Sentara Healthcare has added the U.S. Department of Defense to a roster of government and private entities it can share electronic health records with, officials announced last week.
"Hampton Roads and Northern Virginia have one of the largest communities of active duty and retired personnel in America. It's a mobile population and, for the first time, we can offer a continuous lifetime record that begins at birth and moves with the service member through military, VA and commercial care," said Bert Reese, Sentara senior vice president and chief information officer.
Sentara operates a number of acute care hospitals in Virginia, including Sentara CarePlex in Hampton and Sentara Williamsburg Regional Medical Center in Williamsburg, along with physicians' offices and outpatient facilities throughout the region and in Northern Virginia.
Through its adoption of Epic, a private online platform, in 2007, and later by joining the national public-private partnership eHealth Exchange, Sentara now shares records with other health systems on Epic, which serves 54 percent of the nation's patients, as well as U.S. Veterans Affairs and the Social Security Administration.
Electronic health records allow immediate access to patient charts, regardless of location, and are meant to reduce duplication of care and medication errors. But they raise concerns about privacy and the security of sensitive information.
"We're an interconnected society. We want to leverage the benefits while keeping the information safe and not altered," said Heather Engel, a cyber-security expert with Suffolk-based Sera-Brynn. She pointed to three key elements in electronic information sharing — confidentiality, data integrity and data availability. With appropriate infrastructure, there's no increased security risk in systems sharing, she said.
History of sharing
Sentara signed on to government record-sharing through eHealth Exchange this time last year.
"It opened the door for us; we started connecting to the VA and Social Security at that time," Reese said. He said the information sharing reduced the time to process disability claims from months to hours, "even minutes."
"It's hands-off through a secure connection. It's more convenient for the patient," he said.
In the past two years, eHealth Exchange, which started as a government site in 2006, has evolved into a public-private partnership run by a nonprofit, Healtheway, that allows electronic data-sharing of health records.
The Department of Defense encountered unspecified delays signing up, according to Tom Wilson, Sentara director of information technology, but now that it's online both the department and Sentara health providers treating active-duty military can access records at any of their facilities.
Wilson and Reese emphasize that the records exchanged are copies, that only one is sent at a time and that it must be requested by an authorized partner with a patient present. Updates to records follow a similarly secure path between systems.
In 2007, Sentara began using the Epic platform to manage its electronic health records.
"It's by far the best anywhere. It has a good track record," said Wilson.
By 2016, Bon Secours, Riverside health system and Chesapeake Regional Medical Center will all have implemented Epic, allowing health data sharing among the region's private health systems.
How secure?
With the 80 million-person Anthem data breach still fresh — its cause remains undetermined, according to local spokesman Scott Golden — security remains an issue of primary concern both to health-care providers and platform operators. Stolen medical records can be used for fraudulent tax returns, which saw a bump last year; to obtain insurance fraudulently; and to access prescription drugs for resale, said Engel.
Sentara and Epic representatives point to all the safeguards in place. "Two technical teams have to set up a relationship and what the security is going to look like; nothing is sent dynamically without a request; and payload — clinical information — is encrypted," said Reese.
Meanwhile, health-care companies have reported more data breaches than any other industry in the past three years, accounting for almost half of all cyber-attacks in 2014, according to statistics compiled by the Identity Theft Resource Center, a national nonprofit. The center reports the number of health data breaches as having risen over the past decade from 16 to more than 330 in 2014.
Asked if Epic health-care systems had suffered any data breaches in the past two years, Eric Helsher, vice president of client success, wouldn't give a direct response. Instead, he indicated that typical data breaches involve unauthorized end-users rather than hacked information. This is counter to the Identity Theft Resource Center's report that hacking has taken over as the leading cause, accounting for almost 30 percent of breaches. The center also noted that accidental exposure has halved and insider theft has remained relatively low at around 10 percent with the previous leader, data transfer, now the least risky.
Sentara IT specialist Wilson believes electronic records are more secure than paper; he pointed to the dangers in records that were hand-carried, often mailed or faxed, and handled by multiple personnel, in addition to the delays in clinical service that often resulted. He said electronic health records allow different degrees of access, according to a provider's role in a patient's care. "For example, a doctor sees more information than a lab tech," Wilson said.
A former Department of Defense employee, Engel doesn't see any additional security issues with sharing data between government and private systems. With the proper precautions, she said, the benefits of electronic records are great in reducing input error through the one-time giving of information, and in emergency situations. Engel said Anthem had apparently not taken full precautions, such as encrypting client information.
But she also said some of the burden belongs on consumers.
"How many of us actually read the paperwork and understand how it's used or shared?" she asked. People need to take personal responsibility for how much information they're prepared to divulge for convenience. "If you don't want to give your Social Security number, then you need to be prepared to file your own claims," she said, listing numerous areas — banking, bill-paying, etc. — in which the public typically gives up privacy for convenience.
Engel counsels corporate clients to question how much data they need to store and for how long. "A cyber-criminal only has to be right once. We have to be right 100 percent of the time," she said.
---
Autor(en)/Author(s): Prue Salasky
Quelle/Source: Daily Press, 05.05.2015
Bitte besuchen Sie/Please visit:
