With more instances of Electronic Health Record (EHR) data breaches popping up in the news, skepticism is beginning to build as to whether or not the health care industry can handle the switch from paper to digital. In the most recent incident, The Surgeons of Lake County, located in northern Chicago, fell victim to a data breach by hackers who were able to gain access to e-mails and electronic medical records. Adding to the nation’s interest in this specific incident, the hackers have encrypted the data, holding it “hostage” for ransom from the health care facility. The hackers are demanding payment in exchange for a password that will allow doctors to regain access to their patients’ electronic health records.
Aside from data breaches, EHRs have come under fire for other kinks and flaws related to their implementation. In late July, a nineteen-hospital system in California experienced an outage that cut off access to important electronic medical records for five hours. In Columbus, Indiana, patients’ prolonged ER wait was blamed on Columbus Regional Hospital’s switch to an EHR system.
In all of these incidents, as well as others that have been publicized, we are witnessing an inevitable aspect of change and technological development: setbacks. During the implementation of a complex system like EHRs, we will continue to see flaws and need for improvement. While this has continued to build doubt, the health care industry will have a greater need to rely on electronic records, particularly with the changes to our nation’s health care delivery system.
Before EHRs, patients’ medical information has been documented on paper, which is on file and readily available within that specific department, and, in ideal cases, within the entire hospital. Should an individual seek medical care at a different hospital or health system, though, or even in a different department of the same hospital, his or her medical information would have to be gathered all over again. A major benefit of using EHRs is the one-time entry of medical information that can then be circulated throughout the different departments within the hospital, and in many cases, to other hospitals as well.
While recognizing that the EHR system is in great need of improvements in data protection and security, with those protections, along with compatibility between systems, there is opportunity for enhanced productive data sharing within the health care industry. With the rapid increase in the number of Health Information Exchanges (HIE) being set up, there will be a greater need for a convenient way to share medical records. Currently, electronic health record systems are being developed and supplied by a number of separate companies. While this creates competition for business opportunities between these companies, the downfall is that each company has its own system, which does not allow for communication between them. Without compatibility between systems, electronic health records cannot transfer from one company’s system to another.
First and foremost, focus must be placed on the improvement of protection and security of all EHR systems. The privacy of patient data must remain the top priority in advancements in electronic health record development. Facing this hurdle requires not only technological protection, but also the need for health care organizations’ compliance programs. The advancement of technology is ever-growing, with new viruses and more skilled hackers emerging every day. Compliance programs that train personnel about patient privacy and data security and that provide guidelines and sanctions for violations, will be essential in not only maintaining security in current EHR systems, but taking the steps needed to prevent future threats that may not yet be known.