EHR Privacy: Tackling the ConcernsResearchers seek best practices for security
Healthcare organizations could make better use of EHRs and other information technologies if they could "defeat some of the barriers" to progress, especially concerns about privacy and security, says Carl Gunter, a professor of computer science at the University of Illinois at Urbana-Champaign. The university's Information Trust Institute is heading up the project, which also involves 11 other organizations.
Within two years, the 20 researchers participating in the study expect to publish a series of papers on strategies for improving privacy and security of healthcare information, with a focus on EHRs, health information exchanges and telemedicine. Over the four-year life of the project, Gunter says, researchers will propose "more substantial changes in the way things are done."
The research project is one of four that received funding from the Department of Health and Human Services' Office of the National Coordinator for Health Information Technology. The $60 million for the Strategic Health IT Advanced Research Projects, or SHARP, program came from the HITECH Act, a section of the American Recovery and Reinvestment Act.
Among the issues that the researchers will investigate, Gunter says, are how to:
- Protect EHRs with encryption and other security technologies;
- Make IT outsourcing arrangements more secure;
- Address the "tricky business" of ensuring information transmitted among many participants in emerging health information exchanges remains private; and
- Ensure telemedicine applications, such as implantable medical devices and in-home monitoring systems, adequately address security risks.
In the meantime, Gunter advises healthcare organizations to continually refine their risk management strategies because security technologies are rapidly evolving.
"I would urge as a top priority to think of the security and privacy of the organization as a process that you build incrementally over time," he says. "It's not going to be, in many cases, cost-effective to think that you are going to figure out everything that needs to be done, and do it, and then it's over."
University of Illinois' partners in the project are:
- University of California at Berkeley,
- Carnegie Mellon University,
- Dartmouth College,
- Harvard Medical School,
- Johns Hopkins University,
- New York University,
- Northwestern Memorial Hospital,
- Stanford University,
- University of Massachusetts Amherst,
- University of Washington, and
- Vanderbilt University.
Updates on the Strategic Healthcare IT Advanced Research Projects on Security, or SHARPS, project will be available at sharps.org.