Privacy In Electronic Health Record Systems Information Technology Essay

Health is a major concern for everyone in this world. The implementation of Information and Communication Technologies in the medical field has modified the present definition of health care. It suggested the solution that can benefit both patient as well as health care professionals. eHealth provides solutions in a wide spectrum and it includes various health care products, systems and services. It includes tools for health professionals as well as for patients and citizens. Various services or systems that are covered under eHealth are; health information networks, electronic health records, telemedicine services, Consumer health informatics, Healthcare Information Systems, Health knowledge management.

The challenging issue which is associated with the eHealth system is the protection of Medical Records. Since the data is transmitted over the network from one place to another so it is suffering from the major security concern. An electronic medical record (EMR) stores personal data which includes medical test results, prescription, hospitalizations, etc.

Privacy in the ehealth system can be classified into two categories; Content oriented privacy and contextual privacy (2). So eHealth system can be termed as a secure system if it can deal with both these aspects of privacy. Content oriented privacy indicates the capability or authority of the health care stakeholders in disclosing the patients’ personal information to other parties (marketing, insurance) whereas contextual privacy indicates the ability of a malicious entity to guess the disease of a patient correctly by identifying the field/domain of his physician.

Background

In earlier days physicians used to use paper charts for recording the encounters with the patient. Details about medications, lab tests, X-rays etc the patient has taken, needs to be recorded in the chart for future reference. As the medical care became more and more complex, it became tedious for physicians to maintain a good patient record on these paper charts. They needed new technologies to help them to cope up with the increasing needs.

With the advancement in the information and communication technologies, the idea of storing the patient records electronically came in around 1960’s, when Dr. Lawrence Weed introduced the concept of Electronic Health Record. Weed’s innovation allowed a third party to verify the diagnosis to avoid any errors. In 1972, Regenstreif Institute developed first medical record system which combined both inpatient and outpatient data recording (3). Electronic Health Records (EHR) Systems stores the entire health and medical history of a patient in a computerized, electronic format. The record includes the details about patient demographics, progress notes, medications, past medical history, vital signs, laboratory data, immunizations and radiology reports. Keeping these vast records in this organized manner, makes it more efficient to retrieve and maintain, when compared to the paper charts (4).

As the medical care and the information technology became more and more complex, it became necessary to share the patient records among the various medical departments like clinical, nursing, laboratory, radiology, hospital administration etc in order to maintain a proper medical record about the patient. When the health records including sensitive data about the patient were shared electronically among the different departments, privacy and security problems became a major challenge to the EHR systems.

The recent studies on security and privacy concerns in EHR systems shows that, there is increasing number of threats resulting from the distributed and decentralized implementations of EHR Systems, and also the use of communication over open and insecure internet. Unauthorized accesses, Denial of service are to name a few. Lack of standardization among these systems made it very difficult for the system administrators to implement a secure system (5).

Research Problem

The main problem associated with an eHealth system is the privacy, security and confidentiality of Electronic Health data (EHD). EHD stores private and sensitive data of the patient and data of EHD is used by physicians, nursing, laboratory, and pharmacy. The publication of personal sensitive data can seriously compromise the patient privacy. Due to this reason many individual does not go for eHealth treatment since they are afraid of the loss of their Health record including information about their illness or disability. In a survey conducted in Canada, it has been found out that 11-13% of Canadians have held back information from a health provider because they were afraid of the privacy of their data (6). In a survey conducted in America, 77% of the population is concerned about their medical information being used for marketing purposes (7). We are trying to figure out the people’s concern about the privacy of their health care record at Stockholm. We will examine the opinion of public regarding the privacy of their health information and accessing eHealth service.

Purpose of Research

The purpose of conducting this research is to examine the present scenario of the Health care system in Sweden. Research result will be helpful for patient, health care professionals and health care organizations. How the present scenario related to the privacy and the confidentiality of the Health care data is affecting the decision of accessing the eHealth Service. This survey will help to reveal the importance of Security in this field.

Goals and Target Audience

The findings of this survey will not only be helpful for the Health care service of Sweden but it is also helpful for rest of the world. Based on the result produced from this survey, other countries can analyze the present level of patient’s concern about eHealth privacy. Our audience can be anyone who is related to healthcare services; healthcare professionals, practitioners, nurses, administrators, patients.

