The security of patient data has been, and continues to be, a major problem for the US in achieving its goals for an interoperable healthcare system. According to Kurt Long, CEO of FairWarning technology solutions, the same problem can be found all over the world.
"If you break the market into Scotland, England, Ireland and Wales, we see the same privacy challenges across the board," said Long. "England alone is a fair size."
FairWarning currently works with more than 300 providers found in Canada, the United States and the United Kingdom with some prospective clients in France. By visiting with so many providers in multiple countries, Long said he has encountered similar struggles preventing data breaches. But it's not just the IT side that's sensitive to sending records electronically.
"If we look at this from an HIE point of view, I think the US market is behind," said Long, and "will find that physicians are very sensitive about sending full records electronically. This is non-obvious until you're on the ground; if I'm the physician, I will want to know who exactly will be seeing the health record."
NHS Lothian, a Trust based in Scotland and a client of FairWarning, has just finished implementing a data auditing solution. The solution provides data auditing to detect any data breaches going on at the facility.
The NHS is part of an advanced nationwide healthcare information exchange in Scotland. Officials said the new solution has helped them to discover previously undetected privacy breaches of patient information. Long said that because of the immense amount of data, breaches can happen right under the noses of providers without ever being noticed.
"This [electronic exchange of data] is all relatively new stuff," said Long. "Whatever the case is, not many are auditing robustly and monitoring. EHR vendors, HIEs and provider don't really understand how much data is required."
In reaction to this, Long said FairWarning is putting together a three-part guide to auditing along that include:
- Standardized data definitions;
- Enterprise Security data definitions (available July 8th);
- A guide of best practices for implementation (available in the coming months.)
According to Long, the guides will be free for providers and other industry players to use based on the terms of the open patten.
