Jothi EMR Chapter2 LiteratureReview 07072009 MC

7/25/2019 Jothi EMR Chapter2 LiteratureReview 07072009 MC

1/46

Chapter 2: Literature Review


2/46

22

2.1 INTRODUCTION

The huge growth of information in the medical environment deemed the necessity of an

information system. Both clinical and related medical information that managed by these

programs, are commonly referred as the Electronic Medical Record (EMR). The

implementation of the EMR promises significant advances in patient care because such

program enhances readability, availability, and data quality.

EMR are readily accessible, increases the standardization for seamless use where and when

required and greatly reduces the likelihood of error in either entry or interpretation of

medical information (Asefzadeh, 2005). Having a patients medical and contact

information readily available can be potentially life-saving during critical medical events

such as severe allergic reactions or heart attacks. Moreover, by reducing errors and saving

time, EMR may therefore help reduce the large number of deaths attributed to medical

errors.

Enhanced availability of health information in an electronic format is strategic for industry-

wide efforts to improve the quality and reduce the cost of healthcare. However, it brings a

concomitant concern of greater risk for loss of privacy among healthcare participants. Due

to the level of security provided for data storage, integrated circuit (IC) cards or commonly

known as Smartcard seem to offer a new perspective for healthcare applications. Medical

applications of smartcards can be used for storing information including personal data,

insurance policies, emergency medical information, allergies, hospital admission data and


3/46

23

recent medical records. Numerous national hospitals in the United States, Europe (France

and Germany) and even in Asia (Hong Kong) have already started implementing the

healthcare card solution. (Samuel, 1998)

Literature study of this research starts by critically analyzing the various definitions of

EMR. To understand the contribution of EMR in the medical world, its strengths and

weaknesses will be analyzed in detail. Next, a study on the adoption of the EMR program

will be presented to identify the acceptability of the program by the various stakeholders in

the healthcare environment. The second part of the study will focus on the smartcard

technology and its application in the healthcare systems. A detailed critical analysis study

will be done on the architecture, features and applicability of the smartcard technology in

ensuring the security of health data. Finally, current studies by other researchers in the

healthcare smartcard area also analyzed to distinguish with the study undertaken in this

research.

2.2 DEFINITION AND TERMINOLOGIES

In recent years, clinical and related medical information is increasingly managed by

information systems as so-called the electronic medical record (EMR). However, a

common definition of the term "electronic medical record" has not yet been established,

causing problems in business transactions as well. (JAMI, 2003) To date there are

approximately 13 sets of terminologies and definition for EMR. In the recent years, the

terms Electronic Medical Records (EMR), Electronic Health Records (EHR) and Patient


4/46

24

Health Records (PHR) have gained popularity. Most of these terms have arisen mainly

from vendors marketing efforts to claim mind share over what EMR should actually be

called. The Google search trend data indicates an increased usage of EHR, but EMR

remains more prevalent. The same is true when we look at the usage of terminology by

other software vendors (Neal, 2006).

The following chart shows the distribution and the popularity of terminologies used in

medical software:

Figure 2.1 Popularity of Terminologies used in Medical SoftwareSource: Software Advice, (2006)

The next section will discuss the definitions of these terms to further understand the

differences and the similarities of these acronyms. However, this research will use the


5/46

25

definition provided recently by the US National Alliance for Health Information

Technology (NAHIT).

2.3 AN ANALYSIS ON MEDICAL RECORD TERMINOLOGIES

Many terminologies such as Electronic Medical Record, Electronic Health Record and

Electronic Patient Health Record are in use in medical informatics to refer to a digitalized

patient health data. Although these terminologies share some common attributes, the

distinctions between their definitions, contents, sources and storage medium are significant

and the nature of implementation is differs from one system to another.

