How to keep EHR data secure

December 31, 2010 by MassDevice

Dr. John Halamka, chief information officer for Boston's Beth Israel Deaconess Medical Center and dean for technology at Harvard Medical School, explains the technical requirements of keeping medical records secure as more practices and hospitals adopt EHR systems.

Dr. John Halamka

By John D. Halamka, MD

Over the past few years, I've posted many blogs about the importance of transport standards. Once a transport standard is widely adopted, content will seamlessly flow per Metcalfe's law. We already have good content standards from X12, HL7, ASTM, and NCPDP. We already have good vocabulary standards from NLM, Regenstrief, IHTSDO and others. We have the beginnings of transport standards from CAQH, IHE, and W3C. We have the work of the NHIN Direct Project — now called the Direct Project.

After working with Dixie Baker/the Health IT Standards Committee's Privacy and Security Workgroup on the Direct evaluation and after many email conversations with Arien Malec, I can now offer a strawman plan for transport standards.

Based on the implementation guides currently available, the Health IT Standards Committee evaluation found the SMTP/SMIME exchange defined by the Direct Project sufficiently simple, direct, scalable, and secure, but stressed the need to develop implementation guidance that is clear and unambiguous. I've received many emails and blog comments about SMTP/SMIME verses other approaches. I believe I can harmonize everything I've heard into a single path forward.

As with all health information exchange (HIE) efforts, policy has to constrain technology. The policy guidance that the Direct Project was given was as follows:

A "little guy" such as a 2 doctor practice in rural America wants to send content to another 2 doctor practice across town. These small practices should not have to operate servers or have to pay for a complex health information exchange infrastructure. Healthcare Information Services Providers (HISPs) should provide them the means to exchange data as easily as Google provides Gmail or Verizon FIOS provides ISP service. All HISP to HISP communications should be encrypted such that the sending practice and receiving practice can exchange data without any HISP in the middle being able to view the contents of the data exchanged.

In my opinion, for this type of exchange