When It Comes to Medical Records in the Cloud, Security Is Not Optional

August 12, 2013
| |
4 min read

Cloud Computing Provides Both Solutions and Challenges to Health Information Exchanges (HIE)

In an episode of Seinfeld, Elaine is flagged as a “difficult” patient by one doctor and the reputation follows her in her medical record. In order to get treatment for her rash she has to try to steal her own record and expunge the notes, but is told they’re the property of the medical establishment. She’s not even allowed to view her own medical file.

In the TV show comedic hyperbole manages to spirit one master folder into the hands of multiple doctors in time for Elaine’s first appointment. In the real world, copying and transferring paper records is difficult and each practice will maintain its own local notes; the notion of a unified version of a patient’s medical record is fiction.

Enter electronic health records (EHR), which hold the promise of a central, unified record for each patient.

Electronic Health Records Give Patients Broader Choices and Better Care Outcomes

Migrating paper-based medical records to EHR doesn’t provide the full benefits of meaningful use unless the EHR follows the patient. We humans are endowed with free will, which we have a tendency to exercise regularly, rather unlike our bodies as of late. The confluence of these two conditions results in the need to avail ourselves of the healthcare system fairly often, wherever it’s convenient and with the caregiver that suits us.

A la carte care means we may choose a primary care physician at one provider, but a specialist in a separate organization. This network of care may be extensive and extend beyond the coverage of an individual health plan. And yet the patient’s records must be accessible wherever they’re needed: by the provider while caring for the patient, by the payer, by pharmacists, and by the patient through web portals and mobile apps.

Often records will be accessed and updated by organizations who compete for the same opportunity to care for the patient—and be paid for the service. Obviously, all parties can’t have equal and complete access to EHR. For example, pharmacists don’t need all the treatment notes, and neither they nor the patient should be able to modify records (although it may be useful for both to add notes).

Health Information Exchanges Enable the Secure Sharing of EHR

HIE means many things to different people. At its core, HIE enables the electronic sharing of health-related information among organizations.

In practice, this may mean:

  • Simple governance without prescriptive guidance regarding technology;
  • Infrastructure to interconnect organizations without regard for the complexities of moving the data itself, much like what the Automotive Network Exchange (ANX) provided at its inception;
  • A set of data protocols like HL7 to facilitate the normalization of data from heterogeneous and often antiquated systems.

Instead of each provider and payer creating a portal to their data and selectively providing access to peer organizations, HIEs are used as the intermediary to centralize information and control access to it. Each organization contributes and enriches the data, but ultimately the records belong to the patients.

HIEs Are Made for the Cloud, but There Are Security Considerations

With the goal of central storage and access, HIEs seem like the perfect candidate to be cloudified.

However, from a security perspective there are trade-offs between distributed and central models:

  • Distributed models tend to be complex, with each owner of data deciding how to share data and with whom. This gives the data owner absolute control, but creates a web of interconnections that has to be maintained by all parties. The burden of liability, including HIPAA compliance, remains with the data owner and all other entities must have business associate (BA) agreements.
  • In a central model, data resides in a neutral location and usually managed by a third party—most commonly in what we call a public (or hybrid) cloud. The burden of liability belongs to the third party providing the service.

While the latter sounds like a simple model, there’s not usually a single provider. Radiology may be stored in one cloud, bloodwork in another. That’s good and bad: monolithic entities are less complicated, but a single compromise of the infrastructure puts all data at risk; whereas, a more fragmented solution requires integration—sometimes through elegant technology solutions, other times with duct tape and chewing gum—but compromises have a good chance of staying compartmentalized. And all of it depends on whether we’re talking about Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS).

HIEs Are Not as Simple as They Seem

As with all collaborative projects, the obvious complications are only the tip of the iceberg. It’s unrealistic to believe that all providers and payers will adopt a central HIE; rather, HIEs are being created regionally and will have to be eventually tied together upstream. Even though regional HIEs will address records normalization, it will have to be engineered again at the next level up. With each iteration of the normalization process, it’s likely that the record structure will lose some level of flexibility and fidelity: standard fields in one format may wind up in custom or general purpose fields in another record format, the intent and content of custom fields may be lost, terminology and language may differ in the same record, confusing its interpretation.

Other barriers to HIE adoption include:

  • Reticence to share info with competitors;
  • Lack of infrastructure in some areas
  • Privacy and compliance concerns

Security and Privacy Are Not Optional

The lack of a clear market definition, technical complexity, and uncertainty about liability means healthcare providers are confused about where to start in building an HIE architecture, but it’s almost certain to be composed of some cloud services. Despite the challenges of building out HIEs, the healthcare industry needs to give patients ownership of their own records and the freedom to get the medical care that they want and need. There are already successful implementations, and even if they fall short of a universal sharing model, they’re paving the way for learning and evolution. At the least they should be viewed as working prototypes from which to base future implementations.

With great opportunity comes great risk, so the saying goes. And with HIEs that means exposure of sensitive patient information. One requirement that cannot be a prototype, with the oversights and flaws that come with it, is the security model of HIEs. If you’re in charge of an HIE build-out, make sure you involve security and privacy from the outset; if you’re in security and privacy, shove your way into meetings if you have to and make sure your voice is heard.

And speaking of which, if you have experience in building out an HIE, we’d love to hear from you about your experiences. Please post a comment below.

Chris Poulin
Research Strategist, X-Force R&D, IBM

Chris Poulin brings a balance of management experience and technical skills encompassing 30 years in information security, software development, and IT mana...
read more