Secure EHR

"No one disagrees on the benefits of an electronic health record, just who should pay for the process of conversion," wrote one M.D. who read my column on EHR two weeks ago. "Most hospitals don't have the funds to support a massive conversion to all-EHR. So it's easy to have Mr. Hayes suggest a mandate. I'd just like to know, who will fund it?"

Hold that thought. Here's another reader: "There is another issue that I think holds things back, and that is worries about privacy. Anything on paper is, by definition, more private than anything in digital form, especially when most doctors use Microsoft products."

Now let's talk about Kaiser Permanente . Somehow, live data on 140 patients of the big HMO was posted to an internal development Web site, which became visible on the Internet.

An ex-employee says she was doing a Web search and found the patient data through a Google result. She filed a federal complaint that Kaiser had violated the Health Insurance Portability and Accountability Act and linked to the data in her weblog.

Now Kaiser is contacting the affected patients and seeking a restraining order against the ex-employee. The U.S. Office of Civil Rights, which enforces HIPAA, is looking into the mess. And suddenly, mandating electronic patient information doesn't sound like it's such a great idea, does it?

Maybe not. Or, just maybe, the right mandate might be a better idea than ever.

Let's be realistic: Electronic information can leak. It happened in recent months to LexisNexis (data stolen on 32,000 people) and ChoicePoint (info on 145,000 people fraudulently purchased). Bank of America shipped backup tapes containing the credit card records of 1.2 million federal employees, including 60 U.S. senators, on commercial airlines in December -- and they went missing, too.

Kaiser, which historically has been close to fanatical about patient privacy for its 8 million-plus members, hasn't been immune. In 2000, an IT staffer used a one-time script to clear an e-mail backlog. Result: Confidential information on 858 patients was sent to 17 other patients who weren't supposed to get that information.

Yes, electronic information can leak more easily than information on paper. And that's most likely to happen with one-off scripts or unauthorized demonstrations or lashed-together data pipes. When security and privacy are designed into a system and procedures are rigorously followed -- and enforced by the system -- leakage is a lot less likely.

How do you maximize security and privacy for, say, electronic health records? You design it in from the start in a standard way. You mandate encryption (and what kind), you specify authentication (and how it works), you nail down access control (and all the details). In short, you force an EHR standard.

That will take a mandate, whether from Medicare or HIPAA or some other 800-pound gorilla that can force the health care industry to comply. Without it, there will be no privacy-oriented EHR standard, and we'll end up with a thousand kinds of EHR, all lashed together with leaky pipes. Doing it right will require a lot less variety -- and a lot more money.

And yes, to answer the doctor whose question kicked off this column, we already know who will pay for it. We all will, whether as patients or insurance buyers or taxpayers. Exactly how is up in the air. Incentives? Taxes? Higher medical bills? Free software? We don't know. But we know this: In the end, the money always comes from customers -- from us.

And as long as we're paying for EHR, let's make sure we get a system with security and privacy built in from the ground up.

Frank Hayes, Computerworld's senior IT columnist, has covered IT for more than 20 years. Contact him at

Copyright © 2005 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon