21st November 2019 by Asimina Pantazi
The rapid evolution of commercially available technology has changed the way we do almost everything in our lives. In healthcare, patients can have access to electronic health records (EHRs) where health records and clinical information are available. Through the portals, patients can not only schedule a new appointment or order their medication, but also view their histology examination results and read their doctor’s notes. However, is this system secure? Advancements like this should be controlled by certain regulations, in order to allow patients enjoy the benefits without the risk of harm. More specifically, providers of HER technologies should:
Implement integrated security features - such as user authentication, role-based authorisation etc.
Carry out comprehensive security assessment – This is required under the HIPAA. This assessment includes risk evaluation, especially the one posed by unauthorised access to data.
Implement user authentication – This is important in order to ensure the data are secure. It is not uncommon in patient portals that after displaying one patient’s record, another patient’s record could be shown by simply editing the URL in the browser.
Establish an incident response plan – In the unpleasant situation of a breach, identifying the root cause can be difficult and time-consuming. Having an incident response plan in place will enable knowing the exact time of the breach and the cause of it. Was it a “breach” due to malicious outsiders or due to inside individuals? This knowledge would allow the organisation respond quickly and take action in order to prevent future breaches.
Patient portals provide an opportunity for healthcare providers to offer patients more customised experiences and enable them manage their own care. If providers can secure PHI and provide the confidence and trust by meeting the requirements listed here, patient portals could become a powerful tool for healthcare transformation.