Computers, Privacy & the Constitution

View   r4  >  r3  >  r2  >  r1
MichaelSunSecondPaper 4 - 27 May 2024 - Main.MichaelSun
Line: 1 to 1
 
META TOPICPARENT name="SecondPaper"
Changed:
<
<

Paper Title: Digitalization of Medical Health Records & Its Privacy/Data Security Concerns: U.S. & South Korea

>
>

Digitalization of Medical Health Records & Its Privacy/Data Security Concerns: U.S. & South Korea

 -- By MichaelSun - 07 May 2024

Introduction

Changed:
<
<
Medical institutions around the world have experienced an innovative transformation regarding medical record storage, actively backed by their respective governments to integrate technology into healthcare delivery. Specifically, healthcare systems have aggressively facilitated the use of electronic health records (EHR) and digitized personal health records (PHR) to provide more efficient and consistent care to patients. Some of the biggest benefits that EHRs and PHRs have over paper forms of storing medical data include: lower costs, simultaneous availability, retrievability, portability, and facilitates doctor-patient communication. National Library of Medicine. Despite these advantages, they must be utilized with utmost care as both entail enormous privacy and security concerns that need to be addressed.
>
>
Medical institutions have experienced an innovative transformation regarding medical record storage, backed by their governments to integrate technology into healthcare delivery. Specifically, electronic health records (EHRs) and digitized personal health records (PHRs) have aimed to provide more efficient care to patients. Some of the purported benefits include: lower costs, simultaneous availability, retrievability, portability, and improved doctor-patient communication. See "Abstract" National Library of Medicine. Nevertheless, a trial-and-error method of testing whether such technologies are secure enough for adoption has not been successful, and the entailing privacy and information security concerns outweigh the benefits.
 

United States

Changed:
<
<
The U.S. has been one of the global driving forces in leading the digitalization of medical health records. To facilitate this transition while protecting patient information, the federal government has passed two main laws: the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009.
>
>
The U.S. has been one of the global driving forces in leading the digitalization of medical health records. To facilitate this transition, the federal government has passed two main laws: the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009.
 
Changed:
<
<
Firstly, HIPAA is a federal law that aims to ensure that EHRs remain private and secured from third parties. National Library of Medicine. HIPAA has three requirements: a privacy rule that gives patients rights over their PHRs and requires healthcare providers to maintain safeguards to protect the privacy of EHRs, a security rule that sets national standards for such protections, and a breach notification rule that gives patients the right to be notified of a security breach. HHS. Secondly, the HITECH Act not only provides a more rigorous enforcement mechanism for HIPAA through the provision of harsher penalties in case of violation, but also establishes financial incentives for healthcare providers to adopt EHRs. National Library of Medicine. Unsurprisingly, the HITECH Act has drastically induced the rise of EHRs from 3.2% usage in 2008 to 95% in 2017. National Library of Medicine.
>
>
Firstly, HIPAA is a federal law that aims to ensure that EHRs remain secured from third parties, including a breach notification rule that gives patients the right to be notified of a security breach. See "Review" National Library of Medicine. Secondly, the HITECH Act not only provides a more rigorous enforcement mechanism for HIPAA through the provision of harsher penalties in case of violation, but also establishes financial incentives for healthcare providers to adopt EHRs. Ibid. Unsurprisingly, the HITECH Act has drastically induced the rise of EHRs from 3.2% usage in 2008 to 95% in 2017. Ibid.
 
