PracticalDermatology

Many concerns have been raised about electronic health records (EHRs) over the last several years, but often lost amid the discussion of Meaningful Use is the issue of security. Last month, however, the emergence of several news stories over breaches into EHR systems has thrust privacy and security issues into the spotlight and given both users and non-users of the technology much to reflect on.

Breach and Error

Before any individual cases were reported, an article for the website ModernHealthcare.com noted that “nearly 21 million individuals had their medical records compromised in breaches large enough to require public reporting to the Office for Civil Rights at HHS.” Specifically, the article reports that the HHS site lists 477 breaches since September 2009, which have affected more than 500 people. The nature and severity of the breaches likely vary, nevertheless 477 breaches represents a significant number in less than three years, especially when you consider the relatively slow adoption rates of EHRs. Only days after this report, Bloomberg reported a case of cyber-terrorism in which hackers encrypted health records and held data for ransom. The attack occurred against a small practice in a northern Illinois suburb and compelled the doctors to shut down the EHR and report it to authorities. According to Bloomberg, more than 7,000 patients were affected.

Another recent story, although not necessarily related to a security breach, also created headlines regarding EHRs and patient safety. According to the Contra Costa Times, a new computer system at Contra Costa medical facilities recommended what could have been a fatal dose of an inmate's heart medication. The administering nurse recognized the error and did not administer as the system had indicated. Nonetheless, this case and the recent reports of system breaches remind us that EHRs remain on fragile ground. Indeed, as digital communication and cloud-based servers are used more in both our own industry and others, security will be an ongoing concern that technology companies continue to address. We may be no less secure now than in the paper-based era, but stories like this are a reminder that there will be speed bumps along the way and that what may be a small glitch in a system could have serious implications if an error occurs in practice or if patient records are compromised.

Unfortunately, given how new much of this technology is, enacting specific precautions to protect yourself, your practice, and your patients against malfunction or breach is a challenge. Nevertheless, if you use an EHR or are considering investing in one, learning the company's security profile is critical. Also, the HHS site offers additional information, including risk analysis guidance and a HIPAA security rule kit that can assist in guiding setting the appropriate measure to avoid instances of breach or patient rights violations.

Conclusion

While the continued emphasis of the discussion regarding EHRs will be on their utility as well as the evolving Meaningful Use rules and guidelines for their use, it is important to remember that security and privacy are also works in progress. Of course, most EHR systems are very safe, however, in the medical world, sometimes all it takes is a small glitch or weakness for something significant to occur or develop. No doubt many of the issues reported last month will be addressed and resolved, but as physicians it is our job to ensure that we are using these systems in the safest way possible, and that means contacting EHR manufacturers to ensure optimal safety and reliability. As we gain more familiarity with our EHRs and digital means of communicating, we should never forget the underlying importance of these issues in practice.

In next month's column, I will examine implications of the recent final rule on Stage 2 of Meaningful Use.

Mark Kaufmann, MD is co-chair of the Dermatology work-group for CCHIT. He is on the Medical Advisory Board of Modernizing Medicine.