Today’s society is informationdriven and is a world of instant access and connections. In a society wherenearly every person has access to a personal mobile phone or hand held computerwith access to worldwide internet and nearly unlimited access to information onnearly any topic, including medicine and healthcare, it’s become paramount forhealthcare organizations and provides to adapt their practices. The change,however is difficult and the process is slow. This paper examines challengesfor implementation of electronic health records (EHR) and patient privacy andsafety. Main drawbacks are lack of sophisticated information managementsystems, the cost of implementation of system wide processes, and concern forprivacy and information safety. Americanhealthcare is plagued by a multitude of problems, these problems are complex,multifactorial and highly controversial. Problems include cost inflation,growing and aging population, lack of access to healthcare in rural areas and increasingdemand for highly trained health care professionals (Adams, 2016).
Theseproblems would not be easy to fix but to begin the process the underlyingcauses of these problems need to be identified. The process of identificationis made easier with the adaptation of electronic processing systems andimplementation of electronic medical records (EMR) and electronic gathering andanalytical information management systems. The “big data” that is collected includeall interactions, encounters, examinations and outcomes for patients. This datais then analyzed and processes to create new protocols of care and improve theexisting ones (Adams, 2016, Greennia, 2017). Universal adaptationof EMRs, EHRs and “big data” analysis is crucial in today’s day and age.Management of severe or chronic disorders relies more on continues monitoringof patient status, gathering and interpreting important data from varioussources and points of care. Care is coordinated across multiples industries andspecialties each relying on individual information management systems. A newmodel of care is becoming imperative.
A model which incorporates all of thedata gathering across time line of care and allows instantaneous access forboth the patient and the provider. A new model of coordination of care wouldfacilitate patient involvement in decision making process and improve access toevidence-based practice. Universal implementation of this model is impeded byfactors such as cost, provider drawback and concern for patient privacy andsafety. Cost associatedwith implementing a new data gathering and processing system is preventing manyof the smaller healthcare providers from implementing the change. The goal EHRadaptation is to improve outcomes, quality, and safety. Interoperability ofinformation management systems would increase efficiency, productivity andprovide cost reductions; and increase patient satisfaction and experience(Harvey, & Harvey, 2014).
Unfortunately, the cost of implementing acomprehensive management system remain a major challenge, for many independentpractices and smaller or rural medical centers. Under the American Recovery andReinvestment Act of 2009 (ARRA), which emphasizes the need to move toward theuse of EMRs, providers are pushed to buy complex and expensive operationalsystems that are not user friendly, require more expenses and extensivetraining for providers if they need to be optimized or replaced at later time(Kellermann & Jones, 2013).The drawback formmore traditional providers is associated with lack of experience with commuter systemsand need for extensive training. Extensive training is needed to implement anew organization wide information processing system. Many employees arereluctant to change a familiar routine and adapt new ways of operation citingincreased time consumption, high risk for accidents during integration process,and difficult to operate systems that require extensive training and frequentupdates (Kellermann & Jones, 2013).
Car makers provide a variety of makesand models, yet the operating principles are simple enough for any person todrive the car off of parking lot without extensive training manual reading.Financial corporations allow people to, with a few clicks of a mouse, easilytransfer money and access any financial information from any location.Easy-to-use health records and operational systems would allow for patient toeasily access their information in case of need and share their result withhealth care providers. Interoperable systems would allow providers to save timeon assessment and simplify diagnosing or interventions.
One of the biggestconcerns is patient safety and privacy. The Health Insurance Portability andAccountability Act of 1996 (HIPAA) imposes costly penalties on healthcareorganizations for noncompliance with its privacy and security rules. The HealthInformation Technology for Economic and Clinical Health Act (HITECH)substantially increases the penalties for noncompliance. Any organizationcovered by HIPAA and the HITECH Act must meet new minimum privacy and securityrequirements, while continuing to monitor and comply with the growing number oflaws that govern patient information in every state in which the organizationoperates. Possible HIPAAviolations or data breaches due to incompetence or cyber-attacks can expose avast majority of people to financial and physical risks. Ethics and law regulatethat patients should have unrestricted access to their medical records.Providers must be able to see the previous and current information toadequately treat patients. These situations create possible openings forprivacy breaches i.
e. unauthorized access to health information orunintentional sharing of private information. A study of 949 data breaches ofpersonal health information that each affected more than 500 individuals foundthat about two thirds of the breaches involved theft (58.
