Masking (Electronic Health Record)

Last updated

In Electronic Health Records (EHR's) data masking, or controlled access, [1] is the process of concealing patient health data from certain healthcare providers. Patients have the right to request the masking of their personal information, making it inaccessible to any physician, or a particular physician, unless a specific reason is provided. [2] Data masking is also performed by healthcare agencies to restrict the amount of information that can be accessed by external bodies such as researchers, health insurance agencies and unauthorised individuals. It is a method used to protect patients’ sensitive information so that privacy and confidentiality are less of a concern. Techniques used to alter information within a patient's EHR include data encryption, obfuscation, hashing, exclusion and perturbation. [3]

Contents

Confidentiality

The increased access that transpires from introducing EHR's is seen as a large concern to some patients. [4] Masking information is a technique that contributes to establishing the confidentiality of EHR's, as a large amount of sensitive information is contained within these records. History of health outcomes such as drug/alcohol abuse, sexually transmitted infections or abortion during pregnancy are known to lead to social discrimination and cause social harm to the patient, hence the importance of protecting the content within EHR's. [5] Masking limits the access that internal and external individuals can have to a particular record, increasing the protection of its contents. When patients apply for masking of their EHR, health services must meet their needs and alter the system accordingly so that unauthorised individuals can't gain access. [6]

Patient Masking Requests

To increase security of their EHR's, patients can elect to mask their information by signing a form provided by the health service. It is necessary that health services with EHR software notify and educate their patients of data masking capabilities and the advantages and disadvantages of the process. In submitting a request, patients are given the control to specify the physicians and health service staff members that are provided with consent and the right to access their record. [7] Health services must abide by patient masking requests under the Health Records Act and implement data masking techniques within the EHR technology, otherwise major consequences can result. [8] In addition, audit trails can be implemented by health services to track and identify which individuals have accessed a patient's EHR over a certain time period. [9]

Unmasking

In patient care, authorised users have the ability to override masking and access restrictions under emergency circumstances. If a patient is in a critical health state and treatment is urgently required, physicians are provided with the right to access all required information within the EHR. This mechanism is known as "breaking the glass." Any unmasking of a patient's EHR is audited, and a sufficient reason for access is generally required. [10]

EHR Data Masking Techniques

Masking refers to sets of alterations and changes made to protect information within the confines of Electronic health records. Not only is masking performed at a patient's request, it is a common method used to assist in the conduction of clinical and epidemiological research. It reduces confidentiality and privacy concerns associated with supplying information to external bodies. In general, direct identifiers are removed from the dataset, replaced with random values, changed using the hashing function, or restored with a unique key. [11] Mechanisms as such are expanded on under the following headings.

Encryption

Encryption is often the most complex form of data masking, although it is a relatively safe and secure method. It involves inserting a password or key to grant an individual access to view certain data. Only permitted users are provided with a password and therefore have the capacity to recover sensitive information included within an EHR. When the system requests data masking of an EHR, access is extremely difficult and time-consuming for hackers or unauthorized users, as they do not possess the unique code that will decrypt the data. [12]

Data Obfuscation

Data obfuscation limits the sharing of highly sensitive health information within an Electronic health record by scrambling particular data elements to prevent unauthorized access. The technique doesn't physically mask data; it alters data to avoid detection from external network systems. Data obfuscation is commonly used as it increases anonymity and preserves relationships within a dataset that would often be destroyed in more rigorous forms of masking. [13] Use of methods as such is most evident in interrelated numeric data such as addresses or dates. For example, in research epidemiologists may be interested in accessing highly specific location data to correlate patterns of diseases within particular neighborhoods and cities. However, finding clusters of poor health outcomes don't require knowledge of actual patient addresses, it simply requires relationships between patient addresses. As a result, data extraction for the study may translate addresses into another metric that preserves locations without revealing the actual physical location. [14]

Data Perturbation

In data perturbation alterations are made to either input databases or the query results returned. [15] Data perturbation involves preserving aggregate trends in the original data while removing and modifying the actual data. [16] For example, clinical data can be swapped between EHR's, preserving the existing values in a field but eliminating the specific mapping between fields of a record. Random “noise” can also be added the data, maintaining the statistical properties of a field while randomly altering exact values within a particular EHR. Data perturbation has been hailed as one of the most effective data protection techniques, whilst being relatively simple to implement. [17]

