Common risks to patient data in a clinical computing environment

Controlling common risks to patient data in a clinical computing environment

Dean F. Sittig

Clinical computing professionals must address several risks associated with developing and maintaining electronic patient record keeping systems. Being aware of the following four categories of risk is the first step in maintaining their control.

The first is data security, the danger that someone will make an unauthorized copy of the data. For instance there is financial value in the names and addresses of all hospitalized patients. The best security safeguard in this case is a robust user authentication system that requires both user names and randomly assigned, 5-8 character alpha-numeric passwords.

Maintaining data integrity is the second area of risk in computerizing clinical information. If someone should make an unauthorized change to clinical data, such a change could lead to an incorrect medical decision and possibly a patient’s death. The best safeguard in this case is an accurate audit log that allows system administrators to quickly review all changes made to a specific data item, or program, and identify the culprit.

The third category of risk is data safety, or the chance that someone might delete important patient data. This could happen as a result of malicious or careless behavior on the part of a system developer with too many system administrator privileges. The simplest safeguard for inadvertent data deletions is a well-maintained and tested backup system. In most state-of-the-art clinical information systems all data is routinely stored on two separate disks simultaneously.

Data availability is the fourth potential problem that a clinician must face. He may not be able to access a particular data item when it is needed for a variety of reasons. For example, a computer terminal is not available on the patient care unit; the user forgets his password; the network connection between the user’s terminal and the computer which verifies the passwords is down; the computer which maintains the patient data is down; or the data are stored under a different patient ID than the clinician used to access the patient’s record. The actual causes of loss of data availability are uncountable; protecting against the most likely causes of failure is the best one can do. The basic safeguards are not difficult to imagine or implement.

There should be at least 1 terminal for every 5 patient beds on every patient care unit. The Help desk must be staffed 24 hours/day and be able to issue a new password on the spot to clinicians who can properly identify themselves. The network requires built-in, redundant pathways. All computers that "serve" data should be connected to universal power supplies that reduce the potential for power glitches shutting down the system. Finally, no matter how robust a clinical computing infrastructure is, there must be well-documented "down-time" procedures for the most critical data reporting and ordering functions.

Timely access to accurate patient data is the cornerstone of the modern healthcare organization. All information systems departments must give careful thought, thorough planning, and sufficient funds to reducing the risks to their clinical data. In addition, institutions must have processes in place that allow them to monitor and eventually improve upon their current level of security.

For more information on information security click below to read:
For the Record : Protecting Electronic Health Information

To purchase this book from Amazon.com click below:
For the Record : Protecting Electronic Health Information
by Computer Science and Telecommunications Board Commission on Physical Sciences, Mathematics, and Applications

For more information on HIPAA's proposed regulations see:
Frequently Asked Questions About Security and Electronic Signature Standards
Security and Electronic Signature Standards - From Federal Register -- August 12, 1998 (Volume 63, Number 155)

Ó 1999 Dean F. Sittig

dfs 2/1/99