High-tech security solutions coming soon

In the not-too-distant future, your information systems will need to have a more high-tech approach to guarding information.

Many electronic "locks and keys" have been designed in theory but are not available yet. Those that are available will evolve rapidly, according to the National Research Council, which performed a study of the need for confidentiality in health care information at the behest of the Institute of Medicine.1

Here are some of the safeguards your systems will need to have, although not all of them are on the market yet, according to the council’s recently published report:

More complex log-on mechanisms. You’ll need more sophisticated log-on, or authentication, methods in the future. Some of these methods are likely to include single-session log-on codes, encrypted protocols, or "swipe cards" that contain a magnetic strip to allow a user access to a system.

Access validation. Be on the lookout for the development of software tools that will ensure that the information made available to users complies with their access privileges. Such tools, now in development stages, will scan the contents of a medical record to detect and mask particular pieces of information that a user is not allowed to see.

Expanded audit trails. You already should have some audit trail capability. By the year 2001, all health care organizations should be able to maintain logs of all internal accesses to clinical information. In the long term, health care groups should increase their demands of vendors so audit trails will be built allowing inter-organizational audit trails. Ultimately, audit trails should allow patient-identifiable information to be traced as it passes through the entire health complex.


1. For the Record: Protecting Electronic Health Information. Washington, DC: National Research Council; 1997.