Business Daily from THE HINDU group of publications
Monday, May 05, 2008
ePaper | Mobile/PDA Version | Audio
eWorld
Features
Stocks
Cross Currency
Shipping
Archives
Google

Group Sites

 eWorld - E-Commerce & E-Business
Industry & Economy - Health
Columns - Security Musings
Patient acceptance

Electronic health records raise concerns of data security but are likely to gain ground over time.


R.K.Raghavan

Many of us have faced, some time or the other in our lives, stressful situations leading from an inability to lay hands on crucial past medical reports of a near relative who is seriously ill. These had either been misplaced at home or the physicians or hospitals concerned, which had treated the patient in the past, had simply not handed them over to the family.

It is possible again that the information pertaining to a person’s past medical history is scattered among several doctors and hospitals to prevent their quick collection and arriving at a holistic appreciation of a person’s state of health. It is common sense that a physician examining a patient who complains of multiple ailments would undeniably need the benefit of a comprehensive history of the latter’s past illnesses in order to arrive at a quick diagnosis of a current problem.

While this is the case with ill-organised individuals, record keeping by medical practitioners and hospitals themselves is not very much better.

The scene in India is changing but it is a painfully slow process. A few progressive hospitals have, no doubt, started maintaining electronic records. They have made some investment in technology and training in the area of digital management of patient data. The speed of retrieval of such data is, however, far from satisfactory.

Costs, security concerns

Generally speaking, there is no visible enthusiasm towards computerisation of data. This apathy is traceable to several factors, including the costs involved. This is compounded by the fear that online keeping of data can sometimes pose problems if there is a mishap in medical treatment that is detected much after a patient is discharged.

There is also the more important issue of maintaining data confidentiality, an annoyingly low priority among Indian hospitals and doctors.

Stealing of information from such databases by those who have a stake in the nature of stored data is also not uncommon. Sharing health data with unauthorised persons is, again, a familiar phenomenon that is equally dangerous.

Information so parted can be used for a range of dishonest purposes, and when it is related to a State functionary, there could be implications for the stability and security of a nation itself.

Microsoft, Google move

It is this backdrop that lends significance to a recent move by two IT majors in the US, Microsoft and Google, to launch a Web-based service that helps storage of health records of customers. It will be an integrated environment that fuses security and a facility for getting the right physician/surgeon, fixing appointments and managing medication.

A subscriber will set his own controls and the option to tell his doctors or hospitals what information they should send to the online record keeper and what they should not. Understandably, the implication is that whatever information is so shared should be absolutely secure and its integrity not tampered with in any manner.

Both MS and Google claim that the database they hold for customers will be encrypted and heavily protected otherwise. Only time will tell how far this claim of security is tenable.

Two medical researchers, Dr Kenneth D. Mandl and Dr Isaac S. Kohane, writing recently in the New England Journal of Medicine, have their own reservations. They perceive here a major challenge to the privacy of personal medical information. Their main concern is that till now all information was held in the confines of a hospital or the clinic of a private practitioner. The arrival of free Web-based services, such as the ones offered by MS and Google, tends to transform the scene.

The concern mainly is that neither of the two companies is accountable under the Health Insurance Portability and Accountability Act (HIPAA) of 1996 that enhanced the sanctity of health information and laid down criminal and civil liability for those guilty of its leakage.

Naturally, while fixing such liability, HIPAA did not foresee the arrival of Web-based health records, and hence we are faced with the present quaint situation arising from the business forays made by MS and Google. One of the prominent restrictions that the Act imposes is that medical researchers will have no access to the identities of individual patients whose data may have been made available to them purely for research.

Misgivings warranted

The point is that while the two IT giants may have the knowledge and resources to protect sensitive personal health data what about the lesser ones? According to one estimate, there are nearly 100 companies that are in this business of Personal Business Records (PBR), for more than a year.

They have, no doubt, password-protected templates to store data. Nevertheless, they have not displayed that kind of concern for security that should govern such intensely personal information.

The misgivings are not necessarily imaginary. The US has reported two instances of loss of medical data during the past year. First, in April 2007, a private contractor of the Department of Community Health lost a computer disk carrying data on 2.9 million people. This was lost in mail and remains untraced.

More recently, in February 2008, a company in Georgia, hired to administer health benefits for a low-income group of patients, admitted exposure of their data on the Internet for as long as seven weeks. This was the result of an inadvertent posting of such data on the Internet by an employee updating information. The population involved was nearly 71,000.

grudging acceptance, eventually?

Developments on the front of maintenance and protection of personal health databases remind me of the earlier reservations about online banking. The initial fears of lack of security evident in clients have slowly yielded place to a grudging acceptance of the convenience of Internet banking.

My feeling is that there will be a similar willingness to use Web-based services available for storing and retrieving one’s personal health information. This optimism takes into account the growing numbers of international patients who are opting for major surgeries in Indian hospitals.

If this trend becomes stronger in the days to come, one can see greater and greater care to secure information held in the Web. Google and MS may set an example here.

The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.

More Stories on : E-Commerce & E-Business | Health | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Plug the gaps

No getting away
Fun way to holiday
Patient acceptance
Flourish your mobile, not card
Action inside
Quiz
IT helps align messages books2byte
Cartoon


Smartbuy
The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription
Group Sites: The Hindu | The Hindu ePaper | Business Line | Business Line ePaper | Sportstar | Frontline | The Hindu eBooks | The Hindu Images | Home |

Copyright © 2008, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line