Thursday, January 01, 2009
Security and HI
One of the things to really consider is security when you are talking about HI. Most HI systems are closed to the outside except through well-defined portals. Even web interfaces are tightly monitored and watched.
We need to consider how the information we are safeguarding can be accessed and used by other caregivers who may need the information for the patient. If one of your patients is traveling and suffers a moderate to severe medical problem, it would be of tremendous benefit if the treating caregiver had access to historical data. The patient may not remember, or be able to relate, everything that is of importance. The caregiver may not have "trusted" status on your system, and precious time would be lost in gaining that access. So how do we handle a situation like this? Some countries have changed ownership of the information giving the patient full access to their own medical information. The patient, or their proxy if they are incapacitated, may then grant access to whichever caregiver they choose. Where we still maintain control of medical information we see this as a major security breach; and perhaps it could be. Something has to be done to ensure the patient receives the best quality care, and that means the caregiver needs access to the best quality information.
The Internet Engineering Task Force (http://www.ietf.org) currently has a group working on a protocol for Network Endpoint Assessment (nea). This would allow each network to "touch" other networks and through successful negotiation ensure that both networks have the requisite patches and security in place. Once the negotiation is successful, a one-time "trusted" status would be installed for both networks and they would be able to successfully provide information to the other. This could be in a "read only" format, or in whatever format was considered appropriate. I would surmise that a primary caregiver would want to know when a patient was treated somewhere else, and know what was diagnosed and how it was treated. This would require a "read/write" access between networks. Once the connection is terminated, the "trusted" status is dropped and any further access between the two networks must be re-negotiated.
I would encourage the medical community to get behind this protocol as the next step forward in the world of HI. Having the ability to access information around the globe is necessary in a modern culture that is global, and highly mobile, in nature.
We need to consider how the information we are safeguarding can be accessed and used by other caregivers who may need the information for the patient. If one of your patients is traveling and suffers a moderate to severe medical problem, it would be of tremendous benefit if the treating caregiver had access to historical data. The patient may not remember, or be able to relate, everything that is of importance. The caregiver may not have "trusted" status on your system, and precious time would be lost in gaining that access. So how do we handle a situation like this? Some countries have changed ownership of the information giving the patient full access to their own medical information. The patient, or their proxy if they are incapacitated, may then grant access to whichever caregiver they choose. Where we still maintain control of medical information we see this as a major security breach; and perhaps it could be. Something has to be done to ensure the patient receives the best quality care, and that means the caregiver needs access to the best quality information.
The Internet Engineering Task Force (http://www.ietf.org) currently has a group working on a protocol for Network Endpoint Assessment (nea). This would allow each network to "touch" other networks and through successful negotiation ensure that both networks have the requisite patches and security in place. Once the negotiation is successful, a one-time "trusted" status would be installed for both networks and they would be able to successfully provide information to the other. This could be in a "read only" format, or in whatever format was considered appropriate. I would surmise that a primary caregiver would want to know when a patient was treated somewhere else, and know what was diagnosed and how it was treated. This would require a "read/write" access between networks. Once the connection is terminated, the "trusted" status is dropped and any further access between the two networks must be re-negotiated.
I would encourage the medical community to get behind this protocol as the next step forward in the world of HI. Having the ability to access information around the globe is necessary in a modern culture that is global, and highly mobile, in nature.