Data Exclusion

Data exclusion involves the removal of specific data elements to restrict them from being accessed. The process involves often removing an EHR entirely from the system (at patient's request) or removing specific sections of a patient's record. This method of masking provides the highest level of confidentiality; however, continuity of care can be significantly affected in some cases. [18] In addition, data exclusion from EHR's is most commonly applied for when external researchers are investigating the nature of patient health outcomes. To protect individual privacy, patient identifiers and demographics such as name, date of birth and address, are removed from the copied EHR's, whilst researchers evaluate clinical information such as diagnoses and performed procedures. The process ensures that patients' sensitive information remains anonymous whilst gains in research can still be made. [19]

Data Hashing

Data hashing involves blocking and de-identifying certain characters within strings of information so that personal information is no longer recognizable to its original form. [20] This method ensures masked information is no longer visually identifiable to unauthorized users. [21] The fact that data hashing alters the data itself means it is only appropriate when applied to data that is not required again in the future. For instance, if a study was conducted to investigate the prevalence of Type 2 Diabetes in Victoria, Australia, researchers would only require demographic information regarding to the state of residence. To protect patient privacy and confidentiality, more specific indicators such as house number, address, suburb and post code would be masked. For example:
No. XXX XXXXX Street, XX XXXX, Victoria, Australia, Post code 31XX.

Reference List

  1. McGuire, Amy L.; Fisher, Rebecca; Cusenza, Paul; Hudson, Kathy; Rothstein, Mark A.; McGraw, Deven; Matteson, Stephen; Glaser, John; Henley, Douglas E. (2013). "Confidentiality, privacy, and security of genetic and genomic test information in electronic health records: points to consider" (PDF). Genetics in Medicine. 10 (7): 495–499. doi: 10.1097/gim.0b013e31817a8aaa . PMID   18580687. S2CID   29833634 . Retrieved 2013-04-14.
  2. "The Implementation of e-Consent in Three Countries: Canada, England and the Netherlands" (PDF). 2013. Retrieved 2013-04-14.
  3. "CFR 42: Preserving EHR Privacy with Data Masking Techniques". 2013. Retrieved 2013-05-01.
  4. "Patient Experiences and Attitudes about Access to a Patient Electronic Health Care Record and Linked Web Messaging". 2013. Retrieved 2013-05-01.
  5. "Authorisation and access control for electronic health record systems". 2013. Retrieved 2013-06-01.
  6. McGuire, Amy L.; Fisher, Rebecca; Cusenza, Paul; Hudson, Kathy; Rothstein, Mark A.; McGraw, Deven; Matteson, Stephen; Glaser, John; Henley, Douglas E. (2013). "Confidentiality, privacy, and security of genetic and genomic test information in electronic health records: points to consider". Genetics in Medicine. 10 (7): 495–499. doi: 10.1097/GIM.0b013e31817a8aaa . PMID   18580687. S2CID   29833634.
  7. "Privacy watchdog wants more awareness on health record accessibility". 2013. Retrieved 2013-06-01.
  8. "Victorian Health Records Act". 2013. Retrieved 2013-06-01.
  9. "Authorisation and access control for electronic health record systems" (PDF). 2013. Retrieved 2013-06-01.
  10. "Alberta Electronic Health Record Regulation Section 5 Framework" (PDF). 2013. Retrieved 2013-06-01.
  11. El Emam, Khaled (2013). "Methods for the De-identification of Electronic Health Records". Genome Medicine. 3 (4): 25. doi: 10.1186/gm239 . PMC   3129641 . PMID   21542889.
  12. "CFR 42: Preserving EHR Privacy with Data Masking Techniques". 2013. Retrieved 2013-05-14.
  13. Krishna, Rajeev; Kelleher, Kelly; Stahlberg, Eric (2013). "Patient Confidentiality in the Research Use of Clinical Medical Databases". American Journal of Public Health. 97 (4): 654–658. doi:10.2105/AJPH.2006.090902. PMC   1829362 . PMID   17329644.
  14. Krishna, Rajeev; Kelleher, Kelly; Stahlberg, Eric (2013). "Patient Confidentiality in the Research Use of Clinical Medical Databases". American Journal of Public Health. 97 (4): 654–658. doi:10.2105/AJPH.2006.090902. PMC   1829362 . PMID   17329644.
  15. Hristidis, Vagelis (2013). Information Discovery on Electronic Health Records. CRC Press. ISBN   9781420090413 . Retrieved 2013-05-14.
  16. Krishna, Rajeev; Kelleher, Kelly; Stahlberg, Eric (2013). "Patient Confidentiality in the Research Use of Clinical Medical Databases". American Journal of Public Health. 97 (4): 654–658. doi:10.2105/AJPH.2006.090902. PMC   1829362 . PMID   17329644.
  17. "Data Perturbation". 2013. Retrieved 2013-05-14.
  18. Krishna, Rajeev; Kelleher, Kelly; Stahlberg, Eric (2013). "Patient Confidentiality in the Research Use of Clinical Medical Databases". American Journal of Public Health. 97 (4): 654–658. doi:10.2105/AJPH.2006.090902. PMC   1829362 . PMID   17329644.
  19. Krishna, Rajeev; Kelleher, Kelly; Stahlberg, Eric (2013). "Patient Confidentiality in the Research Use of Clinical Medical Databases". American Journal of Public Health. 97 (4): 654–658. doi:10.2105/AJPH.2006.090902. PMC   1829362 . PMID   17329644.
  20. "CFR 42: Preserving EHR Privacy with Data Masking Techniques". 2013. Retrieved 2013-05-14.
  21. Krishna, Rajeev; Kelleher, Kelly; Stahlberg, Eric (2013). "Patient Confidentiality in the Research Use of Clinical Medical Databases". American Journal of Public Health. 97 (4): 654–658. doi:10.2105/AJPH.2006.090902. PMC   1829362 . PMID   17329644.

