Securing Access to PII and EHR in a Digitized Health Care Environment

Axiomatics   ·   Thursday, February 4th, 2016

Patient enablement / self-service

With respect to health care, a McKinsey report from late 2014 explains that health care IT is evolving at the same speed as other industries, and this will be no different in the future. McKinsey considers that more than 75% of all patients [will] expect to use digital services in the future. [2] It’s no surprise that one of the main challenges for the health care industry will be patient enablement / self-service.

A recent study commissioned by a personal clinical engagement platform vendor confirms this trend: 74% of Americans believe that having access to all of their clinical notes and medical records would help improve communication with their health care provider, and would help them to understand more about their own health. Sixty percent of respondents were not sure if they had access to all of their medical records. [3]

An integrated e-health care ecosystem

Health care providers will be expected to collaborate with partners, competitors, and other actors in the health care ecosystem both to deliver added value for the patient, and also to streamline operations. Expect hospitals to share medical information with insurance providers, government agencies, and other stakeholders in the industry.

To keep costs down many health care services have been outsourced, potentially outside the US to other countries where labor is cheaper. These include services such as radiology and interpreting X-RAY scans. Can we trust these third parties with our most prized information?

Automated, digitized processes

For medical professionals, the fact information is digitized will simplify daily tasks such as note taking, filing, reporting and running diagnostics. The move to a secure digital world has the potential to avoid manual mistakes that have long plagued the industry. Consider a simple error, such as Patient A receiving a prescription or letter for Patient B. [4]

“Patient A received a Medline Industries medical supply and paperwork intended for Patient B. Patient B received a Medline Industries medical supply and paperwork intended for Patient A. Patient A and Patient B’s name and type of medical supply was compromised.”

Digitizing health care and applying the right access controls will reduce these types of errors.

Addressing the access control challenges

The challenge then becomes: “How do we make data easily digitized,  and accessible by only the right parties?” Some examples: What about privacy? What if your insurance company used your private medical data to charge you a premium? What if your employer knew too much about you? What if advertisers used your medical data to tailor commercials for you? Having data digitized and easily accessible holds many promises so long as only the relevant individuals and organizations get access to the right data under the right circumstances.

This is where we need the right security controls in place, and here you can see how Axiomatics is designing solutions fit for the new e-health care revolution. With a policy-driven engine at its core, Axiomatics can control precisely who gets access to your data, handling complex scenarios such as:

• Patient consent: make sure you can give your consent to others so they may use your data.

• Power of attorney: get access to medical records of those you care for.

• Data anonymization: define policies that will remove PHI (Personal Health Information) and PII (Personally Identifiable Information) from your records so they can be used for medical research or statistical purposes or for outsourced services.

• Seamless patient experience: enable a connected end-to-end scenario where your physician shares the right information with your other care providers, pharmacy, and insurance provider to deliver better value to you.

With a comprehensive solution entirely focused on data access control – be it EHR (Electronic Health Records) or other types – Axiomatics can help you make the most of digitization in health care to serve your patients better, streamline your processes, and keep costs low, all while keeping your patients’ data secure.

Click here to read more about securing PII and EHR.

[1] http://ec.europa.eu/growth/sectors/digital-economy/importance/index_en.htm
[2] http://www.mckinsey.com/insights/health_systems_and_services/healthcares_digital_future
[3] http://www.hipaajournal.com/online-medical-record-access-not-possible-majority-patients-8244/
[4] http://www.va.gov/ABOUT_VA/docs/monthly_rfc_nov2015.pdf