2.3.1 THE ELECTRONIC MEDICAL RECORD (EMR)

Many researches in the information technology (IT) field have presented the definition of

EMR according to the nature and its field of application. In reference to the Japan

Association of Medical Informatics (JAMI) publication; a common definition of the term

"electronic medical record" has not yet been established, causing problems in business

transactions. To present a meaningful opinion under the present circumstances, we should

primarily evaluate the current situation, since various functions expected of the EMR and

its current achievements need to be taken into consideration (JAMI, 2003).

This paper highlights the fact that EMR is best defined after evaluating the functionality

and application of EMR in medical informatics. JAMI examined the necessity and the

functions of the EMR and defined EMR inline with its function whereby the main function


6/46

26

of the EMR is to store patients' medical information such as clinical findings and

examination results. Meanwhile Pat Wise at Healthcare Information and Management

Systems Society, said that EMRs are what currently exist in most practices that have

adopted electronic record, but that EHRs are what the nation aspires to and what

President Bush calls for. An electronic medical record is owned by the organization,

practice or corporation that you received your healthcare from - be it St. Elsewhere,

County-Municipal, or Doc Smith" Wise explained. "When you're discharged from St.

Elsewhere, you know they don't hit the 'delete' button and wipe out everything. And while

that information is theirs to own, it's also expected that it's theirs to protect, she said.

Another common definition is an electronic medical record is a patient medical record that

is computer based. It was founded to make patients data available by clinical staff easily at

any location. A patients record contains any allergic and drug reactions (Clinfowiki,

2005). At this point, very few hospitals have EMR solutions that can effectively reduce

medical errors or improve the quality and efficiency of patient care.

2.3.1.1 Contents of EMR

In many implementations, EMRs represent an attempt to translate information from paper-

based records into a computerized format. Over time, it is anticipated that the content of

EMR will expand beyond that, from a mere digitized record to including x-rays and videos

of telemedicine sessions. At the present time, EMRs includes patients histories, family

histories, risk factors, findings from physical examinations, vital signs, test results, known

allergies, immunizations, health problems and responses to therapy.


7/46

27

2.3.1.2 Sources of EMR

There are two primary categories of the EMR; the born-digital record and the

scanned/imaged record. The born-digital record, which is information captured in a

native electronic format originally, is information that may be entered into a database,

transcribed from an electronic tablet or notebook PC, or in some other manner captured

from its inception electronically. The information is then transferred to a server or other

host environment, where it is stored electronically. The second category is records

originally produced in a paper or other hardcopy form (x-ray film, photographs, etc.) that

have been scanned or imaged and converted to a digital form. These records are best

described as "digital format records", as their content is not able to be modified or altered

(with the exception of the use of third party software to make "overlay notations") as

electronic records are (ClinfoWiki, 2005). Figure 2.2 illustrates the different sources of

EMR.

Figure 2.2 Sources of EMRSource: The Norwegian University of Technology and Science


8/46

28

There are many ways of defining an EMR. According to the findings above, EMR is

simply defined as digital medical records or clinical records and EMR based systems are

applications designed to manipulate these records according to the implementation

environment.

EMR: The electronic record of health-related information on an individual that is

created, gathered, managed, and consulted by licensed clinicians and staff from a single

organization who are involved in the individuals health and care.

2.3.2 THE ELECTRONIC HEALTH RECORD (EHR)

Many in the healthcare industry including the Malaysian government and the press use the

terms Electronic Medical Record (EMR) and Electronic Health Record (EHR)

interchangeably. However, these terms describe completely different concepts, both of

which are crucial to the success of local, regional, and national goals to improve patient

safety, improve the quality, efficiency of patient care, and reduce healthcare delivery costs.

The EMR is the legal record created in hospitals and ambulatory environments that is the

source of data for the EHR. The EHR represents the ability to easily share medical

information among stakeholders and to have patients information follow him or her

through the various modalities of care engaged by that individual (Garets and Davis, 2006).

EHR are a more complex version of an EMR and fundamentally depending on the

interoperability or communication among and between multiple healthcare stakeholders.


