1 / 18

MAINTAINING SECURITY AND PRIVACY OF PATIENT INFORMATION

MAINTAINING SECURITY AND PRIVACY OF PATIENT INFORMATION. September 2, 2006 Frank E. Ferrante , MSEE, MSEPP President FEFGroup, LLC Past Chair, Medical Technology Policy Committee IEEE-USA, Washington, DC Presented at 28th IEEE EMBS Annual International Conference

jocasta
Download Presentation

MAINTAINING SECURITY AND PRIVACY OF PATIENT INFORMATION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MAINTAINING SECURITY AND PRIVACY OF PATIENT INFORMATION September 2, 2006 Frank E. Ferrante, MSEE, MSEPP President FEFGroup, LLC Past Chair, Medical Technology Policy Committee IEEE-USA, Washington, DC Presented at 28th IEEE EMBS Annual International Conference Aug 30-Sept. 3, 2006, New York City, New York, USA

  2. Outline • Why Electronic Medical Records? • Software Sample/hardware samples • Barriers/Standards for EHR • HIPAA Security and Privacy Regulations • Medical data transmission requirements • Wireline and Wireless Telecommunications Services Security • Security of Patient Medical Records • References

  3. Why Electronic Medical Records (EMRs) • Time spent filing and pulling patient charts, searching for charts • Time re-creating records if destroyed by natural disaster or accident • Cost of supplies to maintain charts • Cost of facility space for records (can better use of space be made?) • Storage and Backup Cost • Transcription services cost • Cost of doing nothing today • Better Security/Privacy Maintainable

  4. Software/Hardware Supporting Digital Medical Records • Electronic Medical Record (EMR)Software • Soapware - check it out $300 Starting Price see: http://soapware.com/ • e-MDs Electronic Medical Record Support Software http://www.e-mds.com • a4Healthsystems EMR and Access systems http://www.a4healthsystems.com • Companion Technologies http://www.companiontechnologies.com • Security and Privacy - all EMRs must be protected • Sample approach: indigenous authentication of digital information (US Patent 6,757,828 B1 of June 29, 2004) by Signa2 http://www.gjtdc.com • Backup routinely onto remote servers or storage offerings

  5. What are the Barriers to EHR and e-Health Implementation?* • Lack of a Unique Personal Identifier • Lack of HIPAA Compliant Middleware • Lack of Incentives • No Paradigm or “First Mover” for Some System Components • Evolving Standards • Disincentives • Lack of an NHIN Architecture • [Fear of Cost/Benefit] * [Corr 06]

  6. Barriers and SolutionsIdentifiers and Middleware • Lack of a Unique Personal Identifier: • Solutions: • Voluntary Personal Healthcare Identifier (IEEE-USA Voluntary Healthcare Identifier Position Statement, 17 June 2004) • Center for Certification of Health Information Technology Multiple ID Approach (Provider ID + Provider Unique Personal ID) • DOD Common Access Card Model • Lack of HIPAA Compliant Middleware: • Solutions: • RHIO Contracts • Marketplace Solutions • Shortcomings: • Public Health and Research Interfaces may not be included HIPAA compliant Identification, Authentication, and Access * [Corr 2006]

  7. EHR Standards Evolution* • International Statistical Classification of Diseases and Related Health Problems (ICD) from ICD-9 to ICD-10 • ASCI X12 Version 4010 to ASCI X12 Version 5010 (HIPAA Business Transactions) • National Council for Prescription Drug Programs Telecommunication Standards from version 5.1 to version D.0 • Conversion of all standards to XML * [Corr 06]

  8. HIPAA Security and Privacy Regulations • Health Insurance Portability Assurance Act (HIPAA) • Security - Required stronger and more focused provision of security around medical information (supports maintaining of information privacy) • Privacy - Enforces increase in privacy protections for medical information (Not just speaking privacy- required under penalty if failure occurs)

  9. Electronic Medical Record (EMR) Data Requirements • Page of text for entering and storing non-image information • Less than 64 Kbytes(large file) • Image Data • (Refer to estimate table)

  10. Medical Images Data Transmission Requirements* *Source: Ferrante, F.E.,“Evolving Telemedicine/eHealth Technology,” Telemedicine and e-Health, Vol 11, Number 3, June 2005, Mary Ann Liebert, Inc Publisher, ISSN-1530-5627.

  11. Wireless Telecommunications Services • Broadband Services • 802.11n • WiMax • Security • PKI • VPN • Secure ID • WEP/WPA/WPA2 (802.11i)

  12. 1,000 Ultrawideband 100 4G cellular Wi-Fi (802.11n) WiMax mobile (802.16e) Wi-Fi (802.11a/g) 10 3.5G cellular Wi-Fi (802.11b) WiMax (802.16) Bluetooth 2.0 3G cellular 1 Bluetooth 1.2 2.5G cellular -1 2G cellular Established Emerging How New Technologies Stack Up Actual performance will vary depending on factors such as how the technology is deployed, the user’s distance from base stations, and interference. WPAN WLAN WMAN WWAN Data Rate (megabits per second) Source: Technology Review, October 2005

  13. Security of Patient Records • Wireline Communications/Computer Access • Database Encryption • Public Private Key access control • Routine Password Control and Management • Isolation of Database Server from outside access • except via Virtual Private Network (VPN) and Secure ID hand-held devices or Secure Private Key system • Wireless Communications • Wire Equivalent Privacy (WEP) • Poorly designed, vulnerable • Wireless Protocol Architecture (WPA)& WPA2 • Improved Security Encoding • Enterprise Security Offering(Both WPA and WPA2 now available for Wireless operations as alternate to WEP)

  14. References • [Corr 2006] Corrigan, Mike (Current Chair MTPC), “Consumer-Centered Electronic Health Records and e-Health - Roadblocks and Opportunities,” presented to GEIA Roundtable, June 29, 2006 -Available at:http://www.ieeeusa.org/volunteers/committees/mtpc/index.html • [IEEE-USA]IEEE Medical Technology Policy Committee Web Site - ttp://www.ieeeusa.org/volunteers/committees/mtpc/index.html

  15. Backup Slides

  16. Top Level EHR Components Personal Health Record (PHR) or Personal EHR Healthcare Provider or Clinical EHRs Payer Records or Payer EHRs Glue Other Healthcare System Records

  17. Limited PHR Full PHR • Uncertified • Demographics • Allergies • Medications • Inoculations Personal Health Record • Certified • Demographics • and Identity • Links to other EHR components Personal Health Record Personal EHR Personal EHR Health Insurance Payer Records Carrier EHR Hospital Records Physician Office Records Dental Office Records Pharmacy Office Records Laboratory Records Provider EHRs Radiological Records EMT Records

  18. Lifetime Full PHR Personal Health Record Anonymized Links with Trusted Reverse Channel Links Public Health Records Environmental Records Prenatal and Pediatric Records Research Records Military and VA Records Genomic Records Employer and Self Insurance Carrier Records Medicare Records Death Certificate and Autopsy Records

More Related