State health information exchanges could eventually pool patient data into a vast national database, but privacy advocates have significant concerns.

Alison Diana, Contributing Writer

August 26, 2014

6 Min Read

Healthcare IT Cloud Safety: 5 Basics

Healthcare IT Cloud Safety: 5 Basics


Healthcare IT Cloud Safety: 5 Basics (Click image for larger view and slideshow.)

State health information exchanges could one day connect, compiling patient data into a vast national database.

Such a centralized repository of information won't necessarily result from a request for proposal and years of integration work. Rather, it's probably starting right now, as states create health information exchanges that ultimately will connect, allowing professionals from throughout the country to access records regardless of location or insurance plan.

Advocates argue that creating a centralized storage center makes sense medically. Patients located on the West Coast, for example, could get treatment from specialists in Boston, assured that clinicians can access their complete and current healthcare information. Patients would no longer spend hours completing duplicate forms for each individual clinician since every provider's office could access all patient records. Risks and costs would drop as test results and other medical information become available nationally.

[Has your organization taken these steps to bolstering security? See 10 Ways To Strengthen Healthcare Security.]

Earlier this year the Office of the National Coordinator (ONC) for Health Information Technology (HIT) unveiled its 10-year interoperability plan, which aims to improve care, cut costs, and enhance patient engagement by enabling government agencies to access patient data from a broader spectrum of providers.

"There is no better time than now to renew our focus on a nationwide, interoperable health IT infrastructure -- one in which all individuals, their families, and their healthcare providers have appropriate access to health information that facilitates informed decision-making, supports coordinated health management, allows patients to be active partners in their health and care, and improves the overall health of our population" the report says.

Access to patients' records regardless of their hometown or primary physician would reduce the number of accidental deaths related to medical errors, said Stephen Cobb, senior security researcher at ESET North America. In 2013, between 210,000 and 400,000 patients in the US died as a result of medical errors, according to the Journal of Patient Safety, with serious harm 10 to 20 times more likely to occur than lethal harm.

Figure 1:

"If we had better... access to data, we could solve these [problems]," Cobb said. "Imagine if you were able to [swipe] an unconscious person's fingerprints and pull up the person's records to find they're allergic to latex or penicillin."

On the other hand, the Citizens' Council for Health Freedom argues that centralizing the nation's patient records is dangerous and intrusive. EMR benefits are negligible and unproven, countered Twila Brase, the organization's president and co-founder, and the risks far outweigh any rewards.

"Our government is funneling billions of dollars into systems that will dump all of our private medical records into one giant hub -- accessible by many," Brase said. "The government is touting these procedures as ways to streamline patient care, but they're actually an attempt to capture and store Americans' private medical data and share it with agencies that have nothing to do with health care."

Critics of a national health database worry about where this data will be stored, how it will be used, and who will have access to the information. Despite laws that protect individuals from discrimination due to medical condition, and insurers' inability to ban coverage because of prior medical conditions, skeptics of a nationwide health database fear misuse, abuse, and theft of these personal records. They suspect companies will profit

from consumers' medical data. And they wonder whether the government has other reasons for seeking such personal information from everyone -- even those it does not insure or treat.

For example, what if healthcare providers, government agencies, insurers, or self-insured employers were to marry consumers' health records with voluntarily revealed information from social media posts, or credit report data? Some insurers already buy consumer information from data brokers to identify high-risk patients -- those who smoke, regularly eat at fast food restaurants, or drink excessive amounts of alcohol, for example -- and use predictive modeling to find those patients who need the most medical attention.

Critics also worry that a nationwide central database could become a "back door" into other issues. Florida, for example, recently barred physicians from asking patients about gun ownership -- a ruling lobbied by the National Rifle Association, among other groups. The Firearm Owners' Privacy Act, which passed in 2011 in response to the American Medical Association's plea to promote safe gun ownership, was appealed but upheld in court. The Act, which aimed to help doctors discuss gun safety and storage, represented a privacy breach to some who worried it enabled government or other agencies to accumulate information about gun owners.

According to the Christian Science Monitor, for example, one physicians' office separated a mother from her children in order to question the youngsters about the family's gun ownership; in another case a pediatrician reportedly refused to serve a mother who declined to answer a question about guns. Judges ruled, however, that doctors are encouraged to ask about guns if relevant, such as in the case of someone threatening suicide, judges ruled.

Still, the likelihood of a national health record database being developed is slim, according to John Hoffstatter, a physician assistant and delivery director, advisory services, at CTG Health Solutions in Jacksonville, Fla. "Interoperability is just not where it needs to be," he said in an interview.

Given breaches like last month's hacking of Community Health Systems' network, consumers will be more concerned about data security, Hoffstatter pointed out. "People are more aware of breaches and the dangers they pose."

Chris Zannetos, CEO and founder of security developer Courion, agreed. "The advent of one health database is unlikely," he said, pointing to the industry's current integration woes, multiple disparate systems, and protection worries.

"Security professionals would look at this in contradictory ways," he noted. "On one hand, they would be extremely worried if the government had a single repository for all that information because it creates a single point of failure. From a security and privacy perspective, actually having information dispersed is in many ways viewed as optimal -- you don't have single point of failure or that catastrophic breach where everything is exposed." "On the other hand," Zannetos continued, "from healthcare provider's viewpoint, if there was a way for doctors to see all a patient's records, it would improve care."

Creating a central medical database is both a security risk and potentially beneficial, Cobb agreed. "There are trends in technology that would facilitate the move to that, and reasons to think it could be a good thing from a security and privacy view," he said. "If a central repository for everyone's healthcare data [became] a crown jewels situation, protected by people whose job is to protect things -- not people whose job is to treat patients."

If the world wasn't changing, we might continue to view IT purely as a service organization, and ITSM might be the most important focus for IT leaders. But it's not, it isn't and it won't be -- at least not in its present form. Get the Research: Beyond IT Service Management report today. (Free registration required.)

About the Author(s)

Alison Diana

Contributing Writer

Alison Diana is an experienced technology, business and broadband editor and reporter. She has covered topics from artificial intelligence and smart homes to satellites and fiber optic cable, diversity and bullying in the workplace to measuring ROI and customer experience. An avid reader, swimmer and Yankees fan, Alison lives on Florida's Space Coast with her husband, daughter and two spoiled cats. Follow her on Twitter @Alisoncdiana or connect on LinkedIn.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights