E-patient dossier and its risks
The Information Security in Health Conference at the Lucerne University of Applied Sciences and Arts will address information security and data protection in the electronic patient dossier on June 14, 2016.
With regard to the digital dangers from outside, but also from the experienced users themselves, aspects must be taken into account in the health and social services sector that are less in focus in other sectors: We are talking about sensitive patient and client data, which must always be kept secret - even in the outpatient sector.
Unlike re-settable credit card numbers, patient data provides "key data" for healthcare spies over a lifetime, if not generations.
Electronic patient dossier
Naturally, electronic patient data in the form of a dossier is considered "particularly worthy of protection" by legislators. As of December 2016, patient records for doctors and for patients will be standardized throughout Switzerland with the Electronic Patient Dossier Act (EPDG), actually only a framework law.
Some advantages: The patient knows about any inquiries or additions made by a physician. In case of emergencies, insights of specialists are registered. The patient could also encode the reports himself, add further data e.g. about allergies or view doctor's prescriptions). Verification bodies will certify and control the decentralized data communities.
Two major disadvantages: Personal explanatory discussions with the doctor become obsolete. - The encryption is ultimately up to Mr. and Mrs. Swiss.
The greater challenge, if one thinks of the current hospital-internal recording systems or other private measuring devices and notes: the control and distribution of patient data have not yet been consistently regulated.
Territory: Medical secrecy
In addition to all the technical and organizational aspects, there is one particularly important element to consider in healthcare: medical confidentiality. On the one hand, it takes on a new dimension in the age of the digital revolution; on the other, doctors and their deputies could be duped on a grand scale by cyber spies during outpatient dossier comparisons.
Digital technology knows no professional secrecy and also does not distinguish which bit or byte is not expedient or worthy of protection (see DSG Data Protection Act), sensitive or common? This task still falls to the physicians, or users, and begins with the practice computer. Who is responsible for the patient data stored on it? Who manages the backup or an external e-health cloud?
In the practice of the future, there may only be tabloids. These could be infected by cryptoviruses via apps. The consequence: instead of actually encrypting patient data from A to Z, cybercriminals could copy and manipulate individual processes - and log in to even more devices in a facility.
Who now assumes liability for which treatment process if something were to suddenly go wrong? The damage situation would be devastating in any case.
For physicians and users, one thing is clear: electronic media significantly promote the exchange of health data and image files. In addition to these advantages, however, there is also an acceleration of delicate clarifications and diagnoses. If, for example, these were to be delayed by simple timer viruses, medical professional secrecy would be at stake.
Privacy and security?
After all, it is not only doctors, residents, dentists, pharmacists, midwives, chiropractors or psychologists who are subject to greater responsibility in terms of "data security" and "confidentiality", but also patients and billers. Here lies the real crux when it comes to official data protection and one's own data security.
Text: Michael Merz (galledia verlag ag)
