Comprehensive information, flowing freely to the right place, can make all the difference in a patient's treatment and outcome.
Healthcare's faith in that precept is generating the heftiest investment in computer technology investment the industry has ever seen.
But some observers say the rush to build data networks is barreling ahead with perhaps too little thought about what the networks will have wrought once they're dispensing sensitive snippets to dozens of destinations.
The concern is that comprehensive information may flow a little too freely, and not always to the right place.
And, as a result of inadequate controls, the data's potential to help provide good care could be overshadowed by its potential to get into the wrong hands.
The Chicago-based American Health Information Management Association began warning of the consequences of poor data security several years ago. In 1992, the group recommended a list of safeguards that should accompany planning of a computer-based patient record.
Since then, the idea of computerizing and increasing access to patient data has caught fire, putting multimillion-dollar information systems on the to-do lists of most healthcare delivery organizations (March 4, p. 97).
But data protection often is neglected, said Kathleen Frawley, director of the Washington office of the AHIMA, a group representing 36,000 medical records and healthcare information professionals.
Four years after issuing the data-security guidelines, Frawley finds the healthcare industry at much the same place it was then.
"The big problem is that people don't have a strategy for information security and how they're going to address it," she said.
Despite heightened government and consumer interest in veiling identifiable patient data, healthcare organizations aren't asking how to make information secure as they expand its scope and access to it, observers maintain.
Lost in the shuffle. Information systems professionals weighed down by demands for system expansion appear to have only lukewarm concern about safeguarding the data within those systems, Frawley said.
As evidence, she pointed to a survey conducted last March by the Health Information and Management Systems Society and Hewlett-Packard Co.
The influential survey is conducted annually at the HIMSS conference and exhibition, the industry's biggest computer gathering.
Fully 20% of the 1,200 survey respondents said they either weren't concerned about unauthorized access to computerized information or weren't in a position to be concerned because they weren't far enough along in their computerization to take steps to protect the data.
Another 40% said they were concerned but were just beginning to take precautionary steps.
Any healthcare institution putting off action may pay the price, said Dale Miller, director of consulting services for Irongate, a San Rafael, Calif.-based information security consulting firm.
"It's much more cost-effective to deal with this now rather than retrofit," Miller said.
Not only can technological issues be dealt with more cleanly, but it's easier to calmly trouble-shoot data-security problems and prevent them in advance than to operate under the glare of publicity and consumer anger after it's too late, he said.
The view from outside. Within healthcare, the widespread availability of patient data offered by advances in computer technology have spawned one testimonial after another to electronic records as a positive force for improved public health.
But from the outside looking in, advocates for the average patient are skipping lightly over the good that can result from data exchange and coming down hard on what they see as a situation ripe for breaches in confidentiality.
In a recent example, the People's Medical Society, an Allentown, Pa.-based healthcare consumer advocacy group, led off its June newsletter with a cautionary tale declaring that "patient confidentiality is more myth than reality, and the reality is that the situation is likely to become worse as medical record-keeping enters the electronic age."
The typical medical record is seen by as many as 77 different people during an average hospital stay, the article contended, quoting from the November 1995 edition of ACP Observer, the journal of the American College of Physicians. "That number can increase substantially when records are computerized," the article asserted. "And more and more records are entering the electronic age."
The clear concern is that whatever is the current state of confidentiality in a paper-based environment, the act of computerizing records decreases the level of safety and increases the potential for compromised security.
In the days of paper charts, "a person who wanted to go look at a record had to go to a place to look for it," said Charles Inlander, president of the People's Medical Society. In records departments and at nursing stations, workers saw their role as protecting access to patient data, he said.
With electronic records, "you really don't have the same kind of confidentiality mind-set that you have with paper (records)." The traditional "guards" probably aren't even aware that someone, somewhere, is looking at a file, Inlander said.
Consumer publications also are seizing on the perceived threats to security, including an article in the May 6 issue of Time titled, "Who's looking at your files?"