2 %) or hacking (7.1%). In the same study, another 11.1 % of breaches involved loss or improperdisposal of data (Bhuyan, Bailey-DeLeeuw, Wyant, & Chang, 2016). Technical,regulatory, and economic issues persist. While companiesare obligated to provide access for patients to their information, the securityof this information is often questionable.
The encryption of information andstorage is often inadequate and can be frequently accesses by authorizedpersonal with access central EMR. A system has been proposed which allowspatients to regulate the type of data that can be accessed by the providers,like mental or reproductive health, HIV status or other STD panels, or givingadolescence access or sole responsibility for their EHR. Effectively, thissystem would reduce access to private information and allow patients to onlyshare relevant or pertinent information. Such system would also allow for adigital fingerprint to be left whenever someone accesses EHR. Unfortunately,such system would require a highly educated consumers and raise many questionsas to what information is actually pertinent to a given situation or how toaccess the information in an emergent situation or if the patient isincapacitated (Bhuyan et al., 2016, Kellermann & Jones, 2013).On the other hand informationtechnology provides an invaluable resource.
Health data repositories provide anearly unlimited access to vast collection of information. In 2004, thenational Cancer Institute center in Bioinformatics launched the cancerBiomedical Informatics Grip (caBIG). The data grid aimed to expedite knowledgediscovery and improve patient outcomes by supporting data sharing. CaBIG, wasbuilt in accordance with risk assessment process and this example may serve asa reference model for developing sharing and security frameworks for othermulti-institutional data-sharing.
Review of caBIG concludes that secure,large-scale data-sharing in a regulated environments is possible, the challengehere is creating of models and common regularity processes and uniformencryption and processing systems (Bromwich & Bromwich, 2016).Cloud computingprovides a significant cost reduction and allows people with less IT expertiseto fully operate health services. Cloud computing allows for sharing ofcomputing resources and usage of external storage and management services. eHealthallows smaller health care organizations to implement information processingsystems and mHealth allows for simplification of access to data repositorieswhile maintaining adequate level of security, flexibility and adaptability ofinformation (Bromwich & Bromwich, 2016, Harvey, & Harvey, 2014).
Thesesystems use multiple layers of security, including digital signatures, hashingand encryption and allow for benefits of using mobile devices at remote pointsof care, and leveraging big data analytics to streamline the collection anddelivery of patient health information in emergency situations. These platformscan be built on mobile phones, PDAs or tables and can be wipes to protectpersonal health information (PHI). The benefits of cloud computing outweigh thesecurity concerns, although extensive education must be provided to bothproviders and patients to ensure safe and effective use of information. To implement thesesecurities several strategies have been suggested and as literature reviewsuggests these could be summaries as follows: Construct a separate legal entityfor governance of large-scale, federated, data-sharing initiatives, and centralauditing authority. Define risk models and risk management processes for datawithin the organization, inter-organizational sharing and public access.
Develop a technical infrastructure to support the credentialing process in theregulated environment. Develop or acquire acceptable HIPAA and research ethicstraining modules for the entire federated community. Encrypt all mobiledevices, use location tracking software to remotely wipe data on device if itis lost or stolen. Provide training of cyber security for employees so theyunderstand measures taken to prevent data breaches (Bromwich & Bromwich,2016, Kruse, Smith, Vanderlinden, & Nealand, 2017, Parwan, 2017).Ensuring thesesecurity measure are taken has become a major concern for organizations andtheir stakeholders. Clinical records hold a life-changing power.
