Public comments show importance of security during push for interoperability

While electronic health records have proven to enhance providers' patient outcomes and care quality, as more health professionals continue to adopt these systems the health care industry has been working to make health IT more interoperable. The ability for patients and doctors to easily communicate and transfer essential heath information securely when necessary is crucial to improving the sector overall. 

Greater interoperability cannot be achieved without security
Everyone from medical providers to federal agency officials has started to discuss how health information exchange could benefit the entire health care industry. Interoperability has become a major feature of EHR systems that providers are looking for when investing in new health IT. 

Currently, one of the most challenging aspects of implementing successful patient care is the inability for patients and their doctors to communicate outside of a face-to-face appointment. However, there are high-quality EHR vendors that sell systems designed to allow patients to view their health data and providers to transfer this data to other doctors when necessary.

The Office of the National Coordinator for Health IT has been encouraging enhanced interoperability for years now. The organization recently released the public comments that many providers left in response to its nationwide interoperability roadmap. 

Some respondents agreed that the roadmap would not end up benefiting the industry, as it proposes to repeal federal law that currently permits state legislatures to implement medical privacy laws for patients. Many see this as a problem, as it ultimately means that the roadmap treats personal patient data like public information.

These and similar comments highlight the fact that while many experts see improved interoperability as a major plus for the health care sector, the topic is still controversial. To ease the concerns of health professionals throughout the nation, it is crucial that patient privacy and security take center stage as the industry pushes for better interoperability. 

"Another area where attention is lacking is how to address the growing privacy and security risks related to EHRs and other technology," the American Medical Association stated in a letter to the Centers for Medicare and Medicaid Services and the ONC. "Between 2010-2013 there were almost 1,000 significant data breaches affecting 29 million patients, two-thirds of which involved electronic data. Moving to an electronic environment has greatly increased the probability of cybersecurity threats and breaches of patient data. Already, we have seen major institutions experience large data breaches that affect thousands of patients, as well as new cyber-attacks that cause EHRs to go dark literally for days."

Will stage 3 MU standards inhibit interoperability?
The AMA is concerned with the CMS's new stage 3 meaningful use standards, which look as though they may be too complex and ambitious for providers to adhere to without hitting major speed bumps. These MU requirements have also shown signs that they could inhibit the progression of EHR interoperability. This would cause problems for practices working to improve patient care and population health management efforts.

"Rather than address these concerns, the proposed rule tries to highlight the numerous technology advancements that can be used and added to EHRs," the AMA continued in its letter. "It, however, fails to address how this may increase the risk for privacy and security problems. Before expanding the program to include additional technology and other requirements, we believe that the immediate need for greater protection of patient information must first be addressed."

To reduce these security risks, it is important that providers and hospitals are seeking out EHR systems that make privacy and security a priority. Poor-quality EHRs can put practices and their patients at risk as the health care sector continues to work toward advancing interoperability.