Computers, Privacy & the Constitution

Paper Title: Digitalization of Medical Health Records & Its Privacy/Data Security Concerns: U.S. & South Korea

-- By MichaelSun - 07 May 2024

Introduction

Medical institutions around the world have experienced an innovative transformation regarding medical record storage, actively backed by their respective governments to integrate technology into healthcare delivery. Specifically, healthcare systems have aggressively facilitated the use of electronic health records (EHR) and digitized personal health records (PHR) to provide more efficient and consistent care to patients. Some of the biggest benefits that EHRs and PHRs have over paper forms of storing medical data include: lower costs, simultaneous availability, retrievability, portability, and facilitates doctor-patient communication. National Library of Medicine. Despite these advantages, they must be utilized with utmost care as both entail enormous privacy and security concerns that need to be addressed.

United States

The U.S. has been one of the global driving forces in leading the digitalization of medical health records. To facilitate this transition while protecting patient information, the federal government has passed two main laws: the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009.

Firstly, HIPAA is a federal law that aims to ensure that EHRs remain private and secured from third parties. National Library of Medicine. HIPAA has three requirements: a privacy rule that gives patients rights over their PHRs and requires healthcare providers to maintain safeguards to protect the privacy of EHRs, a security rule that sets national standards for such protections, and a breach notification rule that gives patients the right to be notified of a security breach. HHS. Secondly, the HITECH Act not only provides a more rigorous enforcement mechanism for HIPAA through the provision of harsher penalties in case of violation, but also establishes financial incentives for healthcare providers to adopt EHRs. National Library of Medicine. Unsurprisingly, the HITECH Act has drastically induced the rise of EHRs from 3.2% usage in 2008 to 95% in 2017. National Library of Medicine.

Nevertheless, an increased EHR adoption rate has also prompted serious privacy and security concerns. EHRs essentially include extremely private information such as the patient’s biographical information, prescription history, immunization record, and laboratory data. National Library of Medicine. Yet as cyberattackers have become more sophisticated with the motive of financial gains, it has become more difficult to prevent them from evading security systems and from accessing patients’ private information. National Library of Medicine. For example, it was reported that cyberattackers breached into the EHR database of Community Health Systems – one of the most highly-regarded healthcare providers in the U.S. – and accessed patients’ social security numbers and credit information. National Library of Medicine. The fact that healthcare providers have increasingly adopted similar third-party operating systems for EHRs has put them more at risk of being infiltrated by malware and viruses. National Library of Medicine. In essence, not only does the rise in EHR adoption put medical organizations at risk of financial harm from unauthorized access to their databases, it also drastically increases the risk of individuals in getting their sensitive information exposed.

Korea

Korea has also quickly followed other developed nations and utilized EHRs to improve the quality of its healthcare. Similar to HIPAA and the HITECH Act, Korea passed the Personal Information Protection Act (PIPA) in 2011 to ensure that the collection, use, and disclosure of personal medical information are protected. JAMA Network. By virtue of PIPA, along with Korea’s cutting-edge 5G network, the EHR adoption rate had increased from 37.2% in 2010 to 58.1% in 2015. International Journal of Medical Informatics. Yet although Korea was indeed one of the first nations to adopt EHRs, it has not shown the same trend when it comes to PHRs. Healthcare Informatics Research.

Amid the COVID-19 pandemic, the Korean government decided to directly tackle the low PHR adoption and introduced the “My Healthway” project – basically a mobile app service that provides individual patients the ability to store their medical record information such as medication records, vaccination history, insurance records, and genetic data on their mobile phones. OECD. On its face, this was an appropriate standardized mechanism to promote PHR use as 80% of Korean healthcare is provided by private parties. National Library of Medicine. Allowing individuals to store medical information on their mobile phones was intended to give them more autonomy over how such data would be used, similar to the goals of the patient portal service mandated by the U.S. EHR systems. Healthcare Informatics Research. However, ever since the amendments to the Contagious Disease Prevention and Control Act (CDPCA) were passed after the MERS outbreak, the government had given certain agencies such as the Korea Center for Disease Control and Prevention (KCDC) the authority to collect and share information such as location data, CCTV footage, prescription records, and card transactions of individuals. JAMA Network. With public agencies like the KCDC having direct access to personal data of infected individuals, this project exposed significant privacy concerns related to PHR accessibility.

In fact, My Healthway was the primary means to enable accurate contact tracing during the COVID-19 pandemic. JAMA Network. For example, citizens were frequently required to show their vaccination records to enter public areas and also received real-time notifications on where infected individuals were, often exposing details about others’ private lives. BBC. Although actual names or addresses of those that contacted the virus were not available, people receiving the alerts were able to make inferences about others’ private matters such as infidelities and affiliation with secret religious cults, leading to widespread public mockery and witch hunting online. BBC. Furthermore, though active news coverage of location data may have contributed to curbing the spread of the pandemic, businesses that were revealed to be settings of mass contact experienced severe financial losses. In other words, adopting a single, unified system of storing PHRs through the My Healthway platform had put both organizations and individuals at serious risk of privacy invasion, and the decision to make such information available to the public exacerbated the problem.JAMA Network.

These links are useless. You don't anchor the links to the relevant phrases in the text, as we do when writing hypertext, and you repetitively cite to the whole document , as though the reader should reread the entire document each time in order to support your point. You should fix the references so the reader can use them easily and effectively.

Conclusion

Considering the potential of EHRs and PHRs to transform the medical industry and produce a more accurate and convenient healthcare system, it is crucial to develop a system that protects patients’ privacy that could allow them to more readily share information. Effective safeguards must be developed to promote this kind of system, and more pre-adoption testing should be emphasized as a trial-and-error type of testing is not appropriate in this setting.

This draft contains a useful summary of available information. Writing about US EHR's without explaining the proprietary software ecologies for using them, and their deliberate incompatibilities, fails to explain what's important about the technology. You don't say anything about Korean EHR software either, although that's another story of immense inefficiency and corruption. You don't discuss the US Veterans' Administration health care IT system, the free software EHR it uses, and the efforts made by the software companies, the defense contractors, and even the Pentagon itself to hobble adoption of that software.

As your conclusion shows, you haven't yet developed an idea of your own about any of this, except that privacy is important and it should be protected. You discuss HIPAA briefly, but you neither show what is strong about it nor explain difficulties if you have located them. Making the next draft stronger means getting away from the "let me summarize facts about the US and Korea" to present some actual legal ideas. (Who actually cares about Korea outside Korea, and why? Why aren't you writing about health records technology and practices in one or more European societies instead?)


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.

Navigation

Webs Webs

r3 - 22 May 2024 - 20:29:46 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM