Computers, Privacy & the Constitution

Digitalization of Medical Health Records & Its Privacy/Data Security Concerns: U.S. & South Korea

-- By MichaelSun - 07 May 2024

Introduction

Medical institutions have experienced an innovative transformation regarding medical record storage, backed by their governments to integrate technology into healthcare delivery. Specifically, electronic health records (EHRs) and digitized personal health records (PHRs) have aimed to provide more efficient care to patients. Some of the purported benefits include: lower costs, simultaneous availability, retrievability, portability, and improved doctor-patient communication. See "Abstract" National Library of Medicine. Nevertheless, a trial-and-error method of testing whether such technologies are secure enough for adoption has not been successful, and the entailing privacy and information security concerns outweigh the benefits.

United States

The U.S. has been one of the global driving forces in leading the digitalization of medical health records. To facilitate this transition, the federal government has passed two main laws: the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009.

Firstly, HIPAA is a federal law that aims to ensure that EHRs remain secured from third parties, including a breach notification rule that gives patients the right to be notified of a security breach. See "Review" National Library of Medicine. Secondly, the HITECH Act not only provides a more rigorous enforcement mechanism for HIPAA through the provision of harsher penalties in case of violation, but also establishes financial incentives for healthcare providers to adopt EHRs. Ibid. Unsurprisingly, the HITECH Act has drastically induced the rise of EHRs from 3.2% usage in 2008 to 95% in 2017. Ibid.

Nevertheless, an increased EHR adoption rate has also prompted serious privacy and security concerns. EHRs essentially include extremely private information such as the patient’s biographical information, prescription history, immunization record, and laboratory data. Yet as cyberattackers have become more sophisticated with the motive of financial gains, it has become more difficult to prevent them from evading security systems and from accessing patients’ private information. Ibid. For example, it was reported that cyberattackers breached into the EHR database of Community Health Systems – one of the most highly-regarded healthcare providers in the U.S. – and accessed patients’ social security numbers and credit information. Ibid. Another incident involved a medical technician accessing patients’ personal information and selling it for financial gains. See "Security Breaches" National Library of Medicine. The fact that healthcare providers have increasingly adopted similar industry-wide third-party operating systems for EHRs has put them more at risk of being infiltrated by malware and viruses. See "Review" National Library of Medicine.

In fact, operating such vulnerable systems for the supposed benefits such as accuracy and efficiency have also proved to be erroneous. The case of the Veterans’ Administration’s newly-adopted EHR system reveals the tale. Contrary to expectations that entailed modernizing the medical record system, deficiencies in the system contributed to injuries and even deaths to many veterans for reasons such as records disappearing in the system and scheduling errors that prevented patients from receiving appropriate treatment. Politico.

Korea

Korea has also quickly followed suit and adopted EHRs to improve healthcare quality, passing the Personal Information Protection Act (PIPA) in 2011 to ensure that the collection, use, and disclosure of personal medical information are protected. JAMA Network. By virtue of PIPA, along with Korea’s cutting-edge 5G network, the EHR adoption rate had reached 97.3% in 2017, contributing to the widespread use of EHRs for tasks like medication prescription. See "EMR Adoption Status" National Library of Medicine.

Yet the Korean system has likewise displayed crucial deficiencies. In particular, the degree of information exchange, which involves sending and receiving medical information to other medical professionals and organizations, was found to be very low, with close to 90% of hospitals acknowledging that an information exchange system was not yet available. Ibid.

Furthermore, Korea also has a weak PHR system. During the COVID-19 pandemic, the Korean government aimed to tackle this by introducing “My Healthway” – a mobile app that allows patients to store their medical information such as medication records and vaccination history on their mobile phones. OECD. On its face, this gave individuals more autonomy over how such data would be used. However, the government gave certain agencies such as the Korea Center for Disease Control and Prevention (KCDC) the authority to collect and share extremely private information such as location data, CCTV footage, prescription records, and card transactions of individuals. JAMA Network. In fact, My Healthway was the primary means to enable accurate contact tracing during the COVID-19 pandemic. Individuals were thus required to show their vaccination records to enter public areas and received real-time notifications on where infected individuals were, often exposing details about others’ private lives. BBC. Consequently, people receiving the alerts were able to make inferences about others’ private lives such as infidelities and affiliation with secret religious cults, leading to widespread mockery and witch hunting. Ibid. Businesses that were revealed to be settings of mass contact also experienced severe financial losses.

Although Korea was one of the first nations to adopt EHRs, it has similarly failed to establish a strong system that could prevent the manifestation of serious privacy concerns. Korea’s preeminent 5G network system has not yet synergized with the electronic medical record system, leading to weak information exchange and a lack of a systematic foundation for more efficient healthcare delivery.

Conclusion

Considering the potential of EHRs and PHRs to produce a more accurate and convenient healthcare system, the adoption of such technologies seems inevitable. However, systems around the world have currently taken a trial-and-error approach where they have introduced these systems without sufficient pre-adoption testing to prevent inaccurate medical services and significant privacy and security breaches. As of now, such concerns outweigh the benefits, and more rigorous testing and research on potential solutions such as complete encryption and open source systems are needed.


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.

Navigation

Webs Webs

r4 - 27 May 2024 - 14:15:14 - MichaelSun
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM