Materia Medica Malaysiana

Lack of privacy may be a project-killer

IMPLEMENTING a hospital information system (HIS) means facing a host of problems, but while most can be resolved, the potential project-killer could be a lack of data privacy.

“Poor project management, miscommunication with the system’s endusers, and software and technologies not meeting requirements – all these occur more frequently but can be easily remedied,” said Dr Chow Yuen Ho, director of Singapore General Hospital’s Department of Medical Informatics.

“Not honouring patient confidentiality and security, and a failure to plan for real returns on the software and technologies purchased – these rarely happen but can potentially sink a project if they do,” he told the eHealth Asia 2004 event in Kuala Lumpur last week.

Integrating hospital information systems would lead to the ability to electronically transfer patient records and information between hospitals, clinics and doctors.

However, some countries have laws which prevent the transfer of certain highly-confidential information about the patient.

“For instance, Singapore’s privacy protection laws forbid hospitals from including confidential details like a patient’s past record of sexual assault, psychiatric illnesses, AIDS and so on, in medical records transferred between hospitals and clinics,” said Dr Chow.

Thus patients have the discretion to reveal or not reveal these details when their medical records are transferred.

Malaysia’s proposed, and much-delayed, Data Protection Act is supposed to provide similar protection.

Hospitals also have a fiduciary duty to protect patient records from unauthorised access by hackers and others.

“One approach is to block illegitimate access altogether, but by doing so hospitals risk also blocking legitimate requests for information, thus compromising the care provided by other doctors,” said Dr Chow.

Another, more viable way would be to audit and regulate access, and block it if illegitimate intrusion is detected.

“Signs to look out for are frequent attempts to access records of particular people like celebrities or important persons, concurrent access to records from different places, or access to dormant records – especially when the patient isn’t admitted to the hospital at the time,” he added.

These “soft” security measures include passwords, security tokens, smartcards or biometrics to ensure non-repudiation, punitive legislation, professional codes of conduct and hospital policy.

Look beyond savings

Hospitals must also look beyond cost-savings when planning for real returns on their technology investment, yet remain focused on their main goal of delivering adequate patient care while realising positive benefits from their investments.

“Hospitals should only buy items and features they actually need, instead of paying for bells and whistles which they don’t,” said Dr Chow.

“For instance, simply paying for a Snomed (systemised nomenclature of medicine) dictionary of standard clinical terms brings no returns in itself, but integrating it into an HIS could lead to greater efficiency, features like data mining, and better research and surveillance.

“Building a decision support system from Snomed could also lead to better clinical safety and results,” he added.

Snomed standardises medical terms internationally to avoid any confusion.

“For instance, when a patient is having a heart attack, some doctors will call it a ‘heart attack,’ others will say ‘heart failure,’ others a ‘myocardial infarction’ and others an ‘acute myocardial infarction’ (AMI).

“Snomed standardises on the acronym ‘AMI’ which gives computers a standard term to search for and arrive at intelligent decisions,” said Dr Chow.

The electronic medical records system in Singapore went live in October, 2002, across a cluster of three acute care hospitals, four national speciality centres and eight clinics with standardised clinical documentation.

Now 95% of prescriptions at Singapore General Hospital are issued electronically.

“The end result for Singapore General Hospital was an electronic system which is accurate, with fast access to records and a more secure electronic system than the former paper-based system,” said Dr Chow.