Related Research Articles

<span class="mw-page-title-main">Health informatics</span> Computational approaches to health care

Health informatics is the study and implementation of computer structures and algorithms to improve communication, understanding, and management of medical information. It can be view as branch of engineering and applied science.

Medical privacy, or health privacy, is the practice of maintaining the security and confidentiality of patient records. It involves both the conversational discretion of health care providers and the security of medical records. The terms can also refer to the physical privacy of patients from other patients and providers while in a medical facility, and to modesty in medical settings. Modern concerns include the degree of disclosure to insurance companies, employers, and other third parties. The advent of electronic medical records (EMR) and patient care management systems (PCMS) have raised new concerns about privacy, balanced with efforts to reduce duplication of services and medical errors.

<span class="mw-page-title-main">Medical record</span> Medical term

The terms medical record, health record and medical chart are used somewhat interchangeably to describe the systematic documentation of a single patient's medical history and care across time within one particular health care provider's jurisdiction. A medical record includes a variety of types of "notes" entered over time by healthcare professionals, recording observations and administration of drugs and therapies, orders for the administration of drugs and therapies, test results, X-rays, reports, etc. The maintenance of complete and accurate medical records is a requirement of health care providers and is generally enforced as a licensing or certification prerequisite.

<span class="mw-page-title-main">Electronic health record</span> Digital collection of patient and population electronically stored health information

An electronic health record (EHR) is the systematized collection of patient and population electronically stored health information in a digital format. These records can be shared across different health care settings. Records are shared through network-connected, enterprise-wide information systems or other information networks and exchanges. EHRs may include a range of data, including demographics, medical history, medication and allergies, immunization status, laboratory test results, radiology images, vital signs, personal statistics like age and weight, and billing information.

A clinical decision support system (CDSS) is a health information technology that provides clinicians, staff, patients, and other individuals with knowledge and person-specific information to help health and health care. CDSS encompasses a variety of tools to enhance decision-making in the clinical workflow. These tools include computerized alerts and reminders to care providers and patients, clinical guidelines, condition-specific order sets, focused patient data reports and summaries, documentation templates, diagnostic support, and contextually relevant reference information, among other tools. CDSSs constitute a major topic in artificial intelligence in medicine.

A personal health record (PHR) is a health record where health data and other information related to the care of a patient is maintained by the patient. This stands in contrast to the more widely used electronic medical record, which is operated by institutions and contains data entered by clinicians to support insurance claims. The intention of a PHR is to provide a complete and accurate summary of an individual's medical history which is accessible online. The health data on a PHR might include patient-reported outcome data, lab results, and data from devices such as wireless electronic weighing scales or from a smartphone.

