-- By MichaelSun - 07 May 2024
Firstly, HIPAA is a federal law that aims to ensure that EHRs remain secured from third parties, including a breach notification rule that gives patients the right to be notified of a security breach. See "Review" National Library of Medicine. Secondly, the HITECH Act not only provides a more rigorous enforcement mechanism for HIPAA through the provision of harsher penalties in case of violation, but also establishes financial incentives for healthcare providers to adopt EHRs. Ibid. Unsurprisingly, the HITECH Act has drastically induced the rise of EHRs from 3.2% usage in 2008 to 95% in 2017. Ibid.
Nevertheless, an increased EHR adoption rate has also prompted serious privacy and security concerns. EHRs essentially include extremely private information such as the patient’s biographical information, prescription history, immunization record, and laboratory data. Yet as cyberattackers have become more sophisticated with the motive of financial gains, it has become more difficult to prevent them from evading security systems and from accessing patients’ private information. Ibid. For example, it was reported that cyberattackers breached into the EHR database of Community Health Systems – one of the most highly-regarded healthcare providers in the U.S. – and accessed patients’ social security numbers and credit information. Ibid. Another incident involved a medical technician accessing patients’ personal information and selling it for financial gains. See "Security Breaches" National Library of Medicine. The fact that healthcare providers have increasingly adopted similar industry-wide third-party operating systems for EHRs has put them more at risk of being infiltrated by malware and viruses. See "Review" National Library of Medicine.
In fact, operating such vulnerable systems for the supposed benefits such as accuracy and efficiency have also proved to be erroneous. The case of the Veterans’ Administration’s newly-adopted EHR system reveals the tale. Contrary to expectations that entailed modernizing the medical record system, deficiencies in the system contributed to injuries and even deaths to many veterans for reasons such as records disappearing in the system and scheduling errors that prevented patients from receiving appropriate treatment. Politico.
Yet the Korean system has likewise displayed crucial deficiencies. In particular, the degree of information exchange, which involves sending and receiving medical information to other medical professionals and organizations, was found to be very low, with close to 90% of hospitals acknowledging that an information exchange system was not yet available. Ibid.
Furthermore, Korea also has a weak PHR system. During the COVID-19 pandemic, the Korean government aimed to tackle this by introducing “My Healthway” – a mobile app that allows patients to store their medical information such as medication records and vaccination history on their mobile phones. OECD. On its face, this gave individuals more autonomy over how such data would be used. However, the government gave certain agencies such as the Korea Center for Disease Control and Prevention (KCDC) the authority to collect and share extremely private information such as location data, CCTV footage, prescription records, and card transactions of individuals. JAMA Network. In fact, My Healthway was the primary means to enable accurate contact tracing during the COVID-19 pandemic. Individuals were thus required to show their vaccination records to enter public areas and received real-time notifications on where infected individuals were, often exposing details about others’ private lives. BBC. Consequently, people receiving the alerts were able to make inferences about others’ private lives such as infidelities and affiliation with secret religious cults, leading to widespread mockery and witch hunting. Ibid. Businesses that were revealed to be settings of mass contact also experienced severe financial losses.
Although Korea was one of the first nations to adopt EHRs, it has similarly failed to establish a strong system that could prevent the manifestation of serious privacy concerns. Korea’s preeminent 5G network system has not yet synergized with the electronic medical record system, leading to weak information exchange and a lack of a systematic foundation for more efficient healthcare delivery.
Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.