Health care is changing as well as the tools used to better coordinate the care of patients like you and me. During your last visit to the doctor, you will have noticed that your doctor writing notes on the computer or laptop to the electronic medical record (EHR). With EHR there is an opportunity for patients to obtain improved coordinated care from providers and easier access to their medical information. It is a way to make every person better informed and more involved assistance in which the health care IT has incurred. However, for many of us, EHRs also have questions and concerns about the privacy and security of our medical information. Who can access information about my EHR? How can I view the information in my records and verify that it is correct? Are my records protected from loss, theft and robbery? What do I do if I think my information has been compromised?
Cybercriminals use all available resources to launch attacks, one of which was available to the public so far until the recent development. Google has just reviewed their personal information policies, especially for the health sector, as a result has removed private medical records from its database.
If information stored in the EHR were to get leaked, it can be both emotionally and economically dangerous. For example, hackers who seize the opportunity of the ransomware to extort the hospitals, can access private medical data and maintain them for the illegal returns. Regardless of whether the redemption is paid or not, they can still make it available on the Internet and Google search engine will pick it up.
Traditionally, Google has discontinued its search policy on search results and rely on their own algorithm to get the job done. In the past, this policy has been extensively studied for the production of false news and other forms of false information. That all changed when Google search results were verified and private medical information was deleted.
Before providing potentially sensitive information on search results, Google now estimates the level of sensitivity, and therefore uses this series of questions:
- Whether the government’s ID number was issued?
- Is it confidential, or is the information publicly available?
- Can it be used for common financial transactions?
- Can one use it to get more information about a person, which can lead to financial damage or identity theft?
- Whether it is nude photos of personal identification or video without owners consent?
Ensuring private data is of paramount importance for the success of improved healthcare IT in all medical facilities. Either on the spot or on the Internet, if the data falls into the wrong hands, it can cause a financial collapse and reputation.
To protect the information stored in the EHR, some Safety Rules require that health care providers have established physical, administrative and technical security measures to protect their electronic health information. Some safety measures, which can be incorporated into the EHR system include:
“Access control”, such as passwords and PIN codes to limit access to your information;
“Encrypted” your saved information. This means that your health information cannot be read or understood, except what people can “decrypt”, using a special “key”, accessible only to authorized persons;
“Audit Trail”, which recorded that applied to your information, what changes were made and when.