9/46

29

An EHR is a linking system rather than an independent database, and is more of a process

than a product. An integrated EHR will link to separate sources detailing medical history

and images, laboratory results and drug allergies.

EHR: The aggregate electronic record of health-related information on an individual

that is created and gathered cumulatively across more than one healthcare organization

and is managed and consulted by licensed clinicians and staff involved in the

individuals health and care.

2.3.3 THE ELECTRONIC PERSONAL HEALTH RECORD (ePHR)

The Electronic Personal Health Record (ePHR) contains medical information and it is

owned by the patient. Information contained in the ePHR may have been created by any

number of sources including the patient, a lab, a physicians practice, a hospital or an

insurance company (Hartley and Jones, 2005).

Unlike EMRs kept by some doctors, healthcare facilities and insurance companies, the

contents of an ePHR are determined by the patient and stored in the manner he or she

wishes. They may be stored on a local computer, a thumb drive (small personal hard drive),

or through an online service.

Generally, patients begin by typing the basic information such as blood type, family history

into their records. If they have kept paper copies of records obtained from their doctors,

then they may scan those records and save them as word processor or PDF files.


10/46

30

2.3.3.1 Contents of ePHR

Patients may choose to keep only emergency information for easy retrieval, or may decide

to keep a complete record of all their doctor visits, prescriptions, hospitalizations, medical

tests, and insurance information. Some patients do this so that family members have a more

detailed record, should it be needed.

2.3.3.2 Storage of ePHR

American Health Information Management Association (AHIMA) website states there are

three forms of ePHR technologies from which a patient might choose to record their health

information:

Local computer harddrive

Removable USB Drives

Online Subscription Services (Free/Paid)

ePHR: An electronic, cumulative record of health-related information on an individual,

drawn from multiple sources, that is created, gathered, and managed by the individual.

The integrity of the data in the ePHR and control of access to that data is the

responsibility of the individual.

2.3.4 CO-RELATION BETWEEN AN EMR, EHR AND ePHR

EMR, EHR and ePHR are all managed by computers; meaning they are retrieved and

updated using computer hardware and software. Both EMR and EHR are very similar in

nature and are updated by the care providers. The vast difference between them is that they


11/46

31

relate to the owner of the record, to seemingly give the patient more control over the

management of their own healthcare. Meanwhile, Electronic Personal Health Record

(ePHR) is making its way through the market as a potential alternative to EMR and EHR

with the patient being the owner and managing the control access to the record. All health

information records, contains very personal and private information. Therefore they are

subject to a numerous of ethical and legal issues such as the third-party access level,

appropriate storage and disposal methods and the privacy and security measures needed to

protect every patients right to privacy.

ePHR gives the patient more control over the tracking of their medical care, the sharing of

their medical information and the ability to populate the record with pertinent information

that a new doctor may otherwise not be aware because the patient failed to disclose the

information. However, the ability given to both the patient and the payers to edit and

modify health records raises the question of integrity of the data.

EMR program are owned by the healthcare organization. They contain the full record of all

medically related information about a patient including billing and procedure data from all

instances of care provision. On the other hand, the EHR contains just the health information

and is usually controlled by the care providers. The PHR is owned by the patient and

possibly the payer, depending on which way the market decides to turn (Clark, 2008).

However, according to the Medical Records Institute, five levels of an Electronic

HealthCare Record (EHCR) can be distinguished:


12/46

32

The Automated Medical Record is a paper-based record with some computer-

generated documents.

The Computerized Medical Record (CMR) makes the documents of level 1

electronically available.

The Electronic Medical Record (EMR) restructures and optimizes the documents of

the previous levels ensuring inter-operability of all documentation systems.

The Electronic Patient Record (EPR) is a patient-centered record with information

from multiple institutions.

The Electronic Health Record (EHR) adds general health-related information to the

EPR that is not necessarily related to a disease.

Table 2.1 outlines the significant differences between an EMR and EHR.

