Apr 5 2010
by: Jenny Applequist, Information Trust Institute
The U.S. health care community has increasingly been adopting the use of electronic medical records and other electronic health information systems, but serious concerns about the security and privacy of those systems have been raised. The U.S. Department of Health and Human Services has just announced an award of $15 million in research funding to the University of Illinois to help put those concerns to rest.
Faculty from the computer science department at the University of Illinois are set to lead a multi-university consortium of researchers who intend to make the technologies involved in electronic health records, health information exchange, and telemedicine trustworthy enough to earn the confidence of doctors and patients. The ultimate goal of the project is to improve patient outcomes while limiting inappropriate access. The project will be based at the Information Trust Institute (ITI) at Illinois.
The research award, entitled “Strategic Healthcare Information Technology Advanced Research Projects on Security (SHARPS),” will result in the creation of the SHARPS Center for Health Information Privacy and Security within ITI, and will support research led by 20 senior researchers at the University of Illinois, the University of California at Berkeley, Carnegie Mellon University, Dartmouth College, Harvard Medical School, Johns Hopkins University, New York University, Northwestern Memorial Hospital, Stanford University, the University of Massachusetts Amherst, the University of Washington, and Vanderbilt University.
The SHARPS program’s lead investigator, computer science professor and ITI researcher Carl A. Gunter, explained the program’s motivation: “It is essential for patients and healthcare providers to have confidence in the information technologies on which modern healthcare is becoming increasingly reliant. SHARPS will address a key range of security and privacy barriers that currently limit the free exchange of data that can improve the quality, convenience, and efficient delivery of care. To accomplish this, SHARPS has assembled an elite multidisciplinary team of healthcare and cyber-security experts that is uniquely capable of carrying out an ambitious strategic program to bring security and privacy in health information technology to a new level of sophistication.”
SHARPS will focus on three health information environments -- electronic health records, health information exchange, and telemedicine -- that are becoming increasingly popular in spite of security concerns with their use.
Electronic health records, although already prevalent in most U.S. hospitals, are subject to risks that paper records are not, such as the physical ease with which a thief can carry away thousands of patients’ records on a USB stick in his pocket. Further, electronic records are vulnerable to Internet-based attacks if they are put online to increase accessibility.
Health information exchange plays a crucial role whenever patients and their healthcare providers are not in the same place -- for example, when a patient seeks emergency care while traveling far from home, or a patient’s primary care physician wishes to consult a specialist who is located at another institution in another state. However, such information exchange is greatly complicated by the fact that providers at different locations may be subject to different laws and institutional policies, and may face different security threat levels. Furthermore, multiple providers may be using different health information systems that are not compatible with each other.
Finally, telemedicine -- technologies that enable individuals to monitor and manage their health in settings outside hospitals -- is already being used to support a broad range of health and wellness goals, such as chronic disease management and independent aging. However, security and privacy risks have been a major barrier to adoption. Networked sensing devices collect sensitive personal information, from physiological data to information on patients’ activities and locations, and networked implanted devices expose patients to new risks, should adversaries find a way to control those devices.
Bruce Schneier, noted author and Chief Security Technology Officer of BT, praised the decision to establish the SHARPS program. “I believe in the SHARPS team. Their work will build technologies to make future health information systems more secure, accurate, and privacy-preserving,” he stated.
John D. Halamka, Chief Information Officer of Harvard Medical School and Beth Israel Deaconess Medical Center, also expressed the view that the SHARPS project is addressing critical problems, and has the expertise to make valuable contributions. “The advancement of security in healthcare information technology is an issue with far-reaching implications warranting immediate attention,” he said. “We need interoperable healthcare to ensure the right care is given to the right patients at the right time, but always protecting privacy. SHARPS has gathered an exceptionally capable team of innovators to tackle this important objective.”