BMI 7 ‘ Assignment ‘ Information Security
An Electronic Medical Record is a digital version of a patient’s Bed Head Ticket (BHT) that contains all the details of patients history, examination, investigation findings and management plans that were taken. This is a real time, patient centered record where information is created, maintained and made available for authorized users.
There are many benefits of maintaining an EMR over paper based BHTs as it allows providers to track data over time, identify patients who are due for next visits, screening etc., monitor patients regarding their basic medical needs such as vaccination, Blood Pressure measurements in hypertensive patients. As a whole this helps with improvement of overall quality of care in medical practice.
For this particular hospital, to develop the system there are several stages which have to be followed.
They are,
‘ System Planning
‘ Requirement Analysis
‘ System Design
‘ Implementation and deployment
‘ System Testing and Integration
‘ Maintenance
In this process maintenance of security and privacy of data is very important as patients’ sensitive personal data are dealt with.
Information security in eHealth is defined as a collection of controls that ensures confidentiality, integrity and availability of personal and health information which is created, stored, accessed and exchanged in the health sector.
Confidentiality helps in assurance of that identifiable personal and sensitive information will not be disclosed without the consent of the individual concerned, in this case the patient, whose detail are stored.This is considered highly confidential as personal information are dealt with. Integrity is the assurance that data is not lost, intercepted or misused and accuracy and consistency are preserved. Availability stands for the assurance that information is accessible and usable on demand by authorized users.
There are several standards made available for information security. They are ISO 27000, COBIT and NISP SP 800 series. In ISO 27000, it is separated into different sub standards based on the content and they are,
‘ ISO 27000 – an overview and vocabulary
‘ ISO 27001 – defines the requirements for the program
‘ ISO 27002 – defines the operational steps necessary in an
information security program.
Also, an information security management system consists of the policies, procedures, guidelines and associated resources which are being collectively managed. Sri Lanka has recently introduced new set of National eHealth Guidelines and Standards.
Hence, in order to maintain the security and privacy of the health information in new EMR system, the following steps will be taken.
For the newly implementing system, the laws which are already applied for the paperbased system is applicable. ‘National eHealth Guidelines and Standards – 5.3.1 Electronic documents should be maintained following existing guidelinesgoverning paper based documents and the prevailing legislation in theCountry.’
During the initial stage a separate person will be allocated to address the legislations of the new system. Encryption of data will be planned at the beginning of system planning, and this will help in protection of patient’s detail from unauthorized people. According to ISO 27006 and 27007, requirements for bodies providing audit will be introduced with auditing functions. Then, in case of system shut down back up and recovery routines will be planned and designed. The back up will be stored in a separate server in order to prevent damages in a catastrophe.
For the users, they will be trained how to created strong user IDs and passwords and have a superuser to monitor the possibilities of misuse of the given facility by non authorized participants.
‘ 5.3.14 Systems should be promoted to enforce the use of strong passwords A strong password should contain at least 8 characters, consisting of at least one uppercase character, one numeric character and one special character or implement two-step verification.’
And the access of the users will be controlled based on the user’s role for E.g. different stages of data availability for the hospital administrators, doctors, nurses, health assistants and the patients. E.g. patient’s clinical detail will only be available to the clinical staff and the patient. And in case of non logouts, there will be an automated timeout and the duration of inactive period for automated timeout will be decided after discussion with the clinical staff. And there will be some emergency access for all information which is authorized only for a superuser of the system, in case of any difficulties in logging in by any user in case of emergency. Also, some non-interfering, and valid patient identification system will be introduced for E.g. use of identity card number, thumb print or iris recognition alone or as a combination in order to ensure patient identification.
In order to attest to meaningful use and use a certified EHR system, online communication with the patient becomes an essential matter. Therefore the EHR system which is being implemented will designed to have necessary mechanisms in place to support compliance with the security rule. The security rule requires that when a message is sent to the patient, it has to be sent through a secure method and there should be insurance that it is delivered to the intended recipient.The security rule however, does not apply to the patient, as the patient may send health information to the clinical staff using email or texting that is not secure. When the information is received from the system, it has to be protected with the security rules.