Table 2.1 EMR and EHR Comparison (Garets and Davis, 2006)

Electronic Medical Record (EMR) Electronic Health Record (EHR)

Is the legal record of a Care DeliveryOrganization (CDO)

A subset of information from the variousCDOs where patient has had treatments or

consultations

Record is owned by the CDO Record is owned by the patient or any other

stakeholders

These systems are being sold by the

enterprise vendors and installed by

hospitals, health systems, clinics, etc.

These systems are installed amongst a group

of organization under the Regional Health

Information Organization (RHIO) be itcommunity, state, or regional emergence

today or even nationwide in the future

The system allows patient accessing to someresults information through a portal but it is

not interactive

The system provides interactive access forpatients as well as the ability for the patient

to append information.


13/46

33

2.4 CAPABILITIES OF EMR

Capabilities of EMR can be evaluated based on its advantages and disadvantages to the

healthcare industry.

2.4.1 Advantages of EMR

The primary benefit of using electronic records is the ability to manage the access for

authorized and authenticated users. EMR allow providers to access health information from

various locations and to share that information more easily with other potential users.

Multiple users may access the information simultaneously. Ease of access to this

information should reduce adverse outcomes, such as missed diagnoses, unnecessary

repetition of dangerous procedures, unintended drug interactions, or use of contraindicated

treatments. The added value of a complete and up-to-date medical record made

immediately available to medical caregivers seems undeniable.

Benefits of a real time, centralized, paperless record include reducing the need for costly

reproductions of laboratory findings and diagnostic reports which in many healthcare

facilities are still being typed, copied, and physically carried to the hospital floor, clinic

office, or medical records room to be placed in the patients chart. Loss of reports or delays

of hours and, in some cases, days, are common until this information reaches the chart and

the providers who must integrate it into a meaningful mosaic in order to provide

appropriate care.


14/46

34

What once required multiple steps of retrieving the chart ,searching for missing or misfiled

data, transcribing orders, filling out multiple lab diagnostic test, and pharmacy requisitions,

or writing progress notes hours after having actually examined the patient are now all

completed immediately and routed to their appropriate destinations with far fewer errors of

transcription, loss of information or patient misidentification. Moreover, charting is

completed and orders are dispatched, therefore when the doctor wants to explain something

to the patient and family, he or she simply touches an interactive icon on the monitor screen

to switch to multimedia mode, where videotapes of operative and treatment procedures or a

replay of the patient's actual diagnostic test done earlier in the day can be displayed as

per the physicians instructions or information.

With electronic record keeping systems, data can be collected to facilitate care co-

ordination, quality assurance activities, assess practice patterns and treatment outcomesand

conduct medical research. From the patients point of view, this should help to produce

higher quality care. Other potential advantages of EMR includes the integration of clinical

decision support systems to reduce the use of more expensive or less effective procedures

and treatments by prompting these clinicians about alternative options when they enter

orders in the system. This would then prevent the phenomenon of clinical cascade, where

clinicians can be informed that they are ordering screening tests or treatments related to

medical conditions that are likely to have an extremely low-prevalence to their patients.

Furthermore, it allows the clinicians to avoid adverse outcomes by monitoring care and

alerting providers to contraindicated treatments and at the same time improving the ability

to defend in malpractice suits due to more complete and legible records of the treatments


15/46

35

actually provided. In the world of having a fully integrated EMR, the hospital or clinics

billing and accounts receivable departments might no longer require additional resources of

staff and space than most of their clinical units combined.

While as yet unproved, there is a strong likelihood that using a fully integrated electronic

medical record as the informational matrix of a collaborative treatment approach would

produce more cost-effective care through the efficient use of clinical, as well as

administrative, staff and services. Whether such systems would measurably improve the

quality of care delivered remains a challenge to be measured and proved scientifically

(Silverman, 1998).