Recordsdocumentation, gaps, inaccuracies, even tone can have a major effect on aperson’s life. When a record’s security is breached, identifying informationlike diagnosis, medications, clinical history, and a patient’s most sensitive andprivate information may find its way to an array of people and organizations,perhaps exposing the patient to gossip, ridicule, identity theft, exposure ofprivate information on social media, and worse (Pope,2015). Due to insufficient medical knowledge among patients, the contentof medical records might cause misunderstanding and also inappropriate sharingof medical information. Privacy is therefore a major concern andproviding safe and effective care is dependent of protection of personalmedical records. That being said, information has to be shared.
Patient’sdiagnosis and test results must be shared among the team of healthcareproviders, certain information must be shared with insurance companies forbilling and coordinating purposes. Legal information may be needed for courthearing and de-identified data may be used for research and academic purposes. Thisposes a major challenge, as de-identification of data assumes that there’s aspecific, static list of identifying pieces of information and the use of suchdata is sufficiently safeguarded from recognition or misuse. Plethora ofidentified identity breaches and data leaks prove the opposite. The informationis not adequately safeguarded.Transparency iskey. Transparency is data storage and use would allow for patients to be moreinformed and would force a measure of accountability for the organizations.Patients and front line providers should have a strong say in what pieces ofinformation should be saved, what information should be redacted and how theinformation should be used.
As it stands now one in six people withholdinformation, provide false information, frequently change doctors, pay out ofpocket to avoid releasing insurance information or even avoid care, all inorder to protect their personal medical information out of fear that they willsomehow be reprimanded (Kaplan, B. (2016). Extensiveeducation of both patients and employees and building of trust is crucial forproviding security and quality patient care.
Even with vast majority of people(96% percent of people participating in medical record sharing study) agreeingthat information sharing would lead to better care aforementioned lack of trustis concerning (Caine, & Tierney, 2014). Data security, health care qualityand work impact are major concern of different types of EHR users. Wang et al. (2015)performed a study which examined different users’ attitudes towards EHR, theirimplementation and concerns for safety and effectiveness. The clinical staffagreed that user interface (UI) had a great impact on willingness to use thesystem, complicated UIs diverted attention and willingness to learn the system,also clinicians expressed concern that privacy of patients may be violated andthat the implemented system should protect privacy through conditionalimplementation by consent of patient.
Clinicians agreed that the intentions ofimplementing EHR and cloud computing in healthcare, if adequately secured,would have a vastly positive affect on productivity, quality, and costs and mayimprove the relationships between patients and physicians. Furthermore, medicalrecord staff, like clerical and billing department employees as well aspatients themselves expressed concern for confidentiality and ease of use forthe implemented system. This further illustrates the importance that thedevelopers must stress these critical aspects of the system. Healthcare providers and administrators understand hat trust is central to achievinggood health care. Providers understand that if they violate patient trust theywill lose this trust and this will prevent them from achieving good outcomesand effective care.
Providers understand that if privacy is insufficient, somepatients will avoid care altogether or withhold health information fromproviders. Insufficient privacy may also pose risk to public health, withpatients opting out of participating in health research, with nearly 30 percentof adults declining due to concerns that their personal information would notbe kept private and confidential. Given this it’s not surprising that providersare some of the strongest advocates for maintaining patient privacy (Caine & Tierney, 2014). U.S.government, under HITECH legislation has developed “meaningful use” criteriafor EHT.
The top priority outcomes for implementing EHR are improving quality, safety,efficiency and reduction of disparities, engaging patients and families intheir health, improving care coordination, improving population and public health,ensure adequate privacy and security for patient health information. Unfortunatelyduring this transitional phase where health information technology is beingrushed into use, is difficult to use, falls short of promises for reducingworkload, and in many cases, increasing workload. The principle that patienttrust is fundamental to success for healthcare must not be forgot in the rushto implement technologically superior health care system.
