Home » News » Health Information Exchange (HIE) | Privacy and Security
Receive News By Email

  • del.icio.us
  • Digg
  • StumbleUpon
  • Reddit
  • Facebook
  • Google
  • RSS Icon
  

Health data security turns out to be international issue

June 24, 2010 | Kyle Hardy, Community Editor

SCOTLAND – The security of patient data has been, and continues to be, a major problem for the US in achieving its goals for an interoperable healthcare system. According to Kurt Long, CEO of FairWarning technology solutions, the same problem can be found all over the world.

"If you break the market into Scotland, England, Ireland and Wales, we see the same privacy challenges across the board," said Long. "England alone is a fair size."

FairWarning currently works with more than 300 providers found in Canada, the United States and the United Kingdom with some prospective clients in France. By visiting with so many providers in multiple countries, Long said he has encountered similar struggles preventing data breaches. But it's not just the IT side that's sensitive to sending records electronically.

"If we look at this from an HIE point of view, I think the US market is behind," said Long, and "will find that physicians are very sensitive about sending full records electronically. This is non-obvious until you're on the ground; if I'm the physician, I will want to know who exactly will be seeing the health record."

NHS Lothian, a Trust based in Scotland and a client of FairWarning, has just finished implementing a data auditing solution. The solution provides data auditing to detect any data breaches going on at the facility.

The NHS is part of an advanced nationwide healthcare information exchange in Scotland. Officials said the new solution has helped them to discover previously undetected privacy breaches of patient information. Long said that because of the immense amount of data, breaches can happen right under the noses of providers without ever being noticed.

"This [electronic exchange of data] is all relatively new stuff," said Long. "Whatever the case is, not many are auditing robustly and monitoring. EHR vendors, HIEs and provider don't really understand how much data is required."

In reaction to this, Long said FairWarning is putting together a three-part guide to auditing along that include:

  • Standardized data definitions;
  • Enterprise Security data definitions (available July 8th);
  • A guide of best practices for implementation (available in the coming months.)

According to Long, the guides will be free for providers and other industry players to use based on the terms of the open patten.

Related Topics:

Reader Comments (3)Login to Post a Comment

Glen says: When HASN'T This Been The Case?
June 29, 2010 | 12:27PM GMT

For someone like me, who has been involved in healthcare IT privacy and security for several years, the international nature of healthcare privacy and security is not news.

While there are social policies and regulatory differences among nations, it is possible to communicate health data across borders *IF* differences in policies can be resolved. Current standards support automated mechanisms to address those differences.

Past standards efforts in ISO/TC 215, HL7, DICOM, OASIS, ASTM, IHE, and especially last year's HITSP Tiger Team for Privacy and Security addressed internationalization issues. The ongoing reinvention of the privacy and security wheel may lead to a more parochial result.

My concern is that current HITPC/HITSC Tiger Team efforts in the US, as well as politics, will lead to the US being a healthcare island. I hope they embrace the past work. If not, those who visit the US, or those in the US who travel to other countries, will be disserved.

DierdreM says: Yet Another Ad Dressed Up as News
June 24, 2010 | 4:29PM GMT

"The security of patient data has been, and continues to be, a major problem for the US in achieving its goals for an interoperable healthcare system."

Care to provide ANY evidence at all to back up this assertion? Or is it something you picked up from the press release regurgitated here as "news"?

khardy says: Security breaches
June 28, 2010 | 10:02AM GMT

There are a multitude of examples demonstrating that statement. Just this year, HIMSS Analytics published a report on providers' plan of action against these types of security breaches.

http://www.healthcareitnews.com/news/healthcare-data-risk

June 18, 2010, California announced that 5 five hospitals were individually fined for breaches in patient confidentiality. Total amount of fines equaled $675,000.

http://www.healthcareitnews.com/news/five-california-hospitals-fined-sec...

April 22, 2010, a laptop in Texas was stolen from an employee's vehicle that contained personal health information (PHI) of some 600+ veterans.

http://www.healthcareitnews.com/news/va-ramps-enforcement-contractor-dat...

If it wasn't a challenge, why would our healthcare system be having these issues?