The article titled “Computer Security Expert’s Perspective on Electronic Medical Records” presents the views of an Information Technology (IT) security expert, Troy Thomas, on electronic medical records (). Thomas Is the Chief Security and Privacy Officer for Key Corp. which Is the parent company of Key Bank. Thomas has a bachelor’s degree in Computer Information Sciences from Cleveland State university, Cleveland, OH. Thomas asserts that the medical industry is slowly becoming computerized and, eventually, electronic medical records will be the norm.
He points out that, however, getting from a highly distributed, paper-based model to a fully computerized Emus model will be challenging. Changing to a more computerized Emus model will Introduce risks that the current paper-based model does not have and will solve some of the inherent risks associated with the current model. The current paper-based model inherently has the following risks: records are susceptible to fire, flood, mold, termites, decay, fading of ink, and misplacement of an entire folder or subsections.
Paper records are easily copied or stolen, easily accessed by office personnel or people who Just happen to be near an unattended folder of medical records. An Arms model Inherently has the following risks: computer equipment can fall or break, technology changes quickly. And Information stored a long time ago may not be easily accessed at a future date. Information that was once stored can become inaccessible; information can be accessed by unauthorized individuals. Electronic information can be altered.
Electronic components do not react well to fire, water, dust, dirt, humidity, being dropped, or being abruptly unplugged. To mitigate these Inherent risks, modern computer centers have strict environmental controls to ensure that computer equipment Is run in an optimal environment and Is backed up and available at an alternative site (for disaster recovery purposes) and has proper security controls deployed to ensure that information can be accessed by authorized personnel only. Technology controls exist that can prohibit information from being altered.
For example, there are direct access storage devices that allow information to be written once and read many times. The inherent risks of the paper-based model and the Ears model are vastly different but mitigating controls exist that can adequately address the basic Inherent risks described thus far. Typical, practicing physicians, however, cannot be expected to set up a dedicated computer center with all of the environmental, physical, and logical access controls that are needed to adequately safeguard their patient records.
Therefore, for true Tears to be really secure, a model or protocol is needed whereby physicians store their patients’ medical records at a reputable and secure data center that offers the physicians an service for accessing and storing for example, are the agencies reputable and can they be trusted with patient medical record information? With medical record information coming in from multiple physicians, a unique patient identification number would be needed so that records could be appropriately combined within patient files.
With so much information in one place, clear controls would be needed to ensure that the people accessing the information receive only the information that is truly needed. Ensuring that quality information is captured and maintaining patient privacy will be the most challenging aspects of Mrs.. Computers don’t improve quality. However, computers can make quality issues and mistakes much more visible and potentially harmful. The author highlighted that the Arms Journey will probably parallel some of the issues that exist with electronic voting where so many questions such as whether society can trust the vendors who sell the voting equipment.
Can a vote be altered after it has been cast? How does society effectively centralize a highly decentralized model? Can foreign governments hack American voting equipment and influence an election? How is a person’s voting history stored and secured? In the end, Ears will be a reality in the healthcare industry. The benefits of centralized electronic patient medical records outweigh the risks associated with changing the model. Ultimately, it is a question of trust, not technology.
Will physicians trust their patients to stay with them when their patient medical records are more easily transferred to another doctor? Will patients trust that their medical records are appropriately safeguarded against inappropriate access and that the information contained within their records is accurate and of high quality? Ultimately, Thomas believes the answer to these questions is yes in the long run.