CONCERNS about e-health privacy are growing around the world.
Most recently, the British Medical Association Scotland called for stronger measures to protect patient confidentiality, particularly with the way patient information can be shared between medical users.
The Australian Privacy Foundation (APF) has highlighted similar concerns about the situation in Australia.
Empirical research findings show clinical end-users frequently covertly share credentials such as user names and passwords so they can share health data.
This may occur because the clinician who has the necessary password access to health data is absent or a particular system has not been used for a while and their password has expired.
Clinicians also need access to patient records from various systems in order to base their diagnoses on a coherent record of patient care (eg, x-ray record, test results, specialist reports).
Anecdotally, students in my medical sciences courses at Monash University tell me that while it is easy to put information into an e-health system, the reverse is true when trying to get care information out of the system.
This is of special concern because e-health records display such a vast amount of patient information on a large number of computer applications.
At the same time, Australian health authorities have only just begun to devise a privacy and security framework for our e-health records (the security and access framework).
But it will be several years before patients will see any benefit from the national initiative.
In the meantime, all patient identification details can now be interconnected via a single health identifier number, stored in a central database.
Under the Medicare Healthcare Identifier service, launched in July this year, more than 600 000 health care providers — including pharmacists, psychologists and podiatrists — will be given unique identifiers allowing them to access patient numbers.
A scan of media reports shows how human error or malfeasance poses a significant threat to the privacy of patient e-health information.
I am particularly concerned that the database will become an identity fraud resource or even be subject to media curiosity through misuse of information and communication technology to get “a good story”.
Yet Australian health authorities have failed to deal explicitly with privacy over several years. In the absence of any privacy framework, they continue to avoid implementation of e-health security and access issues.
This represents a process failure that repeats past failures to grapple with, in the first instance, the hard but necessary e-health privacy and security details.
To help mitigate the e-health privacy and security concerns in Australia, work is underway with commercial e-health organisations through the Australasian College of Health Informatics to develop an information security template.
Clinicians interested in the requirements for secure access to clinical information and responses to suspected breaches can access APF policy statements on eHealth data and health identifiers and Protections against eHealth data breaches.
Dr Fernando is a lecturer with the Faculty of Medicine, Nursing and Health Sciences at Monash University and a councillor on the Australian Privacy Foundation board. Her special interests are in medical informatics, information security and e-health tools.
Further reading
Medical Ethics Committee, British Medical Association. Confidentiality and disclosure of information tool kit.
British Medical Association. BMA News press release. Doctors have no confidence in NHS database, says BMA News poll.
BMA says “suspend SCR roll-out”. ehealthINSIDER 2010.
The health information system security threat lifecycle: an informatics theory. Int J Med Inform 2009; 78: 815-826.
Healthcare data risk greatest from human error. InformationWeek 2010; May 20.
Posted 1 November 2010
The PKI system is so complicated that few GPs (or other Dr’s for that matter) have the time or inclination to use it. It needs to be as simple as – plug in dongle – enter password and then be immediately taken to the site where you can choose the action you require without further ado. If it is not as easy as that then few people will use it. The site concerned could have multifunctional use as well as access to patient data access to Dr Shopping information – etc
If a doctor used their own personal digital certificate only for clinical tasks, it would then be easy to allow instant access to patient data as the requester could be immediately identified as a doctor. Misuse could be detected by the privacy watchdog and offenders disciplined.
This has been working since the 1990s in Britain and we don’t have to reinvent the wheel.
The ponderous PKI structures for Medicare claims were designed for accountants and by accountants. Hardly any doctors use their personal PKI dongle for anything and most have lost them over the years and rely on their clinic location PKI certificate. This might re-invigorate the use of PKI by doctors, but perhaps AHPRA is a better certifying body for PKI certificates for clinical use than Medicare.