Changed:
<
<
Nevertheless, an increased EHR adoption rate has also prompted serious privacy and security concerns. EHRs essentially include extremely private information such as the patient’s biographical information, prescription history, immunization record, and laboratory data. National Library of Medicine. Yet as cyberattackers have become more sophisticated with the motive of financial gains, it has become more difficult to prevent them from evading security systems and from accessing patients’ private information. National Library of Medicine. For example, it was reported that cyberattackers breached into the EHR database of Community Health Systems – one of the most highly-regarded healthcare providers in the U.S. – and accessed patients’ social security numbers and credit information. National Library of Medicine. The fact that healthcare providers have increasingly adopted similar third-party operating systems for EHRs has put them more at risk of being infiltrated by malware and viruses. National Library of Medicine. In essence, not only does the rise in EHR adoption put medical organizations at risk of financial harm from unauthorized access to their databases, it also drastically increases the risk of individuals in getting their sensitive information exposed.
>
>
Nevertheless, an increased EHR adoption rate has also prompted serious privacy and security concerns. EHRs essentially include extremely private information such as the patient’s biographical information, prescription history, immunization record, and laboratory data. Yet as cyberattackers have become more sophisticated with the motive of financial gains, it has become more difficult to prevent them from evading security systems and from accessing patients’ private information. Ibid. For example, it was reported that cyberattackers breached into the EHR database of Community Health Systems – one of the most highly-regarded healthcare providers in the U.S. – and accessed patients’ social security numbers and credit information. Ibid. Another incident involved a medical technician accessing patients’ personal information and selling it for financial gains. See "Security Breaches" National Library of Medicine. The fact that healthcare providers have increasingly adopted similar industry-wide third-party operating systems for EHRs has put them more at risk of being infiltrated by malware and viruses. See "Review" National Library of Medicine.

In fact, operating such vulnerable systems for the supposed benefits such as accuracy and efficiency have also proved to be erroneous. The case of the Veterans’ Administration’s newly-adopted EHR system reveals the tale. Contrary to expectations that entailed modernizing the medical record system, deficiencies in the system contributed to injuries and even deaths to many veterans for reasons such as records disappearing in the system and scheduling errors that prevented patients from receiving appropriate treatment. Politico.

 

Korea

Changed:
<
<
Korea has also quickly followed other developed nations and utilized EHRs to improve the quality of its healthcare. Similar to HIPAA and the HITECH Act, Korea passed the Personal Information Protection Act (PIPA) in 2011 to ensure that the collection, use, and disclosure of personal medical information are protected. JAMA Network. By virtue of PIPA, along with Korea’s cutting-edge 5G network, the EHR adoption rate had increased from 37.2% in 2010 to 58.1% in 2015. International Journal of Medical Informatics. Yet although Korea was indeed one of the first nations to adopt EHRs, it has not shown the same trend when it comes to PHRs. Healthcare Informatics Research.
>
>
Korea has also quickly followed suit and adopted EHRs to improve healthcare quality, passing the Personal Information Protection Act (PIPA) in 2011 to ensure that the collection, use, and disclosure of personal medical information are protected. JAMA Network. By virtue of PIPA, along with Korea’s cutting-edge 5G network, the EHR adoption rate had reached 97.3% in 2017, contributing to the widespread use of EHRs for tasks like medication prescription. See "EMR Adoption Status" National Library of Medicine.
 
Changed:
<
<
Amid the COVID-19 pandemic, the Korean government decided to directly tackle the low PHR adoption and introduced the “My Healthway” project – basically a mobile app service that provides individual patients the ability to store their medical record information such as medication records, vaccination history, insurance records, and genetic data on their mobile phones. OECD. On its face, this was an appropriate standardized mechanism to promote PHR use as 80% of Korean healthcare is provided by private parties. National Library of Medicine. Allowing individuals to store medical information on their mobile phones was intended to give them more autonomy over how such data would be used, similar to the goals of the patient portal service mandated by the U.S. EHR systems. Healthcare Informatics Research. However, ever since the amendments to the Contagious Disease Prevention and Control Act (CDPCA) were passed after the MERS outbreak, the government had given certain agencies such as the Korea Center for Disease Control and Prevention (KCDC) the authority to collect and share information such as location data, CCTV footage, prescription records, and card transactions of individuals. JAMA Network. With public agencies like the KCDC having direct access to personal data of infected individuals, this project exposed significant privacy concerns related to PHR accessibility.
>
>
Yet the Korean system has likewise displayed crucial deficiencies. In particular, the degree of information exchange, which involves sending and receiving medical information to other medical professionals and organizations, was found to be very low, with close to 90% of hospitals acknowledging that an information exchange system was not yet available. Ibid.
 