The article asserted that hospitals computerizing their records are "raising the fear that medical secrets could be accessed, copied and distributed with a few clicks of a mouse.*.*.*.*Once the records have been digitized, they can be transmitted without a trace all over the globe."
Fighting the myth. Within the provider environment, there are plenty of technological controls that can stop such horror stories, Frawley said. But executives have to know what to look for and what to ask of vendors when they buy or upgrade information systems.
Two separate study groups are finishing work that zeros in on the state of the healthcare electronic security blanket (See related story, below).
What may be tougher to contain is a public perception that electronic records compromise the inherently higher security that paper records provide. "That's a joke," Frawley said. "It's a false sense of security when people say the paper-based system is more secure."
But because of the visibility created by new technology, vulnerability of records is becoming an issue. In the final analysis, heightened concern about privacy may be less a response to computerization than "a recognition that we haven't done a good job up to now," Frawley said.
Longstanding problems include not only opportunities for peeking but also threats to data integrity. For example, hospitals are exposed to liability every time a change is made to a paper record because there's no sure-fire way to keep track of who's adding to, subtracting from or amending them.
When Frawley worked at Jamaica Hospital Medical Center in New York, active paper records were photocopied at the end of every day to document changes. Now those changes can be documented without lifting a finger-an electronic system can keep an audit trail of every move made.
But all the technological tricks in the world won't guard sensitive records if managers make decisions to open them to inappropriate eyes during the day-to-day business of delivering care.
Computers can restrict record access, alteration and destination, but healthcare managers still decide who gets access to what elements of a computerized record, Frawley said.
"Making the decision on access control is probably the hardest thing for people to do," she said. Tight controls can lead to unauthorized sharing of access codes with locked-out caregivers blocked from doing their jobs. Too-liberal access can open records to inappropriate perusing.
"People always worry about the hacker from Holland, but it's the employees within the hospital you have to worry about," Frawley said.
The most comprehensive electronic security available won't work if employees don't button their lips around others who shouldn't be hearing casual discussion of private patient medical experiences, she said (See related story, p. 36).
Access policies. After years of longing for ways to capture valuable patient information and make it accessible across a spread-out network, experts say the irony of achieving such widespread access is it can't succeed without measures to restrict it.
Information systems now are capable of granting or denying access to users based on passwords, access codes and other identifying clues.
Some healthcare software vendors also are paving the way for variable access to information within the structure of clinical databases.
At North Kansas City (Mo.) Hospital, a new clinical system ordered from Cerner Corp. is organized to grant levels of access depending on job description, said Mary Siero, director of information technology.
But that ability exposes new management and policy problems in deciding the access privileges of users and managing the execution of those access privileges for hundreds of diverse job descriptions.
"The way systems have evolved, access to information has been controlled mainly by programmers," Miller said. The systems within healthcare institutions were usually department-focused and limited by their nature to a manageable, identifiable number of users.
But now that systems are being integrated, and diverse classes of employees all need varying access to the same network, "the systems (management) area has become a bottleneck in the assignment of access," Miller said.
The activation process turns into a drawn-out routine in which supervisors fill out forms designating levels of individual access for employees, then wait for a programmer to sit down at a keyboard and execute the privileges.
If computer access could be accomplished at the department level with the "clicking of a few icons" by a nurse manager, the load could be distributed and streamlined, he said. But "the administrative (computer) tools to do that are for the most part not there."
At Austin (Texas) Diagnostic Medical Center, a menu of 17 access categories was devised in concert with managers and a "medical-security task force."
The menus cover most of the combinations of test results, chart notes, clinical records and other electronic information that must be matched to a particular worker, said Kathleen Haak, health information systems coordinator, who monitors and manages the security of information for the combination hospital and physician group practice.
