages of EMR deployments… as the old adage states, “an ounce of prevention is worth a pound of cure.”