Limitations

Because of the time constraint, the population that we are targeting for this survey includes only undergraduates, graduates, post graduates and post doctoral students (age group 18-35) in KTH (both Main Campus and Kista Campus).

We are conducting this survey on limited range of age group, so the result will not include the opinion of elder citizens.

Research Methodology

In this section, we presented the description of the research methodology conducted in this paper. We selected inductive reasoning method for our research work. We tried to draw a generalized conclusion from a finite collection of specific observations.

Research Question

The research questions which are addressed in this report are:

To what extent, privacy of health care records affects the individual’s decision of accessing eHealth service?

Are there certain groups of people for whom the privacy is a major issue while accessing the eHealth service?

Literature Review

Mentioned below are the literatures that helped us to choose and narrow down to a specific research topic.

Primary Literature

“Electronic-Healthcare Information Security” by Kudakwashe Dube, Fredrick Mtenzi, Charles A Shoniregun. This book explores the security and privacy challenges that need to be considered while developing an electronic health record system. Also, this book evaluates the various factors that affect privacy and security of the patient data in an e-Health system. This book gave us an excellent insight about a variety of privacy and security issues related to e-Health. It really helped us in formulating the research problem.

“E-health care information systems: an introduction for students and professionals” – by Joseph K. H. Tan. We selected this book as it contained detailed overview of an EHR system. This book analyses the components of an EHR systems, discusses the evolution of e-Health paradigm and evaluates the scope of EHR strategies and impacts. This book provides information about the e-health care technology management and the security issues related to e-health systems. This book is a handy guide for the researchers in the e-Health data privacy area.

“The Craft of Research” by Wayne Booth, Gregory Colomb and Joseph Williams. This book was the guiding light on how actually we should do a scientific research. This book helped us to structuring and organizing the research work and the report writing.

“Swedish Strategy for eHealth. Safe and accessible information in health and social care. Status report 2009”, a report by the Ministry of Health and Social Affairs, Sweden. This report gave us a very good idea of how the e-Health systems work in Sweden. Also this report helped us to understand the Swedish government’s laws and regulations to uphold the patient data privacy in e-Health systems.

Secondary Literature

Also as part of our literature review, we studied some of the previous reports published on similar research problem.

“Ensuring the Privacy and Confidentiality of Electronic Health Records” – Report by Nicolas P. Terry and Leslie P. Francis. This report argued that, in order for an EHR system to be successful, the system needs to receive the acceptance of the physicians and patients. According to the report, the EHR system should address and protect the concerns about the privacy and confidentiality of the patient data.

“Building Public Trust for Electronic Health Records” – Report by Mike Smit, Mike McAllister and Jacob Slonim. This report is a summary of an opinion poll conducted in United States to find out whether the people are held back from using the EHR systems because of the security and privacy concerns.

Survey

Based on the information gathered from the literature review and the previous reports, we prepared a questionnaire. The questionnaire contained 10 questions and the questions were designed and structured to get an idea about the security and privacy concerns of the user while using an EHR system. The complete set of the questionnaire can be found in the Appendix 1. We used Google forms to create the survey. The data was collected and stored to a Google spreadsheet when the user submits the survey.

Once the survey was created, the survey link was distributed by email among the students in the KTH University. The survey was kept completely anonymous and no personal information was collected. Keeping anonymity was important as we were dealing with the privacy concerns, and also we wanted to get the honest opinion of the user. The survey was distributed on 13 December 2010 and we got 127 responses. We have considered all the responses that we got till January 3rd 2011. 127 responses was a fair amount to conduct the statistical analysis on the data captured.

Privacy Challenges in EHR

The security of the Healthcare information mainly deals with the protection of the privacy and confidentiality of the patient’s personal Medical records that are accessed through the eHealth services. Though the technologies have been advanced in the modern world but it has not been omitted the risk related to the privacy concern. The rate of privacy and confidentiality breaches are increasing day by day and these breaches directly attacking the trust in eHealth information Management.

