Safeguarding Hospitals From Data Infections

As electronic medical records, mobile devices and cloud computing become inextricable parts of healthcare environment; we are facing new risks of data security breaches. It is time for us to investigate how safe are our hospitals from such data related infections.

Issue date: August 6, 2012

Publication: eHealth

Hospitals are a great source of acquiring information – not only of patients, but also of staff members. There have been instances in hospitals where once a system was hit by a malware, the staff had to be sent back to work on paper records. The virus disabled the interconnectivity of hospital computers, so the devices could not communicate internally and share information. The increased use of electronic medical records, mobile devices and cloud computing in the healthcare environment is also increasing the risk of data security breaches. Regulators are already conducting rigorous security compliance reviews to address the serious nature of security complaints. In addition, phase I requires hospitals to perform a security risk analysis and to address all identified security deficiencies as part of its risk management process.  Security issues have long been into discussions and thus are a major drawback that can impede an organisation’s risk management strategies. The Health Insurance Portability and Accountability Act (HIPAA) and Health Level Seven (HL7) passed in the USA, which are now universally accepted, have laid down rules for access, authentications, storage and auditing, and transmittal of electronic medical records to addresses privacy concerns.

On the other hand, industries and hospitals are coming together to offer and implement new possibilities to bring innovation into the clinical app development. Tamil Nadu Government’s uniform health information system project was implemented by Tata Consultancy Services (TCS). This mundane building has showcased progress of electronic data basing of hospital records in the country. Microsoft tablets offer new possibilities for clinical use, but software vendors will need to bring new innovation to clinical app development. There is a huge demand in the healthcare fraternity for iPad and tablets, and these devices need to be integrated with the HIS and EMR systems of the hospitals. This actually puts hospital IT and the vendors on notice that they need to start innovating. “At the clinic and small hospital level, EMRs are used by 3-4 percent of the clinics; 16-18 percent of the clinics use some sort of a hospital or clinic management system. Core USP of an EHR is believed to be a simple to use tool, tailored for small to medium hospitals and highly secure. The installation costs can vary between `50,000 to `3 Lacs depending on the size of the organisation. This excludes licensing costs as well as cost for change requests in the system asked for,” says Nrip Nihalani, Director, Product Management, Plus 91.

An accountability tool embedded in an electronic health record system could help reduce unnecessary paper reports embedded in files with X-ray and CT scan images. Such practices can expose patients to unnecessary radiation and increase healthcare costs. Lalit Surana, Chief Technical Officer, Easy Clinic says, “We have a game-changer in offing, an enterprise grade EMR solution to manage all aspects end-to-end of a medical institution. Advantages of cloud in an environment which needs a high degree of scalability is many fold, and, it poses no extra risk as compared to a typical out-of-the box dedicated hosting. There really need not be a conflict in using a cloud and achieving security compliance.”  Doctors may order fewer lab tests when they have access to a patient’s electronic medical records, but the efficiency may be confined to state-of-the-art records exchanges for now. The great thing about EMR is that it allows patients to become empowered and play a much bigger role in their own medical care. They will reduce medical errors, and encourage openness and transparency. They will also help to save the patient’s time and money, because they will not need to go to the doctor’s clinic for every minor problem.

MV Saneesh, Senior Manager-ICT, GCS Medical College Hospital & Research Centre believes, “Cloud computing is anticipated as the inevitable necessity of future computing, healthcare domain could not ignore the imperative advantages of the technology.  Penetration of EMR is limited to select hospitals and few set standards from NABH could make a difference.”  He adds, “The challenge faced by hospitals is the total cost of ownership and change management. However such scenario is not foreseen in near future, anywhere any time accessible EHR/EMR could ensure better patient safety and quality care delivery. In lighter side few people comment ‘Cloud is more secure, as it’s away from insiders’.”

With the advent of EHRs – digitised medical history, a doctor would be able to deliver care with improved quality on the premises of information sharing/exchange. A study in the US found that 80 percent of consumer adoption of interoperable EHRs could result in a net savings of USD 19 billion/ year. On the other hand, unavailability of complete and accurate medical history often leads to extensive or repeated health examinations which delay timely treatment and increase costs. “LV Prasad Eye Institute has made every effort to upgrade technology. eyeSmart –indigenously built Electronic Medical Records (EMR) was made with a view to facilitate electronic retrieval of medical records across their pyramid model of eye care from remote rural primary care units to tertiary level experts in cities,” says Dr Usha Gopinathan, Executive Director, LV Prasad Eye Institute.

In a cloud offering, more control could be exercised with private cloud, the concerns of human threats (hacking), natural environment threats and technology failures still loom – similar to public cloud. With healthcare interoperability becoming more normal, institutions shall adopt globally accepted standards, which are seriously addressing the privacy concerns on global basis. Logica has proven systems and processes to ensure patient confidentiality and role-based access solutions to support, ‘Secure data collection’, ‘Reporting that demonstrates patient safety via KPI’s’ and ‘Evidence for the Annual Health Check with the Healthcare Commission’ says Vijayshankar Andani, Senior Product Manager – Healthcare, Logica.

Adopting EHRs would not only help immediate users such as healthcare providers and patients/citizens, but also other healthcare stakeholders – insurance, government. When the wealth of health information from nation’s populace is available, the government can identify diseases patterns, health afflicted regions and direct its effort towards improving the same.

HIPAA Compliant

Dr Vinoy Singh, Head, Health Informatics, Srishti Software

EMR adoption in India is approximately around 18 percent of all hospitals. There are several reasons contributing to slow pace of adoption. First, majority of the hospitals lack funds to invest in an EMR. Since the patient to doctor ratio is high, doctors usually work long hours. Out of exhaustion, they prefer to write the prescription manually than spend more time with one patient and enter their details in EMR.

Below are the key differentiators of PARAS EMR-

  • Structured EHR centric clinical modules -nursing, clinical assistant, consultant and OT conforming to global  standards
  • Structured clinical information exchange mechanism
  • ‘Clinical Library’ to handle Specialty specific form sets; patient education material and templates (consent forms, OT notes etc)
  • Seamless integration with LIS and RIS modules showing lab results and Image thumbnails
  • Medical drawings annotation module integrated with EMR
  • Provision of integrating CDSS
  • Ability to aggregate clinical data e.g. disease registry, maternity register etc

One of the main challenges that we face is user adoption of the new technology. It takes considerable training and encouragement to transform them into productive users. EHR can be a key to better patient care if used to its full potential. Its ability to integrate with any standard clinical system enhances patient portability. Further, availability of clinical information on real time basis helps in better diagnosis and improves the quality of patient care. Also, PARAS EMR can integrate with CDSS helping doctors in reducing diagnostic errors drastically.

PARAS EMR is HIPPA compliant to protect the security, privacy and confidentiality of patient data. When hosted on cloud, it is also compatible with stringent audit control of the cloud platforms.

© 2015 Srishti Software Applications Pvt. Ltd.