Changed:
<
<
In fact, My Healthway was the primary means to enable accurate contact tracing during the COVID-19 pandemic. JAMA Network. For example, citizens were frequently required to show their vaccination records to enter public areas and also received real-time notifications on where infected individuals were, often exposing details about others’ private lives. BBC. Although actual names or addresses of those that contacted the virus were not available, people receiving the alerts were able to make inferences about others’ private matters such as infidelities and affiliation with secret religious cults, leading to widespread public mockery and witch hunting online. BBC. Furthermore, though active news coverage of location data may have contributed to curbing the spread of the pandemic, businesses that were revealed to be settings of mass contact experienced severe financial losses. In other words, adopting a single, unified system of storing PHRs through the My Healthway platform had put both organizations and individuals at serious risk of privacy invasion, and the decision to make such information available to the public exacerbated the problem.JAMA Network.
>
>
Furthermore, Korea also has a weak PHR system. During the COVID-19 pandemic, the Korean government aimed to tackle this by introducing “My Healthway” – a mobile app that allows patients to store their medical information such as medication records and vaccination history on their mobile phones. OECD. On its face, this gave individuals more autonomy over how such data would be used. However, the government gave certain agencies such as the Korea Center for Disease Control and Prevention (KCDC) the authority to collect and share extremely private information such as location data, CCTV footage, prescription records, and card transactions of individuals. JAMA Network. In fact, My Healthway was the primary means to enable accurate contact tracing during the COVID-19 pandemic. Individuals were thus required to show their vaccination records to enter public areas and received real-time notifications on where infected individuals were, often exposing details about others’ private lives. BBC. Consequently, people receiving the alerts were able to make inferences about others’ private lives such as infidelities and affiliation with secret religious cults, leading to widespread mockery and witch hunting. Ibid. Businesses that were revealed to be settings of mass contact also experienced severe financial losses.
 
Added:
>
>
Although Korea was one of the first nations to adopt EHRs, it has similarly failed to establish a strong system that could prevent the manifestation of serious privacy concerns. Korea’s preeminent 5G network system has not yet synergized with the electronic medical record system, leading to weak information exchange and a lack of a systematic foundation for more efficient healthcare delivery.
 
Deleted:
<
<
These links are useless. You don't anchor the links to the relevant phrases in the text, as we do when writing hypertext, and you repetitively cite to the whole document , as though the reader should reread the entire document each time in order to support your point. You should fix the references so the reader can use them easily and effectively.
 

Conclusion

Changed:
<
<
Considering the potential of EHRs and PHRs to transform the medical industry and produce a more accurate and convenient healthcare system, it is crucial to develop a system that protects patients’ privacy that could allow them to more readily share information. Effective safeguards must be developed to promote this kind of system, and more pre-adoption testing should be emphasized as a trial-and-error type of testing is not appropriate in this setting.
>
>
Considering the potential of EHRs and PHRs to produce a more accurate and convenient healthcare system, the adoption of such technologies seems inevitable. However, systems around the world have currently taken a trial-and-error approach where they have introduced these systems without sufficient pre-adoption testing to prevent inaccurate medical services and significant privacy and security breaches. As of now, such concerns outweigh the benefits, and more rigorous testing and research on potential solutions such as complete encryption and open source systems are needed.
 
Deleted:
<
<
This draft contains a useful summary of available information. Writing about US EHR's without explaining the proprietary software ecologies for using them, and their deliberate incompatibilities, fails to explain what's important about the technology. You don't say anything about Korean EHR software either, although that's another story of immense inefficiency and corruption. You don't discuss the US Veterans' Administration health care IT system, the free software EHR it uses, and the efforts made by the software companies, the defense contractors, and even the Pentagon itself to hobble adoption of that software.
 
Deleted:
<
<
As your conclusion shows, you haven't yet developed an idea of your own about any of this, except that privacy is important and it should be protected. You discuss HIPAA briefly, but you neither show what is strong about it nor explain difficulties if you have located them. Making the next draft stronger means getting away from the "let me summarize facts about the US and Korea" to present some actual legal ideas. (Who actually cares about Korea outside Korea, and why? Why aren't you writing about health records technology and practices in one or more European societies instead?)
 



MichaelSunSecondPaper 3 - 22 May 2024 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="SecondPaper"
Deleted:
<
<
It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles. The headings below are there to remind you how section and subsection titles are formatted.
 

