Information security and data protection for the e-patient dossier
What measures does the law prescribe with regard to the information security of the patient file? Where are the stumbling blocks? What practical experience already exists? Information security and data protection are sticking points in the introduction of digital data traffic in healthcare. Added to this is the increasing cost pressure to which healthcare providers are exposed. Mediation skills between politics, technology, healthcare and medicine are becoming more important than ever.
In June 2015, the Federal Electronic Patient Dossier Act (EPDG) was passed by both federal chambers of parliament, and it is scheduled to come into force in 2017. Since then, there has been a certain amount of uncertainty about what the service providers have to do in terms of preparation. There is much to read about the operational and financial challenges. What remains somewhat in the background, however, is the question of data security and data protection; in some cases, one gets the impression that these issues are being deliberately ignored.
What does it depend on?
Imagine that the prescribed medication was changed by mistake or intentionally: This can have fatal consequences! If data is not available in an emergency, it is not possible to treat the patient appropriately, which would also be fatal. Finally, the authenticity of the data is important: Who recorded, mutated, deleted, etc. the data? This is important for traceability and possible sanctions. Recently, there have been more cases of ransomware after infection by "ransomware", also in the hospital sector. Hospitals can be blackmailed or suffer direct damage - it is important to defend against this!
What does it take?
The Lucerne University of Applied Sciences and Arts is currently conducting a study at Schwyz Hospital to identify possible deficits and risks and recommend measures to mitigate them. Initial results show that smaller hospitals in particular do not have the resources as large center hospitals to plan migration in isolation. They are dependent on external service providers for this. As a university, we are supporting this with studies and expert opinions in order to contribute to quality.
However, we would also like to offer our contribution to the training of affected healthcare providers. We know how difficult it is for people from the healthcare sector to deal with this new, foreign and complex matter. In a one-day conference on Tuesday, June 14, 2016 at the Zentrum Dorfmatt Rotkreuz ZG, experts from the Federal Office of Public Health, hospitals, academia and practitioners will provide assistance to face the upcoming challenges. The main goal of the Information Security in Health Conference is therefore to enable users, providers, patients and decision-makers to talk to each other in a more meaningful way. Only in this way will a practical implementation of the legal requirements be possible. For more information, visit: www.hslu.ch/infosec-health.
Dr. rer. nat. Peter E. Fischer, Head of Competence Center Information Security, Lucerne University of Applied Sciences and Arts - Computer Science
