Keeping Mobile Data Safe
The Potential of Electronic Health Records
Electronic health records (EHRs) have the potential to improve many aspects of health care delivery in resource-poor settings, from averting dangerous drug interactions to providing additional layers of security; from removing the problems related to illegible handwriting to ensuring that the data collected is complete. But there are many important considerations that must accompany the decision to switch to an EHR system. At the Keeping Mobile Data Safe: Privacy & Security Issues in Global mHealth session during the Global mHealth Forum in Washington, D.C. on November 10th, the panelists did an excellent job at addressing security concerns.
Current State of Privacy Protections
Sonja Myhre, of the Norwegian Institute of Public Health, spoke of the findings from the large international survey that investigated the current state of EHRs in countries around the world. This study found that 90% of countries include some level of privacy and data security protection over their current health registry, while physical protections (such as locked file cabinets) are commonly the only safeguard in place for paper health record systems. Countries that have already implemented electronic registries have a wide range of administrative and technical safeguards in place, but there was little consensus regarding the standards for these security protections. In order to solve this need, the eRegistries Governance Guidance Toolkit was created to serve as a resource to policymakers during the planning stages of the transition to an EHR. The Toolkit provides practical guidance on topics such as Legal Framework and the components that can be included within the registry from a general perspective, and the Institute offers to coordinate with organizations and governments to customize the guidelines to a specific country. For more information, please visit eRegistries.org.
Measuring Identity: Biometrics
So what type of safeguard can we put into place in order to keep each patient’s health data confidential? Toby Norman, CEO of SimPrints, discussed the potential for biometric solutions to this very question. Using a biometric, such as a fingerprint, can restrict which health practitioners have access to confidential patient data, and when. Biometric safeguards have the potential to impact a great range of issues within the health system, from security and fraud, to ensuring patient adherence and verifying patient identity. “Nearly all biometric technology on the market today is designed for the western market,” Mr. Norman asserted. Currently available devices are not rugged, not extremely mobile, and often inaccessible to users in resource-poor settings because of high costs or other barriers. SimPrints has set out to build a software for global health settings. This innovative company is pursuing appropriate technologies from many biometrics, from fingerprints to facial recognition to footprint recognition to iris scanning.
Unique Identifiers Able to Safeguard Confidentiality
Michael Frost, Senior Advisor at the Norwegian Institute of Public Health, discussed the importance of having a unique identifier for each patient, especially in conflict settings, where it is exceedingly unlikely that all members of a population have access to their health records or government-issued identification information. But how should this information be protected? “Most countries are still grappling with that question,” Frost admitted. But important first steps are separating the data into distinct databases, so that the biometric and the patient data are stored in the same place, and setting protocol and patient expectations such as the types of contact a patient can expect from the EHR, to safeguard against phishing attacks. Dr. Frost recommended that the community be allowed to determine which to prioritize, and what the proper balance is between privacy and access to one’s own health data.
Must We Sacrifice Access for Confidentiality?
All three panelists agreed that the right electronic health registry can provide excellent access to health data without compromising the confidentiality that each patient deserves. Incorporating the unique identifier into an EHR is straightforward, confirmed Dr. Frost. “It’s a totally solvable problem.”