With their dog-eared pages crammed full of vital and often hard-to-read details, paper-based patient health records would seem a perfect target for conversion to digital format.

But for reasons both technical and cultural, the manila file folder has remained the platform of choice for caregivers and their patients—until now. With wireless connections plentiful and sophisticated mobile technologies running smoothly on handheld devices, the healthcare industry is taking advantage of new security enhancements for those devices to help ensure patient confidentiality and usher health records into the digital era (see chart, “More Doctors Go Digital”).

When it comes to security, healthcare faces a host of industry-specific challenges. For one thing, device portability is a two-edged sword for the sector, points out Lynne Dunbrack, program director for Health Industry Insights, a Framingham, Massachusetts, medical research firm. While freeing caregivers to enter information from anywhere, portable devices remain vulnerable to loss or theft in the field.

"When you start moving clinical data into PDAs, smartphones, and tablet devices, people wind up leaving them behind, or they get lost or stolen, and the number of recoveries is pretty low," says Dunbrack.

Authentication also challenges the fast-paced, far-flung nature of most hospital settings. Hospital staff members frequently work with multiple applications open. In addition to electronic medical records, doctors and nurses access separate applications for prescriptions, lab results, and patient treatment. It’s common today for each system to challenge people with its own set of user logons and passwords.

With so many systems to juggle and busy schedules to keep, office personnel are sometimes lax about security. "In a small clinician's office, it's not uncommon to turn over the keyboard and see all the passwords" written down, says Dunbrack. "And that's in a secure office. Sometimes they're written on Post-its right on the computer."

So it's little wonder then that a recent poll by Harris Interactive reported that 42 percent of U.S. consumers said the privacy risks of electronic health records outweigh the benefits. In addition, Health Industry Insights reported last year that 86 percent of consumers worry about privacy violations (see chart, “Who’s Viewing My Vital Statistics?”). The two primary reasons for concern are loss of control over who accesses their data, and fear that their health information will become accessible over the Internet.

Because health information is so fiercely personal, its uncontrolled release can have serious ramifications. "It's a lot like attorney-client privilege," says Dr. Bill Crounse, Microsoft worldwide health director. "We have access to peoples' medical and social history. There can be a lot of highly charged information in your medical record." What's more, the stakes are getting higher. Crounse points out that the new ability to test for the presence of genetic predisposition toward future disease "has its own cadre of implications that could affect employment."

Fortunately, new solutions place a high priority on patient privacy and are designed to stop the notion of leaky healthcare networks.

Single sign-on (SSO) is the brass ring of Web security. It can help untangle the thickets of password prompts that frustrate clinicians and lead to security lapses, especially on easy-to-view shared workstations. More important, healthcare workers can share patient information securely across the entire continuum of care. By making it easier for clinicians to use digital records, SSO eliminates barriers to true collaborative patient care.

Federal guidelines are also motivating the adoption of SSO, requiring most businesses with regulated data to use multi-factor authentication. What's more, a recent study by market research firm IDC found that standardizing on Active Directory technology from Microsoft for authentication and single sign-on saves US$120 per desktop per year.

The improved security, as well as the coming standardization in Web services, is forging a new generation of more empowered patients and clinicians. At the 2007 annual meeting of the Health Information and Management Systems Society (HIMSS) in New Orleans, Microsoft CEO Steve Ballmer predicted the software industry's standardization on XML Web services will soon deliver tangible benefits to consumers and providers alike. One such benefit for patients will be a better understanding of their health profile.

Increased confidence in security is also transforming the teamwork typically found in medical research labs. Researchers hope this will translate into new advances against disease. Collaboration is at the heart of cancer investigations at the Scripps Research Institute in La Jolla, California. Because the institute's work includes patient data and relies on an Internet portal, security is also a top concern.

So when a Scripps team exploring early-stage cancer detection rolled out a data capture and visualization application that fosters collaboration in a novel way—attaching digital notes to 3-D images of protein molecules—privacy was critical for the nonprofit biomedical research center. Role-based security in Active Directory helps ensure that the research team's diverse participants access only the data they need, says Tim Huckaby, CEO of InterKnowlogy, the Carlsbad, California, software developer that built the application. In this case, that means just anonymous research data about patient blood.

"Our progress in curing disease in the future depends on our ability to collaborate effectively, share our results, and find the data in its relevant context," Peter Kuhn, an associate professor at Scripps, told HIMSS attendees. "We're making breakthroughs every day, and I think we're getting closer to making cancer a managed disease."

Crounse from Microsoft says that security remains the backdrop for exciting new technologies that could be a further boon to clinicians. Voice recognition could free caregivers to bypass the keyboard and instead verbally inquire about a patient's potassium level, for example, or order a test.

Says Crounse, "Facilitating those kinds of data input in healthcare and automated workflow would be very powerful. But in every instance of that, we must think of privacy."

---

Was This Information Useful?