2.4.2 Disadvantages of EMR

Even though EMR offers opportunities for improving security, the access can be limited to

just that portion of the record that is pertinent for the user. In a recent poll almost half of

those being surveyed stated that they were very concerned about their personal privacy

and one-third stated that they were very concerned about the possible negative

consequences of EMR. Such concerns are growing as more sensitive information, such as

HIV status, psychiatric records, and genetic information are stored in the medical records.

In order to address these concerns, one would require both a better understanding of the

vulnerabilities of health information in an electronic form and the various mechanisms that

are made available for protecting such information.


16/46

36

2.5 EMR ADOPTION MODEL

The EMR Adoption Model identifies and scores hospitals using an eight-step scale that

charts the path to a fully paperless environment. It was created to identify the levels of

EMR capabilities ranging from an environment at Stage 0, with few to no clinical

applications, through to Stage 7, a paperless EMR environment where data can be easily

exchanged between the care provider settings.

Healthcare Information and Management Systems Society (HIMSS) Analytics, being the

authoritative source on EMR Adoption trends, devised the EMR Adoption Model to track

EMR progress at hospitals and health systems (HIMSS Analytics, 2008).

0.0%

6 ( ),

( & ), 0.1%

5 0.5%

4 , ( ) 3.0%

3 ( ), (

), 1.0%

2

, , ,

3.%

1 , , 1.%

0 20.%

Figure 2.3 EMR Adoption ModelSource: HIMSS Analytics, 2007


17/46

37

2.5.1 EMR ADOPTION IN UNITED STATES OF AMERICA (USA)

The adoption of the EMR has increased slightly over the years from 105,000 physicians in

2003 to approximately 130,000 physicians in 2005, according to the research (Monegain,

2005). However, the adoption rate of EMR in the United States sees a lower growth

compared to other nations like Australia, United Kingdom, New Zealand and Netherlands.

Although US leads in the healthcare spending and its healthcare system is touted as one of

the best in the world the adoption rate of EMR is only at 28%. The 2006 study by

Commonwealth Fund also reports that Netherlands has the higher adoption rate at 98%

followed by New Zealand (92%), United Kingdom (89%) and Australia (89%).

This statistics agrees to the survey results by American Hospital Association which shows

only 11% of community hospitals in the US have fully implemented EMR systems. The

result also indicates 57% of the community hospitals have implemented partial EMR

systems while another 32% have not implemented at all. However these rates are

contractive to the HIMSS Analytics, 2007 report which shows 20.7% on Stage-0, 79.3% in

between Stage 1-6 (partial implementation) and non of the hospitals in Stage-7.

2.5.2 EMR ADOPTION IN ASIA

According to Madhav Ragam of IBM Asia Pacific, Electronic Medical Records (EMRs)

have already gained importance in the western world with governments taking up

initiatives to implement them across the nations. Comparatively, in Asia, especially in

countries like India and China, there is a long way to go before the benefits of EMRs can

be realized. Japan shares the same scenario where the recent survey on 1574 hospitals with


18/46

38

300 or more beds, and a random selection of 1000 hospitals with less than 300 beds and

another 4000 clinics in 2007 reveals EMR adoption rate is only at 10% for hospitals and

10.1% for clinics. The study also recommends for communication between EMR systems

should further be standardized to secure functional and semantic interoperability in Japan

(Yasunaga et al., 2008). However in Singapore, according to Chng Wong Yin of

Singhealth, the national public healthcare provider, they have successfully implemented

EMR systems in all of their 3 hospitals, 4 national centers and 8 polyclinics. Singhealths

patients now have the flexibility of moving conveniently between their hospitals and

polyclinics to seek care and treatment. As of 2004 it was reported a total of 2,500

workstations have been installed with EMR software and an estimated 6,200 users were

trained on the handling of EMR systems.