Health technology is defined by the World Health Organization as the "application of organized knowledge and skills in the form of devices, medicines, vaccines, procedures, and systems developed to solve a health problem and improve quality of lives". This includes pharmaceuticals, devices, procedures, and organizational systems used in the healthcare industry, as well as computer-supported information systems. In the United States, these technologies involve standardized physical objects, as well as traditional and designed social means and methods to treat or care for patients.

<span class="mw-page-title-main">Canadian Institute for Health Information</span>

The Canadian Institute for Health Information (CIHI) is an independent, not-for-profit organization that provides essential information on Canada’s health systems and the health of Canadians. CIHI provides comparable and actionable data and information that are used to accelerate improvements in health care, health system performance and population health across Canada.

The Health informatics - Electronic Health Record Communication was the European Standard for an information architecture to communicate Electronic Health Records (EHR) of a patient. The standard was later adopted as ISO 13606 and later replaced with ISO 13606-2 and recently ISO 13606-5:2010.

Protected health information (PHI) under U.S. law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity, and can be linked to a specific individual. This is interpreted rather broadly and includes any part of a patient's medical record or payment history.

VistAWeb is a portal accessible through CPRS, the graphical user interface for the Veterans Health Information Systems and Technology Architecture (VistA), the electronic health record used throughout the United States Department of Veterans Affairs (VA) medical system.

Clinical point of care (POC) is the point in time when clinicians deliver healthcare products and services to patients at the time of care.

The Health Information Technology for Economic and Clinical Health Act, abbreviated the HITECH Act, was enacted under Title XIII of the American Recovery and Reinvestment Act of 2009. Under the HITECH Act, the United States Department of Health and Human Services resolved to spend $25.9 billion to promote and expand the adoption of health information technology. The Washington Post reported the inclusion of "as much as $36.5 billion in spending to create a nationwide network of electronic health records." At the time it was enacted, it was considered "the most important piece of health care legislation to be passed in the last 20 to 30 years" and the "foundation for health care reform."

Digital health is a discipline that includes digital care programs, technologies with health, healthcare, living, and society to enhance the efficiency of healthcare delivery and to make medicine more personalized and precise. It uses information and communication technologies to facilitate understanding of health problems and challenges faced by people receiving medical treatment and social prescribing in more personalised and precise ways. The definitions of digital health and its remits overlap in many ways with those of health and medical informatics.

Electronic health record medical healthcare systems are developing widely. Things are being moved from the manual ways to automation and the patient records and health records are also being recorded electronically. One important aspect of any health record system is to ensure the confidentiality of the patient information because of its importance in the medical field.

Health care analytics is the health care analysis activities that can be undertaken as a result of data collected from four areas within healthcare; claims and cost data, pharmaceutical and research and development (R&D) data, clinical data, and patient behavior and sentiment data (patient behaviors and preferences,. Health care analytics is a growing industry in the United States, expected to grow to more than $31 billion by 2022. The industry focuses on the areas of clinical analysis, financial analysis, supply chain analysis, as well as marketing, fraud and HR analysis.

<span class="mw-page-title-main">Dipak Kalra</span>

Dipak Kalra is President of the European Institute for Health Records and of the European Institute for Innovation through Health Data. He undertakes international research and standards development, and advises on adoption strategies, relating to Electronic Health Records.

Health data is any data "related to health conditions, reproductive outcomes, causes of death, and quality of life" for an individual or population. Health data includes clinical metrics along with environmental, socioeconomic, and behavioral information pertinent to health and wellness. A plurality of health data are collected and used when individuals interact with health care systems. This data, collected by health care providers, typically includes a record of services received, conditions of those services, and clinical outcomes or information concerning those services. Historically, most health data has been sourced from this framework. The advent of eHealth and advances in health information technology, however, have expanded the collection and use of health data—but have also engendered new security, privacy, and ethical concerns. The increasing collection and use of health data by patients is a major component of digital health.

Real world data (RWD) in medicine is data derived from a number of sources that are associated with outcomes in a heterogeneous patient population in real-world settings, including but not limited to electronic health records, health insurance claims and patient surveys. While no universal definition of real world data exists, researchers typically understand RWD as distinct from data sourced from randomized clinical trials.

Federal and state governments, insurance companies and other large medical institutions are heavily promoting the adoption of electronic health records. The US Congress included a formula of both incentives and penalties for EMR/EHR adoption versus continued use of paper records as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the, American Recovery and Reinvestment Act of 2009.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.