Human Factors

It is a common problem that Healthcare professionals are unwilling to the Information and Communication technologies for Healthcare services. According to the survey (http://www.ibimapublishing.com/journals/CIBIMA/volume3/v3n4.pdf), 76% of specialist physicians consider that the human factors is the most important for them and 53% of them are not interested for the use of Information and communication Technologies for Healthcare services. eHealth system will be considered as a successful approach if it meets the criteria of user and patient friendly systems. eHealth system must be designed keeping in mind the relation of health professionals and patients. System may be very complex from the back end but the front end should be simple enough so that patient/user can handle it properly. eHealth system can suffer from privacy concern due to human factors if the user is not a computer literate or he/she is not mentally sound to understand security issues. (http://docbox.etsi.org/Workshop/2009/200901_SECURITYWORKSHOP/STF352_PETERSEN_securityAndPersonalizedEhealthSystems.pdf). According to experts, “Solutions need to enable medical and healthcare sta¬€ to spend more, not less time with their patients. Users need to bene¬t from the system, not feel burdened by it.” (http://www.ibimapublishing.com/journals/CIBIMA/volume3/v3n4.pdf).

Integrity and Confidentiality Protection

As more and more Healthcare organization is shifting towards the eHealth services and all the services are being digitized, the security breaches are creating a major issue in the Healthcare Information Management. These security breaches are performed by compromising the confidentiality or Integrity of the Healthcare Records. Confidentiality helps to obscure the sensitive data from unauthorized individuals and Integrity confirms the accuracy and consistency of Medical records.

As the health records are transmitted through a communication channel, and this channel is shared with the other internet services. Modification or eavesdropping of data can breach the privacy of whole system severely. Data must be created and inserted into the network nodes only by the authentic entities but it is a challenging task to keep track of this activity over the network. In a survey conducted in Canada (2000), it has been found that almost 17% of respondent felt that their information was not kept confidential. In our survey we found that 47% of the populations are concerned about the identity theft while accessing eHealth system.

Law and Ethics

It is sometimes mandated by the government/law to disclose the medical records to parties other than Healthcare stakeholders. These parties may be Business organization or Research organization. Medical data is disclosed to public officials to look for disease outbreaks and research ways to improve the quality of health care. The distributed of health data to public officials raises a major question on the maintenance and processing of the data. From our survey, we found that 29.9% of the respondents are not willing to share their personal information to help public officials look for disease outbreaks and research ways to improve the quality of health care. Companies and organizations (under healthcare sector) have been noticed to allow prescription data to be collected by data mining companies. Companies and organizations within the healthcare sector, that control e-Healthcare information databases, have been seen to make ethically questionable business decisions. For instance, pharmaceutical companies and medical doctors allow prescription data to be collected by data mining companies who then mine it and sell details of the information retrieved (Robert M. Cook. Rx data mining: Improving health care or invading privacy? Fosters Daily Democrat Sunday Citizen, Sep 30, 2007). In our survey, 28.3% of the respondents said that they received promotional advertisements on health care products from marketing agencies.

Results and Findings

We used a standard statistical analysis tool (SPSS 18.0.0 – licensed under KTH) to analyze our survey data. [http://progdist.ug.kth.se/public/licensed.shtml]. We got the total responses of 127 students which are distributed as 52 and 75 from Female and male respectively. 80% of the respondents belong to ICT school of KTH. Survey result shows that 83% of the respondent accesses eHealth services less frequently. Irrespective of the frequency of accessing the eHealth service, we encouraged the respondent to fill the whole survey because we wanted to get their opinion about the privacy concern while accessing eHealth service.

With the help of SPSS tool, we generated the cross tabulation report on the two of the survey questions (table 1).

Are you concerned about identity theft or fraud related to eHealth? * Did you ever held back information from a health provider because you were afraid of who would see this information and for what it would be used. Crosstabulation

Did you ever held back information from a health provider because you were afraid of who would see this information and for what it would be used?

No

Not Sure

Are you concerned about identity theft or fraud related to eHealth?

No

57.6%

12.1%

Not Sure

51.5%

21.2%

Yes

21.3%

8.2%

Table 1: Cross tabulation result from SPSS tool.

From the report, it can be observed that 70.5% of the respondents, who are concerned about identity theft or fraud related to eHealth services, held back their medical information from a health provider. This result clearly indicated that the concern about privacy affects the decision of an individual to access eHealth service. This helped us to answer one of our research questions.

In case of second research question we found from our survey results that, females are more concerned about the privacy. 61.5% of the female respondents said that they are concerned about the identity theft and fraud related to eHealth in comparison to 38.7% of male respondents.

