One pillar of participatory medicine, as SPM co-chair Dr. Danny Sands often says, is access to our medical records: “How can patients participate if they can’t see what I see??” But a major impediment to free-flowing information is incompetence or malfeasance in protecting our data, which makes some people want to clamp down. Patients and participatory providers need our health information to be as secure and free-flowing as banking information … which is not perfect but it’s an industry where they take privacy seriously.
Charles Ornstein @CharlesOrnstein of ProPublica has a new piece today on the NPR “Shots” health blog, talking about some really heinous violations by immoral individuals and sometimes sloppy individuals, e.g. a doctor who gave his password to a temp employee. (Oy.)
Awareness is a first step in fixing problems like this. Technical wizards can’t design-out the weaknesses without knowing what they are, and activists for free-flowing data (like many of us in SPM) need to know the real risks of harm and embarrassment that happen when a system isn’t really secure. Security wizards say you can’t ever be perfect but you can surely design systems – and access – to be secure enough to prevent the malfeasance in these anecdotes.
Question for EMR experts: why do we not have systems that allow adding information without also allowing rummaging? Do systems allow different levels of access, or is it all all-or-nothing? When I was an admin for Salesforce.com we could give users many different levels of access, and that system starts out free. Is the same not available in Epic, Cerner, etc etc? (I’d welcome non-hypey answers from vendors or anyone, in comments.)
Yes, all EHRs that I have ever seen have different levels of access. But keep in mind:
1. The more granular the levels the more complex it is to administer;
2. The more cross-trained workers are in a practice, the more roles they have to play and the more access they require;
3. Nobody ever died from the inappropriate release of health information, but people have died because clinicians could not get access to that data;
4. The more onerous it is for authorized users to gain access the more they will find workarounds (like writing their passwords on Post-It Notes next to their computers); and
5. Many inappropriate views of individual patients’ information are by people who are authorized users, so audit trails (that patients can view) along with employee education and consequences of breaches must be implemented and enforced in practices and hospitals.
Danny, sorry for the delay in releasing your comment – was out of pocket most of the day.
I dare you to say all that in the NPR post – it’s a great addition!
Excellent article. I think the doctor is the front person that people complain about, but the problem starts in the admin area. They are so interested in profit over anything else, that our safety and security will take a back seat (if any) to things like this.