And when it comes to handling patients’ data in needs of of research purposes it has to be done after permission from the superuser who is also an administrator of the institution and the should be done after ethic committee review. ‘National eHealth Guidelines: 5.1.2 eHealth systems that handle personally identifiable data of patients, clientsor general public for research purposes should have received ethical approvalfrom an ethics review committee coming under the Forum for Ethics Review Committees in Sri Lanka (FERCSL).’
‘5.2.2 Personally identifiable data and information shall be used only for the purpose for which the data was collected. If such data is to be used for any other purpose, a proper de-identification procedure shall be followed.’
Before the users are given their access to the new system, there will a document that is being signed, or electronically submitted to ensure that employee is bound to ensure security of data which he/she will be handling throughout the course, during their stay at the given institute as well as after they leave the service in case of transfer or retirement. ‘5.2.7 Healthcare institutions shall ensure that employees who leave the organization are bound to maintain confidentiality of information that they have come to know during the period of employment with the institution.’
And, when an employee is leaving the institute, before the completion of documentation it will be ensured that the employee has returned the access cards for the system accurately. ‘5.3.8 Institutions shall ensure employee/s who are leaving the institution/unit have surrendered identification cards, access cards, keys, and other means of access and dispose (destroy or deactivate) them appropriately.’
Also, the third party who involves in handling the data need to sign a non-Disclosure agreement. ‘5.2.8 Healthcare institutions shall ensure that third party personnel involved with health information systems including maintenance should sign nondisclosure agreements.’
And during patient’s history taking and management plan, if there are any amendments to be made, for e.g. patient has forgotten to mention regarding some recent foreign visit which is relevant with their diagnosis, or some investigation finding which was not integrated with the patient’s clinical details due to system failure ‘ will be allowed after the approval of their appeal. ‘5.2.9 An individual has the right to appeal for amendments to personal information held in an information system in the event of any discrepancy.’ And no deletion approach will be adapted to the clinical data. ‘5.3.4 A no-deletion approach should be adopted in relation to clinical data.’
In order to make it easy to trace the responsible individual for the entry or amendments of data, and event log will be maintained and updated real-time, and the original data before it was edited will be made visible in a separate link on the same sheet, in case of referral. ‘ 5.3.3 eHealth systems must ensure that every Creation, Reading and Update actions on data should be recorded in an event log with the original data being preserved and visible.’ Also, these event logs will be designed according to the successful and failed attempts, so that it will be personally identifiable and could be inquired upon when it is necessary. ‘5.3.10 eHealth systems shall be designed with an events (security) log that allows tracing of successful and failed log-in attempts. Personally Identifiable and Login Authentication Credentials must be encrypted using the appropriate algorithm.’
The physical barriers, firewalls and updated antivirus programs will be installed for the system to avoid unauthorized access, and the server will be placed in an access restricted area with close supervision of the hospital administrator. ‘5.3.6 Institutions should ensure security of all ICT hardware and relevant
Documentations.’
‘5.3.7 Institutions shall maintain access restricted rooms to keep critical computer equipment such as servers and networking equipment. Such access should be revoked when the job role is changed or the employee is terminated.’
The system backups will be checked regularly and there will be annual security audits.’ 5.3.12 Institutions should make sure that the retrievability of backed up data/information is regularly checked to ensure reliability of the backup process.’ ‘5.3.13 Information systems security audits must be performed annually.’
In order to give control over the system, two superusers will be introduced with unlimited access to the data which are entered and the data logs, along with the responsibility of maintenance and audits making them accountable for all the system events. ‘5.3.15 High level Authentication as System Administration must remain with at least two individuals. ‘
These steps will be used in ensuring the maintenance of security in the new EHR system of the given hospital.
References
‘ https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf
‘ National eHealth Guidelines and Standards ‘ Ministry of Health Sri Lanka