Paper Title: Digitalization of Medical Health Records & Its Privacy/Data Security Concerns: U.S. & South Korea

Line: 28 to 27
  In fact, My Healthway was the primary means to enable accurate contact tracing during the COVID-19 pandemic. JAMA Network. For example, citizens were frequently required to show their vaccination records to enter public areas and also received real-time notifications on where infected individuals were, often exposing details about others’ private lives. BBC. Although actual names or addresses of those that contacted the virus were not available, people receiving the alerts were able to make inferences about others’ private matters such as infidelities and affiliation with secret religious cults, leading to widespread public mockery and witch hunting online. BBC. Furthermore, though active news coverage of location data may have contributed to curbing the spread of the pandemic, businesses that were revealed to be settings of mass contact experienced severe financial losses. In other words, adopting a single, unified system of storing PHRs through the My Healthway platform had put both organizations and individuals at serious risk of privacy invasion, and the decision to make such information available to the public exacerbated the problem.JAMA Network.
Added:
>
>
These links are useless. You don't anchor the links to the relevant phrases in the text, as we do when writing hypertext, and you repetitively cite to the whole document , as though the reader should reread the entire document each time in order to support your point. You should fix the references so the reader can use them easily and effectively.

 

Conclusion

Considering the potential of EHRs and PHRs to transform the medical industry and produce a more accurate and convenient healthcare system, it is crucial to develop a system that protects patients’ privacy that could allow them to more readily share information. Effective safeguards must be developed to promote this kind of system, and more pre-adoption testing should be emphasized as a trial-and-error type of testing is not appropriate in this setting.
Added:
>
>
This draft contains a useful summary of available information. Writing about US EHR's without explaining the proprietary software ecologies for using them, and their deliberate incompatibilities, fails to explain what's important about the technology. You don't say anything about Korean EHR software either, although that's another story of immense inefficiency and corruption. You don't discuss the US Veterans' Administration health care IT system, the free software EHR it uses, and the efforts made by the software companies, the defense contractors, and even the Pentagon itself to hobble adoption of that software.

As your conclusion shows, you haven't yet developed an idea of your own about any of this, except that privacy is important and it should be protected. You discuss HIPAA briefly, but you neither show what is strong about it nor explain difficulties if you have located them. Making the next draft stronger means getting away from the "let me summarize facts about the US and Korea" to present some actual legal ideas. (Who actually cares about Korea outside Korea, and why? Why aren't you writing about health records technology and practices in one or more European societies instead?)

 
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.

MichaelSunSecondPaper 2 - 13 May 2024 - Main.MichaelSun
Line: 1 to 1
 
META TOPICPARENT name="SecondPaper"

It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles. The headings below are there to remind you how section and subsection titles are formatted.


MichaelSunSecondPaper 1 - 07 May 2024 - Main.MichaelSun
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="SecondPaper"
It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles. The headings below are there to remind you how section and subsection titles are formatted.

Paper Title: Digitalization of Medical Health Records & Its Privacy/Data Security Concerns: U.S. & South Korea

-- By MichaelSun - 07 May 2024

Introduction

Medical institutions around the world have experienced an innovative transformation regarding medical record storage, actively backed by their respective governments to integrate technology into healthcare delivery. Specifically, healthcare systems have aggressively facilitated the use of electronic health records (EHR) and digitized personal health records (PHR) to provide more efficient and consistent care to patients. Some of the biggest benefits that EHRs and PHRs have over paper forms of storing medical data include: lower costs, simultaneous availability, retrievability, portability, and facilitates doctor-patient communication. National Library of Medicine. Despite these advantages, they must be utilized with utmost care as both entail enormous privacy and security concerns that need to be addressed.

United States

The U.S. has been one of the global driving forces in leading the digitalization of medical health records. To facilitate this transition while protecting patient information, the federal government has passed two main laws: the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009.

Firstly, HIPAA is a federal law that aims to ensure that EHRs remain private and secured from third parties. National Library of Medicine. HIPAA has three requirements: a privacy rule that gives patients rights over their PHRs and requires healthcare providers to maintain safeguards to protect the privacy of EHRs, a security rule that sets national standards for such protections, and a breach notification rule that gives patients the right to be notified of a security breach. HHS. Secondly, the HITECH Act not only provides a more rigorous enforcement mechanism for HIPAA through the provision of harsher penalties in case of violation, but also establishes financial incentives for healthcare providers to adopt EHRs. National Library of Medicine. Unsurprisingly, the HITECH Act has drastically induced the rise of EHRs from 3.2% usage in 2008 to 95% in 2017. National Library of Medicine.

