As Wichita health care providers move toward paperless work environments, the security of private data is paramount to successful systems.
Yet electronic health records are surprisingly easy to hack into and are vulnerable to exploitation, according to a study by the eHealth Vulnerability Reporting Program.
With nearly every major health care provider and many physician practices in Wichita converting to electronic records and patient care management systems, the study's results are timely, industry leaders said.
The group surveyed 850 health organizations and conducted penetration testing of seven e-health systems. It found that all of them were vulnerable using standard hacking tools and techniques.
"Security has always been a major issue for us," said Joyce McBride, Wesley's information systems director, who is in the midst of a systemwide project to go online.
"What we've learned is it should be a team effort, but we as a facility have a responsibility to see how the other team members have measured up to it."
Wichita's perspective
Several of Wichita's largest health care providers say the security of electronic health records is key in their ongoing efforts to go paperless and increase efficiency and quality.
Although Wichita's providers say they have many layers in place to protect privacy and patient information, they also agree that the industry needs to work together as the nation moves inevitably toward portable health records.
"We try to follow best practices now -- we're kind of an advocate of some of the national and state initiatives that are out there," said John Bissell, director of information services for the Wichita Clinic, one of the first health care organizations in Wichita to introduce electronic patient records.
The clinic moved from a paper chart to an electronic chart in the late 1990s, which included physician notes, referral letters and radiology and pathology reports.
Since then, the Wichita Clinic has added patient immunizations, injections and treatment histories as well as e-prescriptions and the scanning of outside documents.
"We're also members of an entry-level group into (creating) metropolitan medical records," Bissell said of the regionaleffort. "Security is obviously a huge part of that.
"Here, everything is internal. We're not sharing any patient data externally at this point."
Dan Green, information technology director for Via Christi Health System, likened the health care industry's e-health goals to the electronic banking business in its infancy.
"They had individual solutions for individual banks and, over time, with maturity, it became the ATM system we have today," he said.
"Today, hospitals are building their own electronic medical records. Where we're going in the future is how do we make that portable?
"If you were a patient here and you... moved across the country and wanted your records to follow you, how can we transmit your record in a secure way?"
The Via Christi Wichita Health Network is two years into a three-year implementation of electronic medical record systems that will link patient information from its inpatient and outpatient facilities into a unified data bank.
While outside security breaches are rare, security remains a priority, leaders such as Bissell and Green said.
Green recalls recent reports of computers and laptops being stolen from health care organizations.
"We now encrypt the data we store on our laptops," he said.
Working with vendors
The national study found that vendors of e-health records systems are not adequately disclosing system vulnerabilities to customers, who may not be as aware of the potential problems.
The group recommended that guidelines and best practices need to be established and used in order to help manage risks associated with new technology.
That's something that Pulse Systems Inc., a Wichita-based developer of electronic health records and practice management systems, works daily to infuse into its products and services, president Basil Hourani said.
"The exchange of data between health care entities is vital in the future for the continuum of care for the patient, which is really what everybody's after," he said.
"Companies like Pulse, we've created our own standards for communication and adhere to some of the national standards for the exchange of health care data. Nobody has an advantage over us in any other industry."
Autor(en)/Author(s): Andi Atwater
Quelle/Source: The Wichita Eagle, 21.10.2007
