220 likes | 256 Views
This book explores the risks of Electronic Patient Records (EPR) and their impact on healthcare technology over the next decade. It discusses the underexposed subjects of theory and practice in technology effects. The text examines the lack of public debate on EPR and advocates for sensitizing the public on privacy issues. The need for EPR to make medical information accessible nationwide, reduce bureaucracy, lower costs, and improve efficiency is highlighted. The challenges of implementing an overall personal number for citizens are discussed in relation to privacy, practical problems, and political implications. The text delves into security issues, software challenges, and data integrity concerns in EPR adoption.
E N D
September 5, 1995 – December 16, 2005 We won! :-)
RISKS of electronic patient records (EPR) The Next Ten Years Karin Spaink karin@spaink.net Hacking health
six books in three years effects of technology underexposed subjects theory / practice 2005 sept: EPR 2006 mar: Gaming 2006 oct: Web 2.0 .... The Next Ten Years
no public debate whatsoever about why & how newspapers: press releases, progress reports etc. policy makers: absolute faith in technology examine premisses re-sensitise the public w.r.t. privacy issues Why a book on EPRs?
make medical information accessible nation-wide all health professionals have the same information, without time delay or paperwork enforce co-operation and sharing reduce bureaucracy, increase efficiency reduce medical errors reduce costs Why EPRs?
old situation • patient records stored in various, contained places • GPs, hospitals, pharma- cies and para-medics all have their own patient information systems • communication and exchange of information though EDIFACT, letter or phone • exchanged information stored locally again, on paper or electronically
projected situation • patient records stored in various open places • (para-)medics can consult data stored elsewhere over the internet in real time • National Exchange Point will show what data is stored where • data stays where it is generated
previous secretary of Health, Els Borst: 'We will not use the social security numer, for obvious reasons' new government, new climate: Civil Service Number for all citizens will be introduced in 2006 CSN = SSN SSN: work, taxes + welfare EN: education HIN: health + child / youth care Patients need to be unique
practical problems: SSN is not unique unwanted / unforeseen / unaccounted linking of personal data in various domains identity theft political problems: extending the law w.r.t. data linking CSN is meant from its inception to assist law enforcement & investgation Risks of one overall number
'Implementing an overall personal number is important to meet the desire to have more means available to link data for purposes of law enforcement and investigation. Extending the legal possibilities to do so is being considered within the current European privacy directives.' - Kamerstukken II 2002-2003, 28 600 VII nr. 21, p. 2. Government on CSN
'Companies should be allowed to use the CSN for their own purposes and not only to exchange information with the government. [..] Companies will be obliged to use the CSN when they deliver information about people the government. Privacy laws prevent them from using that same CSN for their own administration. According to VNO/NCW, this is an unneccessary cost.' - VNO/NCW: Privacy hindert doelmatigheid, AG 12 november 2005 Companies on CSN
government has been eager to introduce a biometric electronic national ID card (eNIC) 'lack of identity-rich applications' summer 2005: Dpt. of Health supplies solution: eNIC will be used to authenticate patients when consulting their own EPR, starting Oct. 2006 while we have DigID but no card readers nor is patient access part of EPR programs Introduction of eNIC
virusses: Spaarne hospital (March 2005) various radiology dpts. bugs: pharmacies (Nat. Health Inspection 19-08-1005) data entry errors: identification, dosage, codes Electronic Medication Programs are currently the fourth cause of medical errors, while EPR/EMR were intended to remedy those 'Technical' problems re. EPR
Dpt. of Health: no extra money for new software or implementation of EPR National Health Inspection: no requirements set for software ('market must solve it') NICTIZ: 'responsibility for data and software lies with health institutes themselves, not with us' GP's: no knowledge / infrastructure legacy software (esp. hospitals) health care as a sector is not very computer savvy Securing patient data
Safety was an aftertought, the glacing of the cake. ('We will add a firewall to protect our data.') Data security (integrity) is not be the icing on the cake but part of the backing process. Safety is the backing soda, part of the design.
