Privacy, Security Obstacles to Health Data Exchange Persist
Report Identifies Challenges; ONC’s DeSalvo Offers Progress Report
Some security and privacy experts say that beyond the efforts of the federal government, the private sector must also take steps to overcome challenges related to EHR interoperability and secure health data exchange. “Healthcare organizations need to push harder for vendors to work toward better interoperability standards,” says Keith Fricke, principal consultant at the consulting firm tw-Security.
In the meantime, healthcare entities must pay attention to the risks that arise when attempting EHR data interoperability, he says. “Healthcare organizations will need to add a new dimension to their HIPAA risk assessment process and program – evaluating the risks of integrating with interoperable EHR networks and being prepared to provide attestation and proof that by becoming a part of the interoperable network, they are not creating significant risk to the other organizations already connected,” he says.
Of the obstacles to interoperability highlighted in the GAO report, accurately matching patients’ health records to achieve data integrity “is the primary reason interoperability is so challenging,” says security expert Tom Walsh, founder of tw-Security.
“The only thing worse than no information on a patient is wrong information on a patient,” he says. Not only does that cause data integrity issues, but it also creates patient safety and privacy concerns. “If a physician or a clinician cannot trust the data they are receiving, it doesn’t matter how smoothly the data moves between diverse systems and entities,” he says.