2.6 HEALTHCARE IN MALAYSIA

Healthcare in Malaysia has undergone some radical transformations. The earliest pre-

colonial medical cases were confined mostly to those traditional remedies that are evident

today in Malay, Chinese, Indian and other ethnic groups. However, with the birth of

colonialism, more modern and westernized medical practices were slowly introduced to the

country (Alianz, 2008). In line with Vision 2020, Malaysia is to develop the most advanced

health system in the world by harnessing the power of information and multimedia

communications technology. The countrys vision of healthcare is as follows: (Hashim,

2005)


19/46

39

Malaysia is to be a nation of healthy individuals, families and communities

through a health system that is equitable, affordable, efficient, technologically

appropriate, and environmentally adaptable and consumer friendly, with

emphasis on quality, innovation, health promotion and respect for human

dignity and community participation

Malaysia is in an enviable position of being able to control its healthcare cost spending to

less than 3% of Gross Domestic Product (GDP) and yet enjoys health indicators of most

developed nations. The average healthcare costs of most developed countries amounted to

10%-12% of GDP and in the US, healthcare cost accounted for 15% of GDP. World Health

Organization guidelines recommend that health services spending should be around 5% of

GDP. Having achieved this enviable status, the Ministry of Health will want to ensure that

healthcare cost in Malaysia remains cost effective in the future and that high quality

healthcare service is available to everyone. The Telehealth project is one of the main

avenues to achieve this (Hashim, 2005).

2.6.1 EVOLUTION OF HEALTHCARE IN MALAYSIA

Under the 7th Malaysian Plan, there was substantial investment in information technology

and a large public building program for health facilities, in order to increase access for the

low-income population, particularly in rural areas. The Ministry of Health has good

telemedicine and telehealth capacity with a Telemedicine Act enacted in 1997. During the

7th Malaysia Plan (1996-2000), a fully computerized Total Hospital Information System

(THIS) was completed and operated in two hospitals. THIS was further expanded in the 8th

Malaysia Plan (2001-2005). The application of five telehealth projects, namely the Lifetime

Health Plan (LHP), the Lifetime Health Records (LHR), Continuing Medical Education


20/46

40

(CME), Mass Customized Personalized Health Information and Education (MCPHIE) and

Teleconsultation will be expanded nationwide. In the 9th Malaysia Plan, among the major

outcomes would be the development of electronic reporting system for the generation of

health information management system statistics and reports and the establishment of the

National Health data warehouse to contain all domain repositories and registries. (WHO,

2006)

The Health Director-General Tan Sri Datuk Dr Hj Mohd Ismail Merican commented in the

Star Special July 2006 edition on Ministry of Health (MOH), As you know one of the

strategic plans for the 9MP is to achieve better healthcare through the consolidation of

services. This will mean focusing on quality in the delivery of health services and not just

quantity, (Loei, 2006). One of the many actions taken by MOH to increase the quality of

healthcare in Malaysia is through the Telehealth project. Making a success of telehealth is

part of the goals of the Ninth Malaysia Plan (9MP), which has allocated RM10.28 billion

for health sector development. According to the Plan, sharing of information through the

Lifetime Health Record (LHR) and Lifetime Health Plan (LHP) services within telehealth

services will be given emphasis. Both services were piloted in Seberang Perai, Penang.

(Peterson, 2007)

2.6.2 THE MALAYSIA TELEHEALTH PROJECT

Telehealth refers to the integration of information, telecommunication, human-machine

interface technologies and health technologies to deliver healthcare, to promote the health

status of the people and to create health awareness. The integrated Telehealth Project, as


21/46

41

designed and customized to suit the Malaysian circumstances, consist of an integrated

system made up of four major components: (Harum, 2004)

Customized / Personalized Health Information and Education,

Continuing Medical Education (CME)

Teleconsultation

Lifetime Health Plan (LHP)

Within these four pilot projects, Electronic Medical Record (EMR) plays an important role

in providing patients medical histories. To date, some components in the Telehealth

projects are already accessible on the web but yet to be implemented. (Haslina and

Sharifah, 2005)

The Malaysian Telehealth Application will, on completion, provide every resident of the

country an electronic Lifetime Health Record (LHR) and Lifetime Health Plan (LHP). He

or she will also hold a smartcard that will contain a subset of the data in the Lifetime Health

Record. These will be the means by which Malaysians will receive "seamless continuous

quality care" across a range of health facilities and healthcare providers and by which

Malaysia's health goal as a nation of "healthy individuals, families and communities" is

achieved. The challenges to security and privacy in providing access to an electronic

Lifetime Health Record at private and government health facilities and to the electronic

Lifetime Health Plan at homes of consumers require not only technical mechanisms but

also national policies and practices addressing threats while facilitating access to health

data during health encounters in different care settings.


