Health information exchange (HIE) is not possible without trust and healthcare reform is not possible without interoperable HIE, according to one of the speakers participating in today’s National eHealth Collaborative (NeHC) University’s webcast, “Increasing Medical Record Security.” A doctor twice over, Bill Braithwaite, MD, PhD, is also a Fellow of both the American College of Medical Informatics (FACMI) and Health Level Seven (FHL7) who currently serves as Chief Medical Officer for Anakam and Advisor for Equifax.
While describing the future of healthcare in the form of better care at lower costs, Braithwaite detailed how trust can ultimately hinder the usefulness of HIE:
• If patients don’t trust HIE and they don’t permit their records to be exchanged;
• If providers don’t trust HIE and they don’t exchange health information;
• If patients and provider believe in a greater risk of a health data breach and they don’t entrust their protected health information (PHI) to researches
• Then HIEs lack sufficient amounts of patient information and health reform will ultimately fail.
In the end, building trust comes down to creating safeguards that are credible to both providers and patients. As Braithwaite stressed, “Trust depends on believable security mechanisms and a clean track record.” As result, credible security measures entail assurances of identity for both halves of the provider-patient equation. On the one hand, patients must trust that the provider sending and receiving their information are who they claim to be; on the other, providers must trust that those claiming to be their patients are actually their patients.
When taken to the level of HIE, assurances of identity become increasingly necessary both in terms of the value and the volume of PHI at rest and in transit. For patients, assurances of identity are problematic because of:
• lack of a national standard for patient identification
• difficultly matching and merging records
• time required by providers to verify information in person
• demand for consumer engagement
• fraud prevention
• electronic consent
For providers, assurances of identity raise a slew of concerns regarding:
• remote access to PHI
• access to personally identifiable information (PII) managed by government agencies
• quality reporting and incentive programs (e.g., meaningful use, accountable care organizations)
• fraud prevention
• electronic prescribing (e-prescribing, eRx) of controlled substances.
During this time of transition, authenticating users and verifying individuals is essential but difficult. Many providers are using hybrid medical record systems as they transition from paper-based records to electronic health record (EHR) systems. Even the government still relies heavily on paper or in-person verification, which leads to higher and higher costs, noted Braithwaite.
Privacy is and shall remain a persistent problem for provider, patients, and the health IT professionals who enable electronic exchange. And the potential savings of EHRs will never be realized if security isn’t a top priority. “Electronic health records can save billions when but can’t move forward without solving authentication challenge for providers and individuals,” concluded Braithwaite.
Despite the progress that’s being made in conversations about the privacy and security of medical records, many questions still remain. How many patients currently trust their health information to providers and HIEs? What security measures will make a difference in getting more patients to consent to disclosing their electronic PHI (ePHI)? Lastly, do patients have sufficient information about consent and the exchange of health information to be able to recognize what’s at stake? These are just a few of the questions that need to be answered.
Browse all our white papers by topic:
• Senator John Kerry recommends MITECH Act
• HHS and VA collaborate on sensitive data tagging
• Epic EHR growing pains and improved patient care
• Professors denounce current EHR value
• Mobility of EHR renders paper unfit for purpose