internet web systems ii spring 2010 vinay veeramachaneni n.
Skip this Video
Loading SlideShow in 5 Seconds..
Medical record privacy and security PowerPoint Presentation
Download Presentation
Medical record privacy and security

Loading in 2 Seconds...

play fullscreen
1 / 23

Medical record privacy and security - PowerPoint PPT Presentation

  • Updated on

Internet Web Systems II- Spring 2010 Vinay Veeramachaneni. Medical record privacy and security. Overview. EMR/EHR (United States) Why EMR/EHR ? What is Privacy and Security ? The Law Example Scenarios How to Protect? Existing Systems Conclusion. Human Factor.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Medical record privacy and security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
  • EMR/EHR (United States)
  • Why EMR/EHR?
  • What is Privacy and Security?
  • The Law
  • Example Scenarios
  • How to Protect?
  • Existing Systems
  • Conclusion
human factor
Human Factor
  • Medical and health records maintained on paper.
  • Records were send by fax, mail or asked by phone.
  • Possibility of error is most likely by human.
  • Point-of-Care is hard to regulate.
role of technology
Role of Technology
  • Availability of faster Internet and bandwidth
  • Low cost of hardware
  • Low cost of storage
  • Storage at multiple locations/mirrors to recover from failure
  • Software providing enhanced authentication
emr ehr objective
EMR/EHR Objective
  • Digitalize and maintain patient medical records.
  • Electronically maintain and update health records.
  • Invest about $20 billion to improve health care (Stimulus package).
  • Eliminate Health disparities.
why emr ehr 1
Why EMR/EHR ?(1)
  • Lower health care costs
  • Reduce medical errors
  • Improve point-of-care
  • Improve access to data
  • Improve quality of health care
  • Enhance the use of EMR by providers and hospitals.
what is privacy and security
What is Privacy and Security?
  • Ability to keep information about themselves private or reveal to a selected individual.
  • Protect an individual’s trust.
  • Confide with trusted individuals.
  • Security is preventing any unauthorized access to personal information.
  • Store in a reliable location.
  • Prevent any illegal use of information.

Causes and Effects of Insecure Medical Records



Re-route prescription drugs


Information breach


Possibility of illegal use

-Loss of privacy

-Loss of employment

-Loss of insurance

-Improper treatment

-Reluctant to medical


-Social discrimination

Sell to researchers

Social Web


Household members

Poor handling by medical professionals


Related places

poor handling
Poor handling
  • Losing records
  • Discussing in public areas including social web.
  • Bribery
  • Miscommunication
  • Poor analysis
  • Use of data without consent
medical social networking
Medical Social Networking
  • Used for peer-to-peer communication
  • Used to connect members with various physical and mental ailments
  • Impact on the drugs physicians prescribe (Stanford Business School)
  • E.g.: PatientsLikeMe, SoberCircle, Doc2Doc, Healtheva, SurgyTec,……
  • Educational purpose.
  • Discussing related cases and cure.
example scenarios
Example Scenarios
  • Hackers hold Virginia medical records for ransom (Washington post, May 4 2009). Hackers threatened the state government that they will sell the medical records of 8 million patients and prescription drug monitoring records, unless the government pays a $10 million ransom.
  • One outsourced medical transcriptionist threatened to post patient medical records online.
example scenarios1
Example Scenarios
  • Private medical records for sale: Patients’ files outsourced for computer input end up in black market. ( 18th Oct 2009)
  • Confidential medical records of patients of Britain’s Hospital were illegally sold in the black market in this case to under cover federal agents.
example scenarios 2
Example Scenarios(2)
  • Medics tweeting and posting data in social Websites.
  • An insurance agent found out the abortion of his niece and told her parents.
  • An employer illegally accessed the medical record of the employee’s HIV status.
the law
The Law
  • HITECH Act – Health Information Technology for Economic and Clinical Health Act, 2009.
  • “Meaningful Use” of EHR and set of standards.
  • HIPAA act, 1996 – Health Insurance Portability and Accountability Act
  • American Recovery and Reinvestment Act.
how to protect
How to Protect?
  • Fair practice
  • Patient and professionals’ training
  • Prevent mishandling of data
  • Optimize the information
  • Provide better authentication
  • Securing the facilities (Hospitals and Healthcare Institutions)
  • Limit use of social networking, not to discuss about patients
  • Provide standards and responsibilities
how to protect1
How to Protect?
  • Do not enter personal data
  • Identify theft
  • Red flag any misuse
  • Penalties
  • Report any illegal activity
  • Report Phishing Websites
  • Business treaties that provide data protection.
security 11 north carolina state university
Security (11)(North Carolina State University)
  • Study on Certification Commission for Health Information Technology (CCHIT)- US HER certification organization.
  • OpenEMR software
  • Static Analysis summary of 1210 alerts
  • Vulnerabilities like Cross-site scripting, nonexistent access control, path manipulation, error information leak.
study of errors openemr
Study of Errors (OpenEMR)

Cross-site Scripting

Error Message Information Leak

existing systems
Existing Systems
  • Shibboleth (Johns Hopkins)
  • Verisign
  • eClinicalWorks EMR (Tufts Medical)
  • E-MDs
  • Dr.I-Net
business intelligence
Business Intelligence
  • Cost Savings
  • Improved Margins
  • Improved Patient Satisfaction
  • Better care
  • (Research by Microsoft)
  • (Nemours-Pediatric Health System)
  • Privacy is always an ongoing debate also with personal identity and financial data.
  • Digitalizing medical data became a law in United States and also implemented globally.
  • Just as any financial organizations, hospitals also must provide enhanced authentication.
  • Towards Improving Security criteria for certification of HER system