• Home
• About Gemalto
  • Our Company
  • Corporate Governance
  • Sustainability
  • Investors
  • Partners
  • Office Locations
• Products & Solutions
  • Telecommunications
  • Financial Services & Retail
  • Enterprise
  • Government
  • Transport
  • Training
  • Buy On-Line
• Contact Us
  • Office Locations
  • Jobs/Careers
  • Tech Support
  • Sales/Other
• Media Center
  • Media Contacts
  • Feature articles

Focus

Taking care of patients’ data

In a world where you can Twitter instantly with friends on another continent, watch their antics on YouTube and even speak to them online without using a phone, it seems bizarre that the local hospital may still be keeping your sensitive medical information in a filing cabinet. This situation is starting to change, however, as healthcare providers around the world introduce increasingly sophisticated IT systems to store and share patient data.

"There will be an enormous move to electronic systems in the next few years" says Bonnie Michelman, President of the US-based International Association for Healthcare Security and Safety (IAHSS). "The accuracy, efficiency and convenience that they bring all have a huge impact."

Each country’s requirements are different, but every e-healthcare project features one or both of these two elements:

• Secure electronic storage of patient data in a format that can be accessed and updated as necessary by healthcare professionals
• The distribution to patients of smart cards that can be used for storing medical information (such as blood group, allergies and treatment history), verifying their identity, carrying prescriptions and making health insurance claims.

The benefits

Either of these elements can be implemented in isolation, but it’s the integration of secure data storage with its safe transportation that brings the greatest benefits in terms of security, efficiency and cost-effectiveness.

For example, a fully integrated e-healthcare system makes it possible for a doctor to upload a prescription onto a national database and the patient’s personal smart card at the same time. The patient then takes the smart card to a drugstore, where the pharmacist can insert it into a reader to confirm the details of the prescription. Meanwhile, those details are now on the database so that other medical professionals can view them as necessary.

Enabling electronic patient data to be shared and updated by clinicians involved in different phases of a patient’s healthcare process is a key benefit of e-healthcare. It helps to eliminate the possibility of clinical or administrative errors such as those that led to the 2001 Lipobay scandal in Germany. Lipobay was a drug that was used to lower cholesterol and prevent cardiovascular disease, but a number of patients died because of the effects of combining Lipobay with other medicines.

This was able to happen because data was not exchanged between the various doctors treating each patient; electronic storage of patient records allows doctors to cross-check the medicines used to treat each individual.

The challenges

There are two key challenges facing the administrators of e-healthcare projects - and the first has nothing to do with technology and  everything to do with the people who use it.

The problem is that the weakest link in any security chain is staff behavior. Marjan Suselj, director of the HIC System Sector at the Health Insurance Institute of Slovenia, explains: "It’s important to ensure the highest level of data privacy, which needs to be incorporated not just into a new IT infrastructure, but also into new ways of working.

"It’s not just about technology issues - it’s about changing organizational processes. This requires staff training and ensuring that the necessary documentation is there. It’s a big change management project.”
So it is vital for hospitals and other healthcare providers to develop carefully thought-out security procedures backed up by clear, written user policies in order to ensure that each member of the organization is aware of their duties and responsibilities as they relate to security.
"It’s critical" Michelman confirms. "Hospitals need to mandate that their employees and physicians manage their information. That information might reside on anything from laptops to hard drives that are moved around, so there is potentially a huge risk of ID theft and breaches of medical data."

The risk of identity theft is the second key challenge for e-healthcare administrators. The downside of automation is that opening up sensitive personal data to greater numbers of people can increase the risk of it being viewed by unauthorized parties.

Dave Marcus, Director of Security Research and Communications at McAfee’s Avert Labs unit, says that the healthcare sector’s move into electronic transactions is currrently being matched by the criminal underworld’s development of measures to steal private information - including identity data - that can be used for profit.

The task of safeguarding such data is thus an ongoing process. "That’s just the nature of computer security - it’s dynamic and prone to a state of flux" says Paul Judd, Regional Director for the UK and Ireland at Fortinet, a unified threat management vendor. "I can’t tell you what we’ll need to add next, but I know it’s going to come, and fast."

So ultimately, the key challenge for healthcare organizations lies in striking a balance between making a system easy to use and ensuring that watertight security controls are in place.

"Electronic storage of patient records allows doctors to cross-check the medicines used to treat each individual"