ANALYSIS
IT Security Issues Pose Major Risk for E-Healthcare

This is one of the downsides to the growth of electronic medical record-keeping, in addition to the much-hyped upside.

President Bush last year set the goal of creating a national electronic health records infrastructure by 2014. It's an audacious goal.

Old-Fashioned Files

Today, only five percent of doctors' offices and perhaps 20 percent of hospitals keep records electronically, rather than in an old-fashioned file cabinet.

Last month, I came down with a terrible bout of the flu and had to visit my doctor at Northwestern University's hospital. She entered the examination room with a paper file under her right arm, and, though I hadn't visited a doctor's office in ages, she knew my medical history inside and out. She had briefed herself -- reviewed the file -- before our quick appointment.

Records like that can easily be kept in electronic form. EMC Documentum (Nasdaq: DCTM) has done great work with content management software, which is being deployed at an array of Boston-area medical care facilities, including Massachusetts General and Brigham and Women's hospitals. The decision support software helps doctors and other healthcare providers by sharing clinical best practices. Patient records themselves could be easily accessed in a networked system too.

That sounds great -- but there is more to medical care than information management. The doctor has to read the case history, but he or she also must be expert at customizing treatments based on data that would never be in a file -- like the patient's temperament, lifestyle or even personality.

Reality Check

We need to start looking at what IT can do for medical care more realistically. Yes, it is true that artificial intelligence may be able to help cancer researchers more easily diagnose a tumor by size and other biomarkers. Yes, compiling that kind of data, based on tests of large patient populations, could help predict which patients would be best served by the latest treatments.

That's a lot more exciting than the first wave of medical records technology, which sought to classify medical documents by billing code and diagnostic code, mostly for physician practice management, rather than the improvement of the health of the patient.

As these records become used for diagnosis, rather than just for billing, hospitals are going to have to become as vigilant about security. Shouldn't the industry devise security measures that can protect that kind of sensitive data before doctors start making it readily available over shared databases and networks of other physicians?

There is increasing concern that e-health records, when linked to any computer network, can be as vulnerable as PCs are to attack from Internet predators. Who knows -- maybe there will be massive phishing or pharming scams that prey on doctors offices, or trojan horses written to steal sensitive data from private files on a doctor's PC. Maybe an unscrupulous publisher would seek to make money off those files illegally. I've known a few characters during my career who would stoop to such ethical lows.

Understanding the Problem

The National Institutes of Health (NIH), the nation's premiere health research facility, is mindful of the potential problems. The government agency -- a division of the Department of Health and Human Services -- is funding the development of decision support software for clinical and research purposes. The developers of the software realize that there will be millions of bits of information that can go into each medical decision and are taking measures to ensure that the data is secure -- and accessed only by the right persons at the right time.

Another security concern I haven't even mentioned relates to so-called "genetic discrimination." If health insurance companies were to obtain too much information about a patient's genetic history -- and current health condition -- might they unfairly deny those patients insurance coverage? That kind of IT problem would be much worse than a virus in a file -- it could make the whole healthcare system sick -- and that's not hype.