I recently read an article about a government in Europe whose electronic medical records was hacked. This country had most of its citizens on a national EMR platform – which meant that all the private notes from counseling sessions were suddenly public knowledge.
Needless to say, the fallout was not pretty – leading to a few suicides, among other things.
Even with that cautionary tale, the United States, among other countries, are now hell bent on creating similar all-in-one EMR platforms. Which means that it’s only a matter of time until similar sensitive records are exposed for their citizens as well.
What’s needed is a good way to divorce, isolate and compartmentalize these extra-sensitive records so that multiple keys are needed in order for access to be allowed.
The way to accomplish this is actually dead simple.
But it will require discipline and buy-in from medical professionals who are notoriously resistant to change and, also, overworked with paper shuffling.
How It Will Work
All you need is a separate note-taking platform where data is encrypted and each patient is assigned a unique random number instead of name.
The cross reference between the unique random number and the patient name is kept off-line by the doctor on paper or in a separate password system (eg: KeePass, LastPass etc.)
Why It’s More Secure
If a hacker successfully penetrates the EMR system, they do not have access to the data in the separate note-taking platform.
If they penetrate the note-taking platform, they do not have access to the cross-reference map for patient names.
In other words, it would require THREE hacks to THREE SEPARATE SYSTEMS for these patient records to be released with patient names.
Doesn’t That Defeat The Purpose Of The All-In-One EMH?
Somewhat. But most times doctors and insurance companies do not need the detailed patient notes – just a diagnosis code and a high-level summary. You still get almost all the benefits of the EMR while keeping the most sensitive patient data secure and in the hands of the medical professional that needs it the most.
Barriers To Implementation
The largest implementation barrier is not technology, but the doctors themselves. Having to look up the cross reference keys for each patient and log into yet another system is going to be annoying for them.
So a massive education campaign will be needed to convince them of the need for the solution and that it’s worth paying for it.