Being a Medical Informatics Functional Consultant, people often ask me why protect patient health information? I have visited and interviewed several hospital CIOs and other concerned heads on the issues of patient health data security. Believe me; all of them face varied challenges to make sure that the health data of every patient is secured. There are many standards to follow for maintaining and keeping the data secret; for instance, they need to adhere to HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economical and Clinical Health) etc.
On the contrary to the popular belief, I would say, health data security is far beyond just restricting the grant of privilege i.e. firewalls and passwords. When any medical software is designed and developed, it’s very important to have a comprehensive view that includes following the limitations as described by government bodies, hospitals’ own rules and regulations and top of all the standards accepted aboveboard.
I have seen many software that ask for patient demographics and history without mentioning which, the next step or page would not come. Of course, if patient does not want to declare his ethnicity, the software should allow it to skip by making it a non-mandatory field. Protecting patient health data is very important as relieving it may affect his or her personal, professional and/or social life. In countries like India, the matter of health care data of patient keeping secured is not so taken seriously and because of that, most of the health care centers do not fall under standard hospitals or clinics as far as following the laws are concerned. Nevertheless, local government has initiated such policies that are likely to be followed in coming years.
For any health care center, it is better to follow existing standards as set by NIST (National Institute of Standards and Technology). Also, ISO (International Organization of Standards) too specify certain protocols to be followed for ensuring patient health data security.
For software manufacturing companies (IT Companies), it is always better to include a domain expert (medical domain expert) as to come with better product. On the other hand, medical domain expert should have knowledge of medical standards and also should possess basic knowledge about computer languages as to interact and interpret IT professionals.