Electronic Health Record (EHR) System Potential Threats and Measures Taken to Protect It

Since the early 1980s, study applied science bemuse alter and revolutionized e re in onlyy aspect of our lives. We use selective culture engineering science to do our daily chores like shopping and reading the latest globular news at the comfort of our living room. It replaces old challenges with new possibilities. However, angiotensin-converting enzyme of the argonas that had evolved to this new demand in information technology but quite a in a slow phase is the healthc atomic number 18 industry. straight offs healthcare includes hospitals and private clinics.A lack of an effective vigilance of info about a disease and the treatment for saving lives can be put at risk. In previous years checkup information was stored only on paper and in one location, usually a patient ofs primary care physicians office or medical examination institute. People function to migrate to a different area or country, therefrom qualification it difficult to transfer piles of paperwo rk and medical records to any point of medical institution which a patient is seeking treatment.It is even more mazy when nearly patients visit more than a single physician or an institution and the process of organism treated by a different number of nurses, consulting specialists, diagnostic technicians and administrative staff. Paper-based medical record systems are oerly adding the unnecessary expense to a medical institution. Registration clerks, nurses spend unparalleled magazine away from patients attending to huge piles of paperwork. This adds up an huge financial burden inclusive for the storage of the medical records and wages for the administrative support staff.Miss-kept or missing medical records adds to the disjointed of precious time and can lead to unnecessary or duplicating of clinical tests. However, until recently, usage of information technology has augmentd and become prominent part of the healthcare industry. galore(postnominal) large hospitals and pri vate hospitals have made the transition from old-school paper medical records to EHR, Electronic wellness Record System. Early stages of an EHR System were base on a simple side but have advance tremendously. now EHR System is Web-based which are accessible across networks and utilizing GUI, Graphics User porthole for interactivity.Web-based EHR are easy to use, have the capabilities to organize and link information, strong multimedia system presentation capabilities, works on most hardware platform and direct system in the market which communicate done the Internet and issue access to medical records using web browsers and web technologies. Jamie R. Steck(1998), Director of IT from the commutation Utah Clinic stated that Efficiency has increased dramatically. We did an in-motion study in our records room, which showed that file electronically is 80 percent more efficient than filing manually, and weve seen show of that on a daily basis. Study shows that EHR is more efficien t than the prevalent process of filing the paper-medical records. Health institution of many sizes faces many demands and challenges when making the transition from paper records to EHR. Healthcare institutions are working hard to slenderize their reliance on handwritten records. EHR has improved patient care through greater and quicker access to patient information thence reduction medical errors due to paper-records. It to a fault significantly reduces test result and patient wait-times with a faster and more efficient workflow.It as well reduces record-keeping time consequently decreasing paperwork for administrative staff. EHR establish a better information and improved colloquy theory in a medical institution. It reduces the possibility of misplaced and lost records thus ensuring the patient record test results are available when needed. It reduces cost on paper and supply. But just as much as its ancestor, EHR are subjected to silence violations. Today, healthcares systems in developed countries are changing dramatically. These countries are looking into more inexpensive communication means using the cyberspace to achieve a more efficient and high quality EHR.With the increase of health care system on information technology, we must likewise look into the increasing number of threats resulting from distribution and the implementations of the EHR System. tolerants and doctors are aware of the trade protection requirements base upon the system with the usage of communications over pass and precarious network such as the internet. There are concerns over the privacy and security of electronic health information and they fall into two oecumenic categories 1. concerns about inappropriate releases of information from individual organizations 2. oncerns about the systemic flows of information throughout the health care and related industries National Research mission (1997, p. 54) The first category can result either from an authorized use rs who purposely or unintentionally access or distributes information in violation of the institution policy or from hackers who break into a institutions computer system. The second category refers to the open disclosure of patient health information to parties that may act against the bets of the patient or may in like manner be alleged as invading a patients privacy.EHR stored at medical institution are vulnerable to internal or external threats. Internal threats includes authorized system users or medical force out who abuse and misuses their privileges by accessing information for inappropriate reasons such as showing their friends, neighbors, colleagues or to leak information