The National Library of Medicine and the Computer-based Patient Records Institute soon will offer comprehensive assistance to healthcare executives looking for advice on developing a data security strategy.
The CPRI, based in Schaumburg, Ill., is seeking to identify every functional requirement for computer-based security of confidential patient records. The aim is for prospective buyers of healthcare information systems to be able to ask vendors and developers what data security measures are built into their systems.
The institute also sells a lineup of guidelines for establishing information security policies and programs, educating healthcare professionals about security, and developing confidentiality statements and agreements.
The report on functional requirements, expected to be available Oct. 1, will give buyers a list of recommendations on optimum security procedures.
Meanwhile, the National Library of Medicine, an agency within the U.S. Public Health Service's National Institutes of Health, commissioned the National Research Council in November 1995 to investigate mechanisms for protecting electronic health information, said Betsy Humphreys, spokeswoman for the National Library of Medicine. That report is due out in mid-January.
The agency has been involved in funding research and development in computerization of medical information, both for research and for clinical uses, Humphreys said.
One of the National Library of Medicine's main operations is Medline, a national database of more than 7 million references from 3,700 medical journals dating to 1966. For most of that span, it's also been involved in trying to improve access to healthcare information for medical practitioners, Humphreys said.
"We have come to the point where clinical information systems and patient record systems are just coming to their promise," she said. But uncertainty about the security of clinical information "could have an incredibly chilling effect" on its promise and potential, she added.
Jerry Sheehan, program officer in charge of the project at the National Research Council, said the study will explore applying other technologies outside healthcare to the protection of health information. It also will identify gaps remaining in the healthcare security blanket that may require further development or legislation, Sheehan said.
A work group of healthcare executives, privacy advocates, information systems vendors and computer security experts has visited a half-dozen or more sites for practical views of the security problems and solutions in the field, he said.
The National Institutes of Health is providing $425,000 toward the cost of the study, Humphreys said.