The $120 million facility opened in July 1995 as a 50-50 joint venture between a 125-physician group practice, Austin Diagnostic Clinic, and Columbia/HCA Healthcare Corp. Since then the practice has doubled to 250 physicians.
Under Haak's direction, access to patient information is defined by job duties, location and the elements of data within records an employee requires to do a job. Some examples:
A radiology technician is able to see records from the radiology system and from the laboratory area, which often collaborates on diagnostic testing. A nurse has access to those areas as well as transcriptions and physician orders.
Nurses on the inpatient side of the operation don't see clinic records, and nurses' access to inpatient records is restricted by location.
Within the specialty clinics, employees see only the records of specialists for whom they work. When a referral is formally ordered, it triggers a link allowing one specialty area to view a patient's record from the referring physician in advance of the visit. Without an order, the staff of the specialist won't be able to gain access to a record until the patient arrives at the specialty office for the consultation, Haak said.
Some "float" nurses on the clinic side get access to multiple specialty areas, or else they'd be calling the information systems department every day for access. The clinic's after-hours urgent-care clinic also has a liberal access level because caregivers may see the patients of any member of the group practice. Similarly, access to records is liberally granted in the emergency department.
The computer system produces an "audit trail" of all access and viewing of records, and the data-security administrator reviews activity in inverse relation to how liberal the access is and the potential for compromising privacy, Haak said.
For example, access by float nurses and emergency department employees gets closer scrutiny than other, more restricted employees.
Decisions about access are continually reassessed by the security task force, and there are "lots of exceptions" for particular combinations of duties that must be weighed, Haak said.
The decision process at North Kansas City Hospital started with a core group of eight to nine key managers, including administrators from the laboratory, pharmacy and radiology departments as well as representatives from the technical side, Siero said.
The group's job is "to make that first cut at recommending what level of access each individual should have," she said. Then it will be reviewed by the project management group, which includes Siero, the Cerner project manager and representatives from the nursing staff.
The hospital developed a confidentiality task force more than six months ago, early in its planning for a complete overhaul of information systems to replace an outdated and incomplete system patched together over many years, Siero said.
The hospital is in the process of implementing the Cerner clinical systems and also is planning a cutting-edge telecommunication network. The hospital didn't disclose the total capital expense, although Siero characterized it as "significant."
Physician access. One of the chief goals of electronic records is to get physicians interested in using them to guide diagnosis and timely treatment. Determining the extent of records access for physicians, therefore, is a tricky call.
There's significant pressure once the information is there to make it all available to physicians, even those who aren't formally on the staff of the healthcare organization, in the name of better patient care, Frawley said.
But that goes against time-honored security policies that questioned physicians' interest in records outside their medical realm. In a paper-based records department, "if a neurosurgeon showed up looking for OB/GYN records, that would be something to question," Frawley said.
Inlander told the story of a woman whose surgeon refused to operate on her hip after seeing her electronic patient history. The comprehensive record of previous hospital stays included treatment for mild dementia.
The surgeon, Inlander said, didn't want to be responsible for what he feared would be her failure to follow instructions after delicate hip replacement surgery, possibly causing complications for which he would be held liable.
Inlander's advocacy group took up the problem with the hospital and was able to line up another surgeon to do the procedure. In the process, the hospital admitted that the surgeon shouldn't have been given access to electronic records having nothing to do with the hip problem he had been treating, Inlander said.
"That (refusal to treat) was because he had access to a record that if he had gone to the record room, they wouldn't have given him," he said.
But hospitals may have to take such chances, observers say, to keep impediments to timely and important patient information to a minimum in a medical episode.
Austin Diagnostic, for example, decided last year to open up access to all physicians because that's what the physicians wanted, Haak said. In return, they agreed to be responsible for monitoring their own and taking disciplinary action if evidence from audit reports disclosed abuse of access privileges, she said.
North Kansas City Hospital provides full physician access to results of all patients, but for now that includes only the existing laboratory, pharmacy and radiology systems, Siero said.