negotiations with 3 hospitals; 2 agreed to a penetration test (A) regional hospital providing EPR for GP's, revalidation clinic, nursing home (B) one of the biggest academic hospitals results were shattering: we could access 1,2 million patients records (8% of Dutch population) access = copy, delete, change Practical part of the project
insurance number, initials, surname, phone, date of birth, insurance number, street, zip code, city 99xxxxxxx,B.,Waxxxxxxxx,05xxxxxxxxx,Jul 7 2004 99xxxxxxx,xxxxxxxxstr,11,xxxx TC,xxxxxxx 01xxxxxxxx,E.J.,Kaxxxx,07xxxxxxxxx,Jan 2 1962 01xxxxxxxx,xxxxxxxxxxxln,30,xxxx ND,xxxxxxxxx 34xxxxxxx,R.,Bexxxxx,03xxxxxxxxx,Jul 7 2004 34xxxxxxx,xxxxxxxdiep,19,xxxx NR,xxxxxx 00xxxxxxx,F.M.,Vexxxxxx,06xxxxxxxxx,Jul 13 1979 00xxxxxxx,xxxxxxxxln,46,xxxx VA,xxxxxx 06xxxxx,N.C.,Boxxxxxx,07xxxxxxxxx,May 18 1994 06xxxxx,xxxxxxxxxstr,3,xxxx BH,xxxxxx 95xxxxxxx,N.,Baxxxxx,05xxxxxxxxx,Apr 21 1993 95xxxxxxx,xxxxtuin,51,xxxx ZX,xxx 20xxxxxxx,A.M.,Ogxxxxx,03xxxxxxxxx,May 8 1972 20xxxxxxx,xxxxxxxxxxxxwg,29,xxxx BT,xxxxxx 81xxxxxxx,D.,Boxxxxxx,03xxxxxxxxx,Jul 8 2004 81xxxxxxx,xxxxxxxxxxwg,23,xxxx HC,xxxxxx 92xxxxxxxx,E.,Rexxxxxx,03xxxxxxxxx,Jul 8 2004 92xxxxxxxx,xxxxxxstr,16,xxxx VL,xxxxxx
patient code, infection, informed by, notes 10xxx,4,beh.arts,Patient bekend met MRSA inmidd, 10xxx,2,behandelnd arts,ESBL positief. bij opname: con, 25xxx,4,arts,Tot 05-01-2003 MRSA verdacht. , 28xxx,4,niet,Mogelijk contact met MRSA B6 W, 38xxx,4,arts,Tot 05-01-2002 MRSA verdacht. , 43xxx,4,verpleeghuisarts,Patient is MRSA positief. Bij , 46xxx,4,behandelend arts,patient bekend met MRSA. MRSA , 51xxx,4,huisarts,Strikte isolatie volgens MRSA , 51xxx,4,niet,Mogelijk contact met MRSA B6 W, 55xxx,4,nog niet,Bij opname in strikte isolatie, 69xxx,4,behandelend arts,tot 01-07-2003 verdacht van MR, 75xxx,4,Dr. Hxxxxx,Dhr. is positief voor MRSA, Bi, 76xxx,2,behandelend arts,Bij opname in contactisolatie., 81xxx,4,arts,bij opname: isolatie op een kamer, 81xxx,4,van den xxxx neurolo,Bij opname patient isoleren al, 85xxx,4,,MRSA verdacht tot 12-02-2003. , 10xxxx,4,xxxxxx Blxxxxx, Dhr. is positief geweest. Bij , 10xxxx,4,arts,bij opname: isolatie op kamer, 10xxxx,4,hygienist,Bij opname MRSA protocol, stri, 10xxxx,4,arts,Bij opname: isolatie op een ka, 11xxxx,4,behandeled arts,MRSA positief. Opname op eigen k,
'The privacy of medical data should not be at stake. Medical data should not be out in the open! Hospitals are responsible for the enforcement of safety requirements with respect to sensitive data and should take action. That is actually not a matter of money, but of internal procedures and a proper adminstrative organisation.' - secr. Hoogervorst in Parliament, Sept. 6 2005 Secr. of Health about the hack
Nov. 11, letter to parliament: implementation of national EPR postponed 'security' mentioned 27 times NEN 7150 (set of safety rules) becomes touchstone new committee within Dpt. law on medical secrecy might be re-assessed Yet: wrong level: hospital A sends sysadmin wrong problem: 'we have a proper firewall' (AMC) wrong solution: NEN 7150 far too broad (skirthings) On second thoughts...
technology is hailed as a cure-all three huge problems within six months (virusses, software bug, hack hospitals) improvement of health care dubious protection of highly sensitive data severely lacking EPR is politically abused (law enforcement, eNIC) Resumé