So many accounts, so many passwords… EHR data needs to be secure but what is poor grandma to do?
In today’s world, every one of us is fraught with a multitude of user accounts for access to our data for daily lives. With every account from banking, credit cards, Facebook, Twitter, email, and more, all requiring different credentials and passwords for access, even the most technology savvy user is challenged to remember the access credentials and at the same time utilize passwords that are complex enough to keep the appropriate level of security. Unfortunately, that leaves a large majority of people who are not technology savvy with the task of wrangling with the account access quagmire and they will most often create very simplistic passwords that are repeated across all those accounts because that is all that they can remember.
The challenge of making sensitive information freely available to those that own it or should have access to it while securing it “for their eyes only” is not a new issue and in fact has long been a challenge in the IT world and it will only get worse. As the requirement for access to data spread across a vast multiplicity of vendors and systems continues to permeate into every part of our lives, uneducated users are tasked with the challenge of how to keep their data secured properly so that they do not fall victim to malicious security attacks. My mind runs wild with concern about how organized crime is currently and will forever exploit the use of our data in surprising ways.
Healthcare reform is dictating the requirement for new and innovative ways to deliver healthcare services and to allow physicians and their patients to interact. This is all a beautiful vision and absolutely necessary in order to transcend beyond the traditional approaches in healthcare that are primarily focused on treating the sick rather than more focus on preventing sickness. True reform is absolutely necessary to improve the quality of care while working towards the equally important goal of reducing healthcare costs and the only way to reach these goals will be to introduce innovative technology solutions that will allow patients and physicians to leverage new applications and methods of accessing data and communication that facility a new and wonderful world of healthcare. But how will those who manage healthcare information technology make these new applications and interfaces easy to use for those who are not technology savvy and not aware of the dangers and risks of failing to secure their data properly?
Let’s fast forward to a world where we are probably headed whether we like it or not. In this vision of the future, physicians will work with many of their patients through virtual interactions and possibly using a network of care that may require prescribing medical care significantly different than how things are done today. With a new and much needed push towards proactive medicine versus reactive medicine, the healthcare system has come up with new ways to incentivize physicians to help their patients with a more proactive plan for maintaining their health. Through use of wearable technology medical devices, prescribed physical trainers and dieticians and other services, physicians may be highly motivated by financial incentives to keep their patients healthy rather than to get them healthy after they have become ill. The future reality may even look so different that doctors make the majority of their income on keeping their patients healthy rather than helping them to get healthy much like today’s reality is. As much as this world appears very bright, there may be a very dark and sinister cloud lurking and waiting to take advantage of this “reformed” approach to medicine. Possibly things have advanced to the point that some physicians and healthcare organizations have figured out how to exploit the system by buying information that helps them filter out the individuals that are less healthy so that they can maintain a list of patients that are more healthy and profitable. Certainly the future world is unpredictable but one thing that can be guaranteed is that there will always be some criminal element working to exploit the use of someone else’s personal sensitive data. This will most certainly be ever more problematic with users that cannot remember or keep track of multiple user accounts and multiple passwords and are also not educated to understand the best ways to keep their data and personal sensitive information secure
As the government works to enforce benchmark milestones for healthcare reform, we in healthcare IT management are already “behind the eight ball” when it comes to creating solutions that are user friendly for patients yet keep them securely protected from their own ignorance waiting to be exploited by the ever lurking evil predators. We must identify new solutions that would help individuals to keep their data secured beyond their EHR with newly developed access protocols that could work across all systems including banking and financial systems, social media, communication tools, and beyond. Instead of forcing grandma to keep track of so many accounts, (all of which she has secured by using the name of her dog) there should be new solutions that allow her to make use of a single account that works across multiple systems with a high complex password. It goes without saying the requirement for education that would play a large role to help her to use technology and security properly to make sure she stays protected. We must reach beyond the limits we have now to consumers and incorporate other authentication technology that exists today and maybe some that has not been created yet. Government, banking, healthcare, and technology industries will have to come together to develop better solutions to help users to manage and keep their data accessible yet secure in a way that all will be able to benefit including the technology challenged individuals.