EXECUTIVE SUMMARY

1  INTRODUCTION

The Growing Use of Information Technology in Health Care

  Changes in the Health Care Delivery System

   Integrated Delivery Systems

    Managed Care

    New Users of Health Information

  The Electronic Medical Record

    Content of Electronic Medical Records

    Advantages of Electronic Medical Records

  Protecting the Privacy and Security of Health Information

    Privacy and Security Concerns

    Addressing Privacy and Security Concerns

  Goals and Limitations of This Report

    Objectives

    What This Report Does Not Do

 Organization of This Report

2  THE PUBLIC POLICY CONTEXT

Federal and State Protections

   Federal Statutes and Regulations

    Limitations of Federal Protections

    State Statutes and Regulations

    Limitations of State Protections

  Nongovernmental Initiatives

    American National Standards Institute

    Computer-based Patient Record Institute

    Joint Commission on Accreditation of Healthcare Organizations

  Improving Public Policy

    Building National Consensus

    Legislative Initiatives

3  PRIVACY AND SECURITY CONCERNS REGARDING ELECTRONIC HEALTH INFORMATION

Concerns Regarding Health Information Held by Individual Organizations

   Scale of the Threat to Health Information Held by Individual Organizations

   General Taxonomy of Organizational Threats

      Factors Accounting for Differences Among Threats

      Levels of Threat to Information in Health Care Organizations

  Countering Organizational Threats

    Developing Appropriate Countermeasures

    Observations on Countering Organizational Threats

Systemic Concerns About Health Information

  Uses and Flows of Health Information

    Alice's Medical Records

    Government Collection of Health Data

  Risks Created by Systemic Flows of Health Information

  Universal Patient Identifiers

  Conclusions Regarding Systemic Concerns

4 TECHNICAL APPROACHES TO PROTECTING ELECTRONIC HEALTH INFORMATION

Observed Technological Practices at Studied Sites

  Authentication

    Authentication Technologies Observed on Site Visits

    Authentication Technologies Not Yet Deployed in Health Care Settings

  Access Controls

    Access Control Technologies Observed on Site Visits

    Access Control Technologies Not Yet Deployed in Health Care Settings

 Audit Trails

    Audit Trail Technologies Observed on Site Visits

    Audit Trail Technologies Not Yet Deployed in Health Care Settings

  Physical Security of Communications, Computer, and Display Systems

  Control of External Communication Links and Access

    Network Control Technologies Observed on Site Visits

    Network Control Technologies Not Yet Deployed in Health Care Settings

Encryption

Software Discipline

    Software Control Technologies Observed on Site Visits

    Software Control Technologies Not Yet Deployed in Health Care Settings

System Backup and Disaster Recovery Procedures

    System Backup Procedures Observed on Site Visits

    System Backup Procedures Not Yet Deployed in Health Care Settings

  System Self-Assessment and Attention to Technological Awareness

  Site Visit Summary

  Key Issues in Using Technology to Protect Health Information

    Patient Identifiers and Techniques for Linking Records

    Control of Secondary Users of Health Care Information

  Obstacles to Use of Security Technology

    Difficulty of Building Useful Electronic Medical Records

    Lack of Market Demand for Security Technology

    Organizational Systems Accumulate-They Are Not Designed

    Cryptography-based Tools Are Still Out of Reach

    Effective Public-key Management Infrastructures Are Essential but Still Nonexistent

    Helpful Technologies Are Hard to Buy and Use

    Education and Demystifying Issues of Distributed Computing and Security

5  ORGANIZATIONAL APPROACHES TO PROTECTING ELECTRONIC HEALTH INFORMATION

Formal Policies

  Policies Regarding Information Uses and Flows

    Security Policies

    Confidentiality Policies

    Policies to Protect Sensitive Information

    Policies on Research Uses of Health Information

    Policies Guiding Release of Information

  Patient-centered Policies

    Patient Bill of Rights

    Authorization Forms

    Access to Records and Audit Logs

  Organizational Structures

    Policy Development Process

    Structures for Implementing Policy

    Structures for Granting Access Privileges

  Education and Training

    Training Programs

    Nonformal Training

    Educational Tools

    User Confidentiality Agreements

  Sanctions for Breaches of Confidentiality

  Improving Organizational Management: Closing the Gap Between Theory and Practice

  Implementing an Integrated Security and Confidentiality Management Model

  Overcoming Obstacles to Effective Organizational Practices

    Lack of Public or External Incentives

    Resource Constraints

    Competing Demands

    Lack of Focus on Information Technology

    Cultural Constraints

6  FINDINGS AND RECOMMENDATIONS

  Findings and Conclusions

 Recommendations

    Improving Privacy and Security Practices

    Technical Practices and Procedures for Immediate Implementation

    Organizational Practices for Immediate Implementation

    Security Practices for Future Implementation

  Creating an Industry-wide Security Infrastructure

  Addressing Systemic Issues Related to Privacy and Security

  Developing Patient Identifiers

  Meeting Future Technological Needs

    Technologies Relevant to the Computer Security Community as a Whole

    Technologies Specific to Health Care

    Testbeds for Privacy and Security

  Concluding Remarks

BIBLIOGRAPHY

APPENDIXES

A   Study Committee's Site Visit Guide

B  Individuals Who Briefed the Study Committee

C  National Library of Medicine Awards to Develop Health Care Applications of the National Information Infrastructure

D  Sections of the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191) Related to the Privacy and Security of Electronic Health Information

E   Committee Biographies

INDEX