MUSCMedical LinksCharleston LinksArchivesMedical EducatorSpeakers BureauSeminars and EventsResearch StudiesResearch GrantsGrantlandCommunity HappeningsCampus News

Return to Main Menu

Patient confidentiality, EMR safeguarded

by Jack Foust, M.D.
Assistant Professor of Psychiatry and Behavioral Science
Chairman, EMR Security and Confidentiality Committee
Patients expect their private medical information to be kept in confidence—to be protected from disclosure without their explicit permission. This is an ethical and legal imperative with roots as early as the Oath of Hippocrates: 
 
“...Whatever, in connection with my professional practice...I see or hear...which ought not to be spoken of abroad, I will not divulge, as reckoning that all such should be kept secret...”
 
More than two thousand years later, the oath is still on target, but our current health care system requires a lot more people to have access to a patient’s medical record than just the patient, doctor, and nurse. 
 
For example, insurance companies, and the clerk in the doctor's office who deals with them, often need details from the record.  The situation has been further complicated by the advent of electronic medical records (EMR). This new way of recording, storing, and viewing records has brought new problems in the area of patient information security, but there also are new security opportunities not possible with the paper record.
 
With the media attention given to “hackers” in recent times, it's not surprising that many patients have concerns about the security of their electronic medical records.  Even users who never consciously thought about confidentiality while accessing records every day may suddenly become concerned when they become patients themselves.

Risks different, not greater
The truth is that any system has potential risks defined by the people, technology, and procedures that comprise the system. Electronic systems don't necessarily create greater risks than paper systems, but they do create different risks. It is the responsibility of the EMR Security and Confidentiality Committee (a subgroup of the Clinical Information Systems (CIS) Steering Committee) to work with relevant personnel throughout MUSC to assess such risks and recommend policies and procedures designed to safeguard clinical data.
 
There are a variety of safeguards already in place.  First of all, the user of any MUSC clinical system must sign a Security and Confidentiality Agreement before being granted access. By his or her signature, the user promises to abide by all institutional, state, and federal rules concerning health information confidentiality.
 
Of course, MUSC's systems don't rely just on promises for security. A second safeguard is that all users must be authenticated before they can obtain access to any clinical information. Authentication in most of MUSC's systems consists of a user ID and password; MUSC is like most other health care organizations in this regard. Obviously, this method is reliable only if the user chooses a hard-to-guess password, keeps it totally private (just like an ATM PIN!), and regularly changes it.
 
Another important safeguard in MUSC's medical record systems is constant, automated auditing of user activity. These systems log when (and from where) who is accessing what. Users are responsible for accessing only those records for which they have a legitimate need. Audit trails are reviewed regularly by authorized personnel and can suggest or even prove inappropriate access. In fact, earlier this year a clinician was terminated due to improper access to records which was verified by review of the audit trail.
 
An especially sensitive area involves the transmission of clinical data beyond the bounds of MUSC's network—out over the Internet. Such transmissions are subject to a set of Health Care Financing Administration (HCFA) regulations further complicated by a relatively new federal law called HIPAA. (See above.)
 
Although there are many technical solutions to the security problems posed by electronic medical records (and many vendors eager to sell these solutions), the most effective solutions rely on continuous education to promote responsible user behaviors such as:

Keep your passwords secure.  
A good, secure password: 

  • Is never shared.
  • Is always changed every few months.
  • Can't be found in the dictionary.
  • Can be easily remembered.
  • Isn't a personal name or easily guessed personal number.
  • Is a combination of upper and lower case letters and numbers (some systems even allow punctuation marks).
Use records appropriately.
  • Do not access records without a legitimate need to know.
  • Do not disclose information to others unless they have a legitimate need to know.
  • Destroy—properly and promptly—any information printed from a clinical system for temporary use. “Properly” means shred it or put it in the “to be shredded” bins now being distributed to clinical areas. Dropping it in the trash or a regular recycle bin is not sufficient. “Promptly” means as soon as you're done using the printout.
Use access privileges appropriately.
  • Assume your access is being monitored.
  • Log out when you're done! (If you don't, the system will think that you are making the accesses actually being made by the next person using your workstation!)
Report suspected breaches of security.
  • Misuse of systems harms patients and the institution.
  • Reporting breaches early can help limit resulting harm.  
  • Your vigilance protects your record just as much as all the other patients’ records.
  • Some breaches resulting from carelessness or misunderstanding may only require additional training.
  • More serious breaches may warrant disciplinary action up to and including termination.
  • Suspected breaches should be reported to the Hospital Authority's Information Security Officer (see sidebar on page 6). 
Links to many resources concerning the security and confidentiality of electronic medical records can be found at MUSC's Emerald (EMR) Project Web site, <http://emerald.musc.edu>, and my (Dr. Foust’s) personal site, <http://www.musc.edu/~foustmj>.
 