To achieve meaningfuluse, the programs were to roll out in stages with specific deadlines but inmany cases the roll out has fallen short due to provider reluctance or softwarevendors not keeping up with the demands and the cost or implementing, as thereare currently over 700 vendors selling EHR and over 1,750 different forms of EHRs.(Caine & Tierney, 2014, DeAngles, 2015, Buchbinder & Shanks, 2017) A nationalEHR network would allow the EHR data to be standardized, maximizing integrationof EHRs and allowing for interoperability and therefore, decrease needless costsassociated with poor data. DeAngles, (2015)found a nearly 10% decrease in cost of treatment corresponding toimplementation of advanced EHR, also interoperability based on standardizedprotocols for encryption and storage, would control costs associated with fraudand abuse, associated with duplicate testing and billing. The office ofInspector General (OIG) in 2014 suggested a plan for pushing compliance andreducing waste in EHR implementation, OIG would review privacy and security protocolsand audit institutions receiving financial incentives for participating in EHRimplementation. Unfortunately OIG still largely ignores the interoperability issuesleaving vendors with incentive to spend time and resources to synchronize theirproducts. Current laws regarding EHR transferare prohibitive of interoperability and effective information sharing. Manystates have more restrictive legislation when compared to HIPAA, renderingaccess to patient data difficult and national EHR with interstate data transferineffective. The federal regulation such as HIPAA and HITECH should be viewedas most stringent, in terns or privacy regulation.
National EHR may not necessarilybe run by the federal government, as many people do not trust the government tokeep their information safe and protected (Foley, 2006). Instead a third party contractorshould be in charge of information storage and safety, with central governingagency auditing the facility and safety protocols. Qian, Li, Zhang & Han, (2014)provide multiple approaches for establishing privacy-preserving securityprotocols to assist patients with achieving access control. A de-centralized approachto national EHR implementation with multilayer securities, such as allowingpatients to grant access to specific parts of EHR to providers of their choosing,by providing corresponding encryption keys and digital signature withtimestamps to provide accurate access log. A centralizedarchitecture approach is based on central repository where all nationwide EHRdata are stored, with formal consent obtained, the patients’ health data isintegrated from multiple providers encrypted on both ends to provide multiplelayers of protection and de-identified in case the data could be used forresearch studies. Patients may select which other data they wish to be includedin their EHR and who would have access to which parts of the EHR, for examplepatients may feel that a podiatrist may not need to see therapist’s notes, yetfamily members may be able to see some of the general information from system’sportal. This system set up would allow patients to have control over theirinformation, the physicians would be able to access a complete data repositoryin case of an emergency, and information requisition would be simplified forthe billing and insurance purposes (Fragidis,Chatzoglou & Aggelidis, 2016).
Thebenefits of centralized repository is fast processing of information, but thelimitations are tied into security, cost of maintenance and redundancy of informationif the entire EHR is stored and not summarized. A proposed semi-distributed approachtakes into account the benefits of both centralized and distributed datastorage approaches. With several distribution points, security is maintained ifone of the centers is compromised, but the processing speed is increased fromwhen the information is stored locally at provider’s locations, alsoeliminating costs for individual providers to host and maintain data repositories (Fragidis, Chatzoglou & Aggelidis, 2016). To implement such system aunique identification number such as the Social Security number may be used totie the repository to an individual and individualized PINs for accessgranting. A centralized auditing organization is needed to oversee the implementationof the nationwide system. Extensive education would need to be provided to theemployees, managers, patients and family. While theinitial costs of EHR implementation are concerning and pushback form patientsand providers is well understood.
The benefits of such systems overweigh theinitial concerns. Increased speed in EHR access, medical errors prevention,cost saving by diagnostic examinations and medication reduction, improve healthinformation quality. With the benefits in mind, the federal government shouldfocus on creation of centralized approach to data sharing with standardized protocolsso that EHR vendors would be focused on creation of user friendly interoperablesystems.
Patient concerns for safety should be addressed by implementingmultilayered security system in a decentralized, semi-distributed repositories.Cloud computing for reduction for cost and ease of access with web based applicationfor information sharing. The challenges for health managers are still numerous,but well understood with multiple solution available. The focus must be made onthe fundamental problems for implementation for EHRs.