to the press for spite, revenge, or profit. External threats or unauthorized access, which is related to the open architecture of Internet, sometimes by revengeful former employees, angry patients, network intruders, hackers or others may steal information, damage systems, or disrupt operations.Till today, there have been modest amounts of evidence to gauge the exposure of EHR to external attacks as there are unsounded no tools for detecting attacks on EHR in the healthcare industry. In a case reported by Marbach, William D. (1983), so-called 414 group broke into a computer system at the National Cancer Institute in 1982, although no damages were reported. Study by the Federal Bureau of probe and the Computer Security Institute (CSI), CSI Director Patrice Rapalus(1996, p. 2) said, The information age has already arrived, but most organizations are woefully unprepared . . . making it easier for perpetrators to steal, spy, or debase without creation noticed and with little culpability if they are. Set of laws are being introduced for patient record privacy put strict demands on healthcare providers to protect patient information while using EHR while overlap the information with other patients. Six main factors are integrity, dependability, availability, confidentiality, au thenticity and accountability. Patient records involves very in the altogether information, which should only be disclosed to authorize users, thus confidentiality of the required entropy is essential.Integrity and availability of the services are also important. To accomplish the desire measure of information system security, a wheel of security policy models have been proposed and implemented in healthcare. One of the most widely use of security policy being adopted by medical institutions to protect patients information in a EHR System is the reference Based Access Control policy. Role Base Access Controls (RBAC) is the common land policy being used in an ERH System. These include two canonical types of access control mechanism that are used to protect information which are discretionary access control (DAC) and mandatory access controls ( macintosh).DAC is very supple hence it is not suitable for protection of health records. MAC on the other hand is stricter, allowing a mple space for flexibility and it requires all users handling the records to follow a set of rules administered by the system admin. RBAC in EHR System should have the advantages of both DAC and MAC. With the RBAC approach, EHR System should adopt the roles and the authorization management in its system. In RBAC, it identifies which staffs in a medical institution are authorized to view a patient medical record. It restricted the data from being abuse or falling to the wrong hands.Each and every medical staff in a medical institution are assigned a specific role and operates the EHR System according to their role. medical exam staffs are only allowed to view patients record that they are allowed to access. Not all data are being revealed to the every role. G. Pangalos(1998) states that EHR System identifies the following roles in its system 1. Patients. They have access to their own health institution, personal and demographic data. 2. Physicians. Main Users of EHR System. Make dia gnosis, admissions and treatment. Act on behalf of patients. 3. Doctors. responsible for the laboratory tests and evaluation results. 4. Nurses. Responsible for providing daily care to patients. Dont need to get it on any sensitive personal patient data. 5. opposite Healthcare Professionals. Responsible to perform treatments for example psychiatric consultation. 6. Administration. Responsible for collection of the administrative, social, personal and non-personal demographic and insurance information about the patient. 7. Local authorities. Specifically Government bodies have access to health records for research or investigation purposes and any sensitive personal data will not be reveal. segment of Health and Human Services (1998), in the proposed rule for security and electronic standards, .. from each one organization that uses communications or networks would be required to protect communications containing health information that are transmitted electronically over open n etworks so that they cannot be easily intercepted and interpreted by parties other than the mean recipient, and to protect their information systems from intruders trying to access systems through external communication points. (vol 63, No 155)As of the statement above given by the Department of Health and Human Services, all information that are sent over the internet must only be accessed by authorized receiver. Todays technologies allow users to prove their authenticity and with data encryptions allow data to be transmitted safely over the medium. Data encryption should be at a satisfactory level of security to protect against intruders, thus data integrity have been compromised. User authentication must also be present with the encryption and data transmission process to check off that the data sent are received by authorized receiver.Other than data encryption, a good firewall should also be implemented on the database server to avoid external intruders from accessing unautho rized data. Although these policies and counter measures are being implemented, unauthorized data leakages do still prevails. Medical records of celebrities and famous quite a little are sought after by the media around world. This is due to the interest of people and money. So patient plays a part in defend their own medical records. They have to put their trust in the medical institution where their records are being kept.