Nevertheless, an increased EHR adoption rate has also prompted serious privacy and security concerns. EHRs essentially include extremely private information such as the patient’s biographical information, prescription history, immunization record, and laboratory data. National Library of Medicine. Yet as cyberattackers have become more sophisticated with the motive of financial gains, it has become more difficult to prevent them from evading security systems and from accessing patients’ private information. National Library of Medicine. For example, it was reported that cyberattackers breached into the EHR database of Community Health Systems – one of the most highly-regarded healthcare providers in the U.S. – and accessed patients’ social security numbers and credit information. National Library of Medicine. The fact that healthcare providers have increasingly adopted similar third-party operating systems for EHRs has put them more at risk of being infiltrated by malware and viruses. National Library of Medicine. In essence, not only does the rise in EHR adoption put medical organizations at risk of financial harm from unauthorized access to their databases, it also drastically increases the risk of individuals in getting their sensitive information exposed.

Korea

Korea has also quickly followed other developed nations and utilized EHRs to improve the quality of its healthcare. Similar to HIPAA and the HITECH Act, Korea passed the Personal Information Protection Act (PIPA) in 2011 to ensure that the collection, use, and disclosure of personal medical information are protected. JAMA Network. By virtue of PIPA, along with Korea’s cutting-edge 5G network, the EHR adoption rate had increased from 37.2% in 2010 to 58.1% in 2015. International Journal of Medical Informatics. Yet although Korea was indeed one of the first nations to adopt EHRs, it has not shown the same trend when it comes to PHRs. Healthcare Informatics Research.

Amid the COVID-19 pandemic, the Korean government decided to directly tackle the low PHR adoption and introduced the “My Healthway” project – basically a mobile app service that provides individual patients the ability to store their medical record information such as medication records, vaccination history, insurance records, and genetic data on their mobile phones. OECD. On its face, this was an appropriate standardized mechanism to promote PHR use as 80% of Korean healthcare is provided by private parties. National Library of Medicine. Allowing individuals to store medical information on their mobile phones was intended to give them more autonomy over how such data would be used, similar to the goals of the patient portal service mandated by the U.S. EHR systems. Healthcare Informatics Research. However, ever since the amendments to the Contagious Disease Prevention and Control Act (CDPCA) were passed after the MERS outbreak, the government had given certain agencies such as the Korea Center for Disease Control and Prevention (KCDC) the authority to collect and share information such as location data, CCTV footage, prescription records, and card transactions of individuals. JAMA Network. With public agencies like the KCDC having direct access to personal data of infected individuals, this project exposed significant privacy concerns related to PHR accessibility.

In fact, My Healthway was the primary means to enable accurate contact tracing during the COVID-19 pandemic. JAMA Network. For example, citizens were frequently required to show their vaccination records to enter public areas and also received real-time notifications on where infected individuals were, often exposing details about others’ private lives. BBC. Although actual names or addresses of those that contacted the virus were not available, people receiving the alerts were able to make inferences about others’ private matters such as infidelities and affiliation with secret religious cults, leading to widespread public mockery and witch hunting online. BBC. Furthermore, though active news coverage of location data may have contributed to curbing the spread of the pandemic, businesses that were revealed to be settings of mass contact experienced severe financial losses. In other words, adopting a single, unified system of storing PHRs through the My Healthway platform had put both organizations and individuals at serious risk of privacy invasion, and the decision to make such information available to the public exacerbated the problem.JAMA Network.

Conclusion

Considering the potential of EHRs and PHRs to transform the medical industry and produce a more accurate and convenient healthcare system, it is crucial to develop a system that protects patients’ privacy that could allow them to more readily share information. Effective safeguards must be developed to promote this kind of system, and more pre-adoption testing should be emphasized as a trial-and-error type of testing is not appropriate in this setting.


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Revision 4r4 - 27 May 2024 - 14:15:14 - MichaelSun
Revision 3r3 - 22 May 2024 - 20:29:46 - EbenMoglen
Revision 2r2 - 13 May 2024 - 00:43:07 - MichaelSun
Revision 1r1 - 07 May 2024 - 14:13:49 - MichaelSun
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM