Sign In | Create an Account | Welcome, . My Account | Logout | Subscribe | Submit News | Affiliated Sites | Home RSS

How safe are your medical records?

California incident highlights need for hospital security

September 20, 2011
By KURT HAUGLIE , Houghton Daily Mining Gazette

LAURIUM - An incident in California last year points out the importance of protecting electronic medical records, and local hospitals said they're taking steps to ensure the safety of their EMR.

On Sept. 9, 2010, in Palo Alto, Calif., the records of 20,000 emergency room patients of Stanford Hospital ended up on a website and were there for almost a year before they were discovered and removed. It's uncertain how the information got on the website as a spreadsheet attachment for another item from one of the hospital's vendors.

Mark Bresky, director of information technology at Aspirus Keweenaw Hospital in Laurium, said the incident in California may have happened because someone along the chain of possession wasn't paying close enough attention to what was being done with the medical records.

"There's no excuse for that," he said.

Most security breaches involving electronic information are caused by someone improperly using a particular system.

"There's no common sense," he said.

Bresky said he's been in his position since 2000, and in that time, there hasn't been any serious problems with security of EMR or other information.

"We've never had a breach or virus," he said.

The best way to prevent an incident such as what happened in California is to train employees well in the use of electronic information, Bresky said.

"Hospitals are connected to a lot of stuff," he said.

He also watches out on a regular basis for viruses making their way through the Internet and for unauthorized attempts at access, Bresky said.

"We'll let our employees know (if there are problems)," he said.

Bresky said the chances an unauthorized export of Aspirus Keweenaw Hospital information is reduced by the fact their system is a closed system.

"Everything is contained," he said.

Bresky said Aspirus Keweenaw recently had a wireless Internet system installed in the building, but the EMR and other internal hospital systems can't be accessed using the wireless.

The hospital's computer network is monitored constantly, Bresky said.

"We watch it like a hawk," he said.

Betty MacInnes, vice president of quality management at Portage Health in Hancock, said the hospital system implemented EMR initially in its individual doctors' offices in autumn 2010. Now, about 75 percent of the hospital is set up for EMR.

MacInnes said she read about the situation in California and it surprised her.

"I was absolutely appalled by it," she said.

One of the priorities Portage Health had before getting an EMR system was information security, MacInnes said.

"We would only purchase a system approved by the ONC (Office of the National Coordinator for Health Information Technology)," she said.

MacInnes said the ONC security protocol has two parts, administration safeguards and physical safeguards.

"Administration safeguards have to do with policy procedures and training of staff," she said.

New employees are trained to use the system, and confidentiality is emphasized.

"It starts right at the beginning of their employment here," she said.

MacInnes said hospital officials are ultimately responsible for security of all electronic information at the hospital.

"The onus is on the hospital," she said.



I am looking for:
News, Blogs & Events Web