Data Security and the Personal Health Record (PHR)

Cleveland Clinic is opening up the patient file, as in the entire patient file, to their patients. I’d like to have been a fly on the wall listening to the arguments in favor and against. Current wisdom seems to be “more information is better”. But I wonder.

This decision doesn’t affect just one patient but all patients of every shape, size, and ability to digest the information. This policy would have helped me a couple years ago when I decided to see a nutritionist whose practice was outside my provider’s network. She and I were able to get the specific information we needed but it took a little effort. At Cleveland Clinic this will be a snap.

What haunts me comes from the reality of the world we all live in (and especially Extract Systems). I am talking about data security. Over the course of decades, laws have been passed to protect the public from themselves and from thieves and from corporations that have motives that are not in the individual patient’s best interest. Easier access to the patient file means there is less control of the sensitive information in the file. The possibility that Cleveland Clinic patient records will be used inappropriately has gone up. How much? Don’t know. But I think it is undeniable.

In medical research circles, there is a well-known inverse correlation between de-identification and the usefulness of the file for research. There is strict regulation of patient information and for good reason. The key is that the patient has the right to decide who they tell about their medical conditions. If one has HIV, they may not want a prospective employer to know.

Maybe that’s how Cleveland Clinic decided to think about the release of this information. Release of Information (ROI) is an expensive and time consuming and thankless task in healthcare. The only time we hear about this job function is when sensitive information has been inadvertently released. I am sure the goal is improved healthcare but maybe the end game includes turning the responsibility for release of information into a self-serve workflow.

If you're concerned about the security of patient information, your own or your organiation's, ask questions about who has permission to see it, how personal data within that patient information is secured in motion and at rest, and talk to an expert.

about the authour: David Rasmussen

With 30 years' experience leading software companies, David is driven by the challenge to consistently find groundbreaking ways to solve customer problems and he finds it rewarding to hit the customer's target and create a great team, build a solid infrastructure, and emerge with a strong value proposition.