PHI Access Requires Robust Security and Privacy

In a January 2009 speech, President Barack Obama said, “electronic records will cut waste, eliminate red tape, and reduce the need to repeat expensive medical tests [and] save lives by reducing the deadly but preventable medical errors that pervade our health-care system.”

However, as a nonprofit organization recently reported, over the last five years more than 45 million U.S. electronic health records (EHRs) were either lost or stolen by insiders and/or outsiders. How do we reconcile the absolute need of timely information access critical to patient welfare, while simultaneously protecting a patient’s right to privacy as granted by HIPAA and HITECH?

The solution is to implement policies and technologies that protect a patient’s privacy while granting secure access to those authorized professionals who must have the information in medical files to save lives. The technologies must allow clinicians to incorporate access to personal health information (PHI) in EMRs and other clinical applications in a manner that supports patient care rather than one that impedes it.

Many implementations of clinical applications failed due to processes dictated by clinical software that destroyed the efficient workflows formerly practiced by the clinicians. Therefore, smart implementations that facilitate the rework of processes that leverage healthcare IT (HIT) solutions deliver the greatest value to patients, clinicians and institutions.

Privacy and security surveillance programs also help ensure that access to PHI is on a need-to-know basis. Just like disease monitoring projects that look to identify potential outbreaks early (e.g., flu), similar approaches can be used to proactively assess whether inappropriate access or security breaches are occurring in patient care databases. If evidence of potential problems arises, proper actions can be taken to substantiate and close the security and/or privacy hole.

Combining patient privacy technology with fast, secure access to EMRs is a powerful prescription for advancing the use of clinical HIT applications to improve patient care.