EHRs, or Electronic Health Records have been slowly gaining headway in the past 10 years. EHRs have been implemented in European countries, for example Estonia has established a national EHR for every citizen, which is used by 95% of physicians and 47% of the population. Of course, not all rollouts run smoothly or to-budget (I’m looking at you NHS in the UK).
One huge barrier to use and efficiency is the need for automation of records and the ability for patients to access, and contribute to, their own health records electronically. A large part of this, aside from the technological hurdles, is the security aspect: there is a need to ensure privacy of patient data and a duty of care to avoid any lapse in security.
It is well known that in the banking and financial services industry, transactions over the web and through electronic means are at risk of the same security and privacy invasion, and so measure have been taken by commerce and institutions to combat these. In online credit card transactions, measures taken include addition of the CSV number to ensure the person using the card has the card in their possession. By the same token, some institutions require a unique code for each transaction or login using a ‘dongle’ (or ‘fob’ code generator) that uses a seed code form the institution and an algorithm to determine a code generated at a specific date/time which the institution’s website would recognise when entered within a short timeframe. This kind of security has been in effect for several years, but now has been incorporated into a credit card (Currently only available in South Korea) to replace the inherently more less secure CSV.
We should consider the advances made here in the financial services industry and relate that back to how to grant patients access to their own health records in a secure manner.