Steps toward better access, better security

During the last four years, the Emerald Project's Security and Confidentiality (S&C) Committee has brought together experts and interested parties from throughout MUSC to carefully debate the many sensitive issues in this area, develop recommendations for policy and procedure, and spearhead the establishment of other appropriate mechanisms for safeguarding our patients' data. Here are just a few of S&C's recent accomplishments:

Office of Information Security
During the last two years the committee conducted most of the groundwork needed to establish this important office. Recognizing this importance, the Hospital Authority in May hired its first information security officer (ISO), Tericia (“T”) Rossiter. T can be contacted at 792-4037 or rossitet@musc.edu.

Better communication with referring physicians
The Committee has worked closely with CCIT and the JCAHO Preparedness Task Force to devise policies and procedures to improve communication with referring clinicians by allowing them direct access to MUSC's EMR systems. For information on how to provide referring clinicians this capability, contact the ISO.

Remote access
Direct-dial via modem into MUSC's PPP server (previously the only way to get to MUSC's clinical systems from off campus) can involve expensive long-distance charges and is subject to line noise that slows transmission. Other means of remote access to MUSC's clinical systems (e.g., a home cable modem, or a modem call to a local America On-Line access point when out of town at a conference) all require routing transmissions over the Internet. Before any MUSC clinical data can be transmitted through the Internet, HCFA requires MUSC to have not only a comprehensive policy dealing with Internet clinical transmissions but also the technology for authenticating, encrypting, and auditing such transmissions. Last summer the committee completed the policy (approved by the Board of Trustees in October), and the necessary technology was installed last winter.  Most of MUSC’s major clinical systems have now been certified compliant with the policy and technology, thus allowing remote access via the Internet. If you have a system you'd like to certify, contact the ISO.

HIPAA
The federal Health Insurance Portability and Accountability Act of 1996, portions of which are still being finalized, establishes many new regulations concerning the privacy and security of medical records. The committee is working with the newly formed HIPAA Compliance Committee to ensure that MUSC's policies, procedures, and technologies are compliant. (If you'd like to participate in the HIPAA Compliance Committee, contact the ISO.)

Reviewing EMR records for research purposes
MUSC's clinical systems are highly valuable sources of information for researchers seeking to better understand many aspects of health care. New data mining products will be available soon to extract and analyze information across groups of patients rather than the traditional method of one patient at a time. The committee has worked closely with the Data Mining Development Steering Committee (another CIS subgroup) and the Institutional Review Board to establish policies and protocol for accessing clinical systems for research purposes without compromising patient confidentiality or safety.

Monitoring EMR access
The committee is working closely with CIS, other CIS subgroups, and CCIT to fine-tune auditing capabilities, policies, and procedures. 

E-mail compliance
Routine e-mail coming from or going beyond the bounds of MUSC's network is not secure and violates HCFA regulations if it contains patient-identifiable information. Unlike the Web, which can shift into secure transmission mode without the user having to do anything special, current mechanisms for making e-mail secure require manual intervention and are neither convenient nor easy for the average user. 
 
The committee is developing recommendations for how MUSC's e-mail systems can be made compliant with the HCFA regulations without sacrificing the ease and convenience of normal e-mail. Until a solution is available, clinicians are strongly advised to avoid transmitting clinical information via e-mail. Simply inform the colleague or patient who e-mails you that you will be happy to continue discussing the case by phone.
 
MUSC benefits from the committee members’ occupational and background diversity. 
 
If you would like to participate, contact Chairman Jack Foust, M.D., at foustmj@musc.edu.