Gender* Are you concerned about identity theft or fraud related to eHealth? crosstabulation

Are you concerned about identity theft or fraud related to eHealth?

No

Not Sure

Gender

Female

19.2%

19.2%

Male

30.7%

30.7%

Table 2: Cross tabulation result from SPSS tool.

81.9% of the respondents are in favor of accessing all of their medical records to verify their treatment data and 11.3% of the respondents are not sure about this.

88.2% of the respondents are interested to review who has had access to their personal health information.

29.9% of the respondents are not willing to share their personal healthcare information to help public officials look for disease outbreaks and research ways to improve the quality of health care.

We found a strong relation between the privacy concern of people and their interest to share their personal healthcare information. People who are more concerned about their privacy are not willing to share their personal information. From Table 3, we can see that 47.5% of the respondents are concerned with the eHealth privacy and that’s why they are not interested to share their any sensitive healthcare records. On the other hand, 54.5% of the respondents are not so concerned about the privacy issues and they are ready to share their information.

Are you concerned about identity theft or fraud related to eHealth? * Are you willing to share your personal information to help public officials look for disease outbreaks and research ways to improve the quality of health care? Crosstabulation

Are you willing to share your personal information to help public officials look for disease outbreaks and research ways to improve the quality of health care?

No

Not Sure

Are you concerned about identity theft or fraud related to eHealth?

No

21.2%

24.2%

Not Sure

6.1%

30.3%

Yes

47.5%

21.3%

Total

29.9%

24.4%

Table 3: Cross tabulation result from SPSS tool.

Conclusion and Discussion

Conclusions

Healthcare system is taking the new form with the advancement in the Information and Communication Technologies and it is trying to embrace all the possible way of solving the present problems associated with the system. The transmission and storing of sensitive medical data in the digital form across the network made the system prone to the security related issues. EHR constitutes the lifelong storing of patient’s medical data, so apart from the doctors and medical professional there are many other entities who are interested in fetching this data. Insurance companies and healthcare products marketing agencies are the prime groups that are interested in getting the medical data. This fact has been motivated from our survey also, 28.3% of the respondents accepted that they received the advertisement from the marketing agencies.

In this paper we stated the importance of privacy in eHealth system. Privacy can be comprised in many ways while accessing eHealth services. We stated that privacy can be breached by the outsiders (eavesdropping) as well as insiders (disclosure), so the security and rules must be applied both the front and back end of the system. Previous statistics and our survey result showed that people are concerned about the identity theft and fraud while accessing any eHealth services. This clearly states that their concern affects their decision of accessing eHealth services. Privacy and security issues are acting as a major roadblock and it is necessary to overcome this obstacle in order to accept it globally.

Discussions

The main components of present eHealth system is obviously the IT components, it constitutes hardware, software and communication channel. Privacy can be breached by breaking the security of any of these entities. It has been observed that most of the software and hardware are not accepted on the basis of providing high assurance level rather it is produced and accepted because of the marketing and promotion conducted by the software’s vendors. This can be taken care by the government by applying standard policies and rules on it. From our survey, we observed that 78.7% of the respondents think that government should regulate the agencies that can access the personal healthcare data.

Suggestions for future research

Literature references

Appendix A

Questionnarie

Gender *

Male

Female

Select your age group *

18-22

23-29

30-35

>35

Do you belong to school of Information and communication Technology? *

Yes

No

How frequently do you use eHealth services?

Once in a week

Once in a month

Once in an year

Never

Do you think that it is important for your doctor to be able to access all of your medical records in order to provide the best care?

Yes

No

Not Sure

Is it important for you to be able to access all of your medical records to verify your treatment data?

Yes

No

Not Sure

Are you concerned about identity theft or fraud related to eHealth?

Yes

No

Not Sure

Is it important for individuals to be able to review who has had access to their personal health information?

Yes

No

Not Sure

Are you willing to share your personal information to help public officials look for disease outbreaks and research ways to improve the quality of health care?

Yes

No

Not Sure

Did you ever held back information from a health provider because you were afraid of who would see this information and for what it would be used.

Yes

No

Not Sure

Have you received any promotional advertisements on health care products from marketing agencies?

Yes

No

Not Sure

Do you think that government should regulate the agencies who access your personal healthcare data?

Eg: Private Health Insurance companies, health products marketing agencies

Yes

No

Not Sure