Data Conundrum: Ensuring Critical Access While Preserving Privacy
A health care provider that is too intent on protecting personally identifiable patient information could take patient privacy beyond the level that is optimal for patient care. At the Children’s Hospital (Denver, Colorado), however, Chris Goodale, radiology data systems administrator, prevented this problem by limiting access to radiology information, making it available only on a need-to-know basis (and in compliance with all privacy regulations).
Goodale reports that the steps that the Children’s Hospital takes to protect patient information from unauthorized access ensure, at the same time, that individual physicians and caregivers have access to the information that they need to care for their patients.
Creating safe methods for the exchange of patient information is a considerable responsibility; as Goodale explains, under HIPAA, liability has been extended to individual health-care personnel, leaving radiologic technologists and radiologists vulnerable to fines or personal lawsuits.
The portability of digital patient records has greatly benefited patient care, but this ease of transport can create new vulnerabilities at facilities that have not created control mechanisms for email, thumb drives, or CDs. In those places, Goodale says, “From a medicolegal standpoint, a breach would be very expensive.” Fortunately, the data-security methods used at the Children’s Hospital ensure that it is not among the organizations at high risk.Need-to-see ProtocolsTo protect its patients’ privacy while permitting access to records when there is a clinical need, the Children’s Hospital has imposed a strict need-to-see protocol on all patients’ clinical information, Goodale says, and this includes the information created by (and used in) the radiology department. Technologists, record librarians, and nurses are allowed to see only the patient information that they must see to do their jobs. Radiologists have access to complete interpretations, for instance, while others in the department do not. “All of our users have security that is role based,” Goodale says. “They have access to do their jobs—and not more.” The institution’s Synapse® PACS from FUJIFILM Medical Systems USA, Inc (Stamford, Connecticut), offers system administrators this capability. “Regardless of your role in radiology, you should only go into the patient record if it is part of your job to do so,” Goodale says. Referring physicians can’t access the electronic health record (EHR) or the PACS unless they have been cleared and given access codes. Code restrictions prevent referrers from seeing information on any patients other than their own. For some patients (including those with behavioral health problems), an extra layer of security—requiring additional passwords—is put in place, Goodale says. Parents can, on request, see the audit trail for access to their children’s clinical information and other data. EHR access (including access by hospital departments) is automatically tracked. Once each quarter, an IT security risk-management team does an audit to verify that there have been no unusual use patterns or security breaches. “If I pull up a patient’s record, the system audits that I did that. If I go further, it tracks just where I went in that record. If I go to the radiology tab, it will track that as well,” Goodale says. Radiology file room staff document in the EHR any release of radiology information (including to whom it was released), he adds. Parental release forms are scanned into the system as well. All departments interface with the hospital’s risk-management and corporate-compliance departments. Goodale says, “They are always available to us if we need direction. If a parent comes in and wants to know who has touched his or her child’s record, we call IT security personnel; they have a process to get that information and report it back to the parent or guardian.”Workflow PrecautionsWorkers are taught to turn paperwork upside down in the presence of unauthorized people, and even to interrupt phone conversations that can be overheard, Goodale says. Radiologic technologists and other staff members are continually reminded to monitor EHR (and other) sign-in activity. Because the signed-in employee is responsible for any activity, the hospital requires technologists to sign out whenever they are not the active system users, Goodale says. Record librarians must follow strict rules for record release, Goodale adds. Parents or guardians must sign release forms. In addition, their consent must be obtained for data that will be used in research and education, even though all identification that could tie the data to the individual patient is removed before any such use. Goodale reports that the Children’s Hospital is active in teaching and participates in many conferences, so removal of patient ID from data is a frequent activity. Inside the hospital, patients and their parents are given matching ID arm bands, Goodale says, and these are used to verify that it’s allowable to release CDs containing radiology reports and exams to the parents. Secure External AccessWithin the walls of the hospital, Goodale says, clinical information’s security is well controlled. To ensure that data-security standards are maintained outside the institution, the Children’s Hospital has instituted a program in which local pediatric specialty groups are trained and then cleared for rapid access to the hospital’s EHR and PACS, Goodale says. This EHR system, PedsConnect, allows the pediatric groups with the appropriate clearance level to use the hospital’s EHR for their own billing, documentation, and patient records (while heightening their awareness of security protocols). So far, eight pediatric groups are using PedsConnect, Goodale says. “It’s all integrated with the hospital,” Goodale says; with appropriate clearance and access control, the pediatricians have imaging and laboratory results at their fingertips to guide timely patient-care decisions.George Wiley is a contributing writer for RadInformatics.com.
