Healthcare Management
they will be responsible.
Access restrictions, by blocking the flow of information, can increase the risk of harm to patients; and sicker the patient, greater the risk. Patients who are gravely ill or injured are often rapidly moved to higher levels of care, and need the attention of clinicians now who had no prior relationship with the patient. With patients who are not gravely ill will still have their care negatively impacted by access restrictions – through delays, errors and poorer quality medical analysis and decisions.
If restrictions are not accessed, then what should be done to protect privacy? The answer lies within the mind of the EHR users. Since they know when their intended access to IIHI is illegitimate, they can be deterred from acting on such impulses through mechanisms that increase the likelihood that they will be caught and held accountable. In most cases people tempted to snoop on the IIHI of others have a functioning conscience, and are otherwise good, skilled individuals, important to the organization. They get into trouble by constructing a rationalization to explain to themselves why it is ok to snoop: “Cathy isn’t looking well, I wonder if there is anything I can do to help?” In some cases, however, the perpetrator is acting maliciously, and knows exactly what they are doing. In either case, fear of getting caught will deter the snooping.
Managing accountability is done through a combination of forensic post hoc audit data mining (known as “system activity review” in the HIPAA Security Rule) – to find and to hold privacy violators accountable – and selective use of “Break the Glass” privacy alerts – to deter snooping on high risk privacy targets.
EHRs, unlike paper records, retain records of all information accesses, but such audit databases can quickly grow to vast size, with the number of entries representing privacy breaches tiny in comparison. The secret to finding those “needles” in the proverbial haystack is to focus on likely privacy risks. Fundamentally, the only people at risk of having their IIHI inappropriately accessed are those who are known to system users, either through direct acquaintance, or celebrity or notoriety.
The first step in data mining, therefore, is to identify those who have accessed the records of family members, neighbors, coworkers, organizational and community leaders, celebrities and people in the news. Many such accesses will be legitimate, and so will clutter reports with false positives that will waste the time of – and demoralize – investigators and investigated alike. Therefore, the next step is to filter out low risk user- patient pairings, such as when the user is the Primary Care Provider, or has an upcoming appointment or recent encounter with the patient, or is a member of the hospital treatment team. The goal is forensic audit reports with low
Dr. Eric Liederman serves as Director of Medical Informatics for Kaiser Permanente’s Northern California region. Dr. Liederman has published many topics, and speaks on them internationally on topics including knowledge management, patient e-connectivity, collaboration with IT, and privacy and security. Dr. Liederman previously served as Medical Director of Clinical Information Systems at the University of California Davis Health System. He received his Bachelor’s degree from Dartmouth College, his MD from Tufts University, and his MPH from the University of Massachusetts, Amherst.
www.hhmglobal.com
15
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56