24 Jun The challenges of maintaining patient privacy and delivering secure clinical information
UW Hospitals and Clinics officers discuss security challenges
MADISON – The white board in the middle of the emergency room that lists each patient and their condition is a familiar scene in many hospitals. But is it a violation of patient privacy?
Balancing the best interest of the patient but still providing information to the many care givers that require it was the topic of a lecture given by Dennis Dassenko, UW Hospitals and Clinics’ chief information officer, and Lisa Risberg, UW Hospitals and Clinics information security officer, Wednesday at the Digital Healthcare Conference in Madison.
In an environment filled with HIPPA regulations, wireless Internet and portable devices, security officers face many challenges as they work to secure patient information.
The ability to access and view patient records remotely, is a concern and priority for many physicians. For example, a caregiver needs to view patient information and is required to can do so in a secure manner, but they may not be able to print any information from their home computer because of security precautions.
“To achieve that security level, I know I’m going to irritate that physician or provider … they may not use the system,” Dassenko said. “Today, people can literally send thousands of patients’ records in a matter of minutes, and the question is how do I secure that?”
Making information available and protecting privacy, especially with referral physicians, is another security conundrum. Risberg said that since not all patients choose to receive all their care at one institution, records must be shared and copied.
“The challenge is that physicians both need access to this data in both places so we have to figure out this release of information issue,” she said.
Similarly, when caregivers go to outreach sites, continuity of care issues come up in the form of legal and physical separations.
Risberg said that leveraging HIPPA’s legal definitions can allow practice in two places while still keeping patients in mind.
Within hospitals, technological protections at workstations, such as session inactivity logouts, can be counterproductive.
“From a technology-security perspective, you’d say shorter [login time] is better.… But from a clinician’s perspective it’s just the opposite,” Risberg said.
Risberg cited an example of computers in operating rooms, where doctors cannot simply take off their gloves and re-login after being booted off by the system. To solve this, UW Hospitals and Clinics implemented a limitless logon system just for their operating rooms.
“What seems simple in a clinical environment is sometimes not so simple,” Risberg said.
Unique user identification is also necessary for hospital workstations but sometimes a medical environment is so fast-paced that the time required to login and out actually delays patient care.
To solve this problem, Risberg said group logins – where many people can share a session – are utilized. But these privileges are restricted to computers.
Currently, a hot issue at UW Hospital is securing patient data transmitted by portable devices and wireless networks. While some security precautions make the technology less attractive to use, some physician’s use personally owned devices in an insecure manner.
“People can buy whatever they want to buy. .. Where we’re trying to protect patient privacy is in the use of these devices. We ask that they don’t put patient data on those devices. Do I think 100 percent of physicians comply with that? I don’t think so,” Riseberg said.
Audience members identified with the struggle to keep patient data secure.
“Security officers are generally paranoid, they think of all the things that could go wrong, while doctors and nurses are used to distractions and don’t understand that paranoia,” said Kendra Jacobsen, of Madison Patient Safety Collaborative. “They’ll say ‘Of course someone can sign in with my password!’ Security’s job is much more difficult because of regulations like HIPAA.”
_______
Kristin V. Johnson is the Associate Editor of WTN. She can be reached at kristin@wistechnology.com.