Security a top concern for cyberspace systems
Security a top concern for cyberspace systems
If anyone is going to break into Lisa Paige’s medical records, they’ll have to charge through a strong firewall to do it.
Paige, RRA, is director of medical information services at Miami Valley Hospital in Dayton, OH, which is one of seven hospitals, 1,000 physicians, and an insurance company that belong to the Dayton Community Health Information Network (CHIN).
That’s right an insurance company!
"As a medical records professional, I have an intense fear of insurance companies accessing [patient record] information," Paige admits. "Of course, they say they would never do that. It’s part of my job to make sure they don’t."
Miami Valley solved this problem by creating, in effect, a one-way electronic link. The hospital can access databases at insurance companies, but the insurers cannot get into the hospital’s.
"We have a good firewall," she says. "I’ve seen the diagrams, and they’ve convinced me it works. We’ve even tried to break through it and can’t do it."
The trick, as Paige sees it, is to put up firewalls while still providing easy access to those who truly need the information. "The whole idea behind a network like this is to get access to information quickly," she says. "You don’t want to defeat the purpose by making people go through a whole bunch of rigamarole just to get access to information they need."
Paige says security was a key issue from the start of the systems design. This includes a built-in audit trail system that tracks everyone who accesses patient records. Every month an information manager performs an audit to see who accessed what information.
"The way we work it now, if Lisa Paige’s record is accessed in the emergency department and I was a patient in the emergency department within 24 hours of that access, we’re not really looking at those. We’d probably think they had a reason to know about my record because I was in the ED. But if I didn’t have a recent ED visit, we’d know to go in and look at that."
The names of patients and physicians are also checked to see, for instance, if a hospital employee accessed the record of a relative with the same last name. Random checks also are conducted to verify that the information accessed was appropriate.
Paige credits advance planning for the positive public reaction to the new system. "We were so careful with the confidentiality issue and built in so many safeguards upfront that we haven’t had the perception problems that others have had." She also notes that the health information officers at all seven hospitals were involved in those safeguards.
Also, patients who arrive in one of the seven participating emergency departments sign a consent form that allows the clinical staff to access their records in the other hospitals.
The Wisconsin Health Information Network (WHIN) in Brookfield also emphasizes upfront precautions. It links 14 hospitals, 1,100 physicians, seven insurance companies, eight clinics, four home health agencies, four private billing services, and three ambulance services.
In this system, the individual providers can have their own security precautions, but the WHIN itself has several layers of security on top of that, says Michael Jordan, president and general manager. "We have a fairly extensive enrollment procedure that requires written authorization from the information provider for anyone to access sensitive information," Jordan says. Regular audits of access records also are routine there.
Currently, Blue Cross/Blue Shield (BC/BS) is the only insurance company wired into the Dayton network. The major use is to check insurance eligibility which is done with a few keystrokes rather than lengthy telephone calls and to submit claims, which avoids paper shuffling.
But the success of this pilot project between providers and BC/BS has attracted the attention of other insurers in the area, says Joseph Krella, president of the Greater Dayton Area Hospital Association, which oversees the CHIN.
"Now that we have the infrastructure in place and have demonstrated that it is working successfully, I think that other payers will come on board," Krella predicts. "Our plan is to expand it to Medicaid and Medicare and other significant payers in the region. It’s a savings for them just as much as it is for us."
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.