Security problems in electronic healthcare

the professions view

In the last decade microprocessors and computers have been introduced in almost every aspect of our life. The dependancy on electronics and processors has increased tremendously. Most of our current household aplliances, cars, houses, offices, administrations et al could not work without them. The power and versatility of these processors has also evolved. BMW takes pride in announcing that the computing power of the processors in their series 7 cars is greater than that of the Saturn 5 rocket which launched the Apollo missions to the moon in the late 60s and early 70s.

Banking for instance has become one of the most computerised businesses, probably because the numerical application was so easy in this sector and ATMs have taken over from bank clerks. Instead of paying a toll at a toll booth, our cars are carrying microchips which enable transfers without stopping. This is leading to a reduction in workforce and workloads, but also to a loss in privacy. Through our GSM phones, phone-cards, credit-cards, shopping-cards, internet cookies to cite only a few, the modern human being is analysed in it's every movement, it's spending habits, it's personal taste and preferences. The cumulation of all this information is resulting into a totalitarian surveillance which is ten times worse than the one Georges Orwell predicted for his sombre 1984.

In the medical profession we try to preserve one of the last remnants in privacy and confidentiality. Patients should be able to confide and talk to their physicians in the same way as they used to confess to their priests: in absolute confidentiality. The latests developments in the investigation of the current American president by the special prosecutor have done enormous damage to another traditionnaly protected and confidential relationship, the attorney-client privilege.

Our profession will defend the privacy and confidentiality issues of it's patients to the utmost because it is at the base of the trusting relationship which makes treatment possible.

This clearly shows that healthcare is a lot more sensitive on matters of confidentiality and integrity than finances and the introduction of computers in healthcare has produced a series of issues of which some are totally ignored by to the general public.

This same general public has to discuss and evaluate these issues before the general implementation of the electronic health care record and the exchange of medical data through medical networks or the risk of controversial issues coming to sudden media attention could create a backlash for the whole industry.

This apparently simple acronym is actually a revolution in health-care. We know a classic record to collect papers whith handwritten notes, results, reports and others. These papers existed as one original in one place at a time. With the introduction of photocopying machines came the first easily available duplication process, but one still had to access and posess the original. Data on paper could be "lost", "corrected", "erased" or worse the entire file was unavailable or disappeared.

The very fact that the record has turned electronic opens a totally new perspective. The concept of a "single" record does not exist anymore. The concept of virtual (not on paper) information gives way to the concept of the "view" of a record. Every health professional can customize the data available on a given patient in a certain way or "view" giving him the information he needs at a given time for a specific purpose.

Consequently the record as we know it does not exist anymore and will progressively be replaced by what we tend to call the "patient data collection" and individual versions.

Health care data are not confined to a single computer , a mainframe or a chipcard, but are distributed in a network of supports. LANs, WANs, national healthnets, European backbone systems are all part of this growing network of health care data. The only link between all these data is the patient and this very fact is also showing the change of mentalities. Until recently physicians considered the records about their patients to be their property. Today's health professionals engage more and more into shared care principles which make issues of property useless. Nobody can own data, at the utmost somebody can copyright his own writing. Data a re linked to the patient and this transfers a great edal of responsability over to the patient. Responsability about access, transfer, correction and portability to name only a few.

As a general principle data should be stored where they are generated under the responsability of the author. This is particularly important for bulky data such as medical imagery.

The medical profession does not agree with central data storage or central data servers. The storage on network servers of the routing for particular pieces of information should be possible though. Potent browsers and middleware for the format conversion of the different types of information will be needed and are under current development

Activity on the networks has to be monitored by powerful logging systems, which could use alarms, triggers and warnings. But the most important steps to be taken in this respect is the adaptation of European and national law to the high standards of medical data security. The transposition of the European directive 95/46/ec of the 24th October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data ( to be implemented by Oct 98), is not precise enough to cover all the aspects of medical confidentiality. The profession has to insist on more precise procedures in conjunction with patient's rights organisations.

Together with an adequate legal framework the implementation of patient cards and professional user cards are the only guarantees for identification, authentification, digital signature, encryption, logging procedures, access control, merging of data and date-time stamping.

Even the most simple thing such as the unequivocal indentification of a patient has become an administrative nightmare and CEN has been busy for the last 7 years to formulate a proposal for a europe-wide identification string.

Access can vary accordingly to the different legislations, objective and subjective data have different interpretations and mentalities of patients and health professionals diverge in the different coun ries and cultures.This can lead to rather complicated medico-legal issues.

Medical data should be unalterable and unerasable. This is easily said but a nightmare for systems developers to implement. It is a clear statement from the profession to prevent tampering and manipulation of information. Every medical data cluster or transaction should exist in layers if it has been either updated or corrected and the most recent version has to be on top of this layer. Older versions or layers have to be accessible and each alteration or update should bear authorship. In some rare cases erasures should be made possible through particular appeal instances but have to remain an exception. All data has to be date-time stamped and linked to the patient and the author. The issues of digital signatures are adressed in a different presentation.

Reliability of networks, data communication speeds, physical protection of servers and data, mirroring procedures, compatibilty issues and guaranteed access should not be adressed here but are also part of data security.

The electronic record is changing our conception of medical record-keeping and giving us new opportunities. To guarantee the trusted patient-health professional relationship a lot of human and material investment has to be made. Legal issues have to be adressed and the existing framework has to be seriously updated to cover all the issues. The medical profession is reluctant to engage fully in this experiment if the finality is not solely the improved patient care. In some countries electronic record keeping has had mainly financial interests and created the totally "transparent" health professional. The introduction of electronic patient records is an issue that adresses society in general and should be discussed as such on a very broad spectrum. We are still waiting for all this to happen.