“The burden is on every user, every provider, and every record librarian.”
—Chris Goodale, Children’s Hospital, Denver, Colorado
The portability of digital patient records has greatly benefited patient care, but this ease of transport can create new vulnerabilities at facilities that have not created control mechanisms for email, thumb drives, or CDs. In those places, Goodale says, “From a medicolegal standpoint, a breach would be very expensive.” Fortunately, the data-security methods used at the Children’s Hospital ensure that it is not among the organizations at high risk.Need-to-see ProtocolsTo protect its patients’ privacy while permitting access to records when there is a clinical need, the Children’s Hospital has imposed a strict need-to-see protocol on all patients’ clinical information, Goodale says, and this includes the information created by (and used in) the radiology department. Technologists, record librarians, and nurses are allowed to see only the patient information that they must see to do their jobs. Radiologists have access to complete interpretations, for instance, while others in the department do not. “All of our users have security that is role based,” Goodale says. “They have access to do their jobs—and not more.” The institution’s Synapse® PACS from FUJIFILM Medical Systems USA, Inc (Stamford, Connecticut), offers system administrators this capability. “Regardless of your role in radiology, you should only go into the patient record if it is part of your job to do so,” Goodale says. Referring physicians can’t access the electronic health record (EHR) or the PACS unless they have been cleared and given access codes. Code restrictions prevent referrers from seeing information on any patients other than their own. For some patients (including those with behavioral health problems), an extra layer of security—requiring additional passwords—is put in place, Goodale says. Parents can, on request, see the audit trail for access to their children’s clinical information and other data. EHR access (including access by hospital departments) is automatically tracked. Once each quarter, an IT security risk-management team does an audit to verify that there have been no unusual use patterns or security breaches. “If I pull up a patient’s record, the system audits that I did that. If I go further, it tracks just where I went in that record. If I go to the radiology tab, it will track that as well,” Goodale says. Radiology file room staff document in the EHR any release of radiology information (including to whom it was released), he adds. Parental release forms are scanned into the system as well. All departments interface with the hospital’s risk-management and corporate-compliance departments. Goodale says, “They are always available to us if we need direction. If a parent comes in and wants to know who has touched his or her child’s record, we call IT security personnel; they have a process to get that information and report it back to the parent or guardian.”Workflow PrecautionsWorkers are taught to turn paperwork upside down in the presence of unauthorized people, and even to interrupt phone conversations that can be overheard, Goodale says. Radiologic technologists and other staff members are continually reminded to monitor EHR (and other) sign-in activity. Because the signed-in employee is responsible for any activity, the hospital requires technologists to sign out whenever they are not the active system users, Goodale says. Record librarians must follow strict rules for record release, Goodale adds. Parents or guardians must sign release forms. In addition, their consent must be obtained for data that will be used in research and education, even though all identification that could tie the data to the individual patient is removed before any such use. Goodale reports that the Children’s Hospital is active in teaching and participates in many conferences, so removal of patient ID from data is a frequent activity. Inside the hospital, patients and their parents are given matching ID arm bands, Goodale says, and these are used to verify that it’s allowable to release CDs containing radiology reports and exams to the parents. Secure External AccessWithin the walls of the hospital, Goodale says, clinical information’s security is well controlled. To ensure that data-security standards are maintained outside the institution, the Children’s Hospital has instituted a program in which local pediatric specialty groups are trained and then cleared for rapid access to the hospital’s EHR and PACS, Goodale says. This EHR system, PedsConnect, allows the pediatric groups with the appropriate clearance level to use the hospital’s EHR for their own billing, documentation, and patient records (while heightening their awareness of security protocols). So far, eight pediatric groups are using PedsConnect, Goodale says. “It’s all integrated with the hospital,” Goodale says; with appropriate clearance and access control, the pediatricians have imaging and laboratory results at their fingertips to guide timely patient-care decisions.George Wiley is a contributing writer for RadInformatics.com.