22/46

42

2.7 SECURITY, PRIVACY AND CONFIDENTIALITY OF EMR

Security and privacy and confidentiality of electronic medical records are the major concerns in

healthcare informatics. These aspects are distinct but inextricably linked (Terry, 2007). The

distinction can be expressed as follows, security is the protection of information from people

and privacy is the protection of people from information. Jo Luck in his Australian Health

Informatics Guideline mentioned the major security concerns are the impacts on the hospital

security events which will affect:

Availability of data and services: the extent to which the ability of the

organization to provide a service will be affected by the loss or degradation of a

given information processing or communication facility or the loss of a given set

of data.

Authentication and integrity of data: the extent to which the ability of the

organization to provide a service will be affected by the accidental corruption of a

given set of data or the malicious corruption of the given set of data or the

acceptance of a given set of data which did not originate from its purported

source

Confidentiality of data: the extent to which the ability of the organization to

provide a service will be affected by the disclosure of the given set of data to an

unauthorized person.

2.7.1 SECURITY CONCERNS OF EMR

The notion of confidentiality in healthcare has a strong professional tradition that has

suffered progressive erosion due to reimbursement schemes, managed care and other


23/46

43

healthcare organizational structures, and the perceptions and culture of professionals within

modern healthcare systems.

Privacy, security and confidentially are terms closely linked concepts in the discussion of

health information systems. Confidentiality is defined as information to be made available

only to the authorized users and it is seen as one of the important goals in information

systems. Confidentiality also refers to the ethical principal associated with the professional

and in the context of this research the communication between the doctor and patient is

confidential between these parties and should not be revealed to other parties (Wikipedia,

2007). Privacy on the other hand refers to an individuals right to control access to and

disclosure of their personal information. Health information privacy gives the owner of the

information to have the rights to control the dissemination and use of information about the

individual.

Security refers to measures taken to safeguard personal information from unauthorized

access, use or disclosure. Some distinguish between data security and system security. Data

security results from measures that effectively protect data and computer programs from

threats such as unauthorized access and disclosure, impermissible alteration, unauthorized

copying and theft (Luck, n.a).

2.7.2 THREAT TYPES OF EMR

Mainly there are two major types of threats to electronic health information in any

healthcare organization. The two types namely are threats from inside intruder and threats


24/46

44

from outside intruders. The differences among these threats are based on the motive of the

intruder, the resources the intruder has and what is the benefit or effect the intruder causes

the stakeholder.

2.7.2.1 Insider Threats

The root cause of the category of insider threats is more often caused by the employees of

the healthcare organization. Conversation in public places such as elevators or coffee

corner among the care providers could leak private information about patients to

unauthorized personals. Not only conversation gives opportunity for information leak, the

laboratory test result left on screens and tables of the practitioners does contribute towards

information leaking. These activities seem to be the daily innocent mistakes causing

accidental disclosures of private health information. The next type of threat from the

employees is using the access privilege given to access confidential information. This

situation arises when there is a curiosity to know more about the patient highly sensitive

information such as medical report, diagnosis and more. The third type of intrusion by the

insider is accessing the information to earn profits. Figure 2.4 illustrates different forms of

insider threats to the health information in a healthcare organization.

2.7.2.2 Outsider Threats

The outsider threats are concern about the unauthorized data access by individuals who do

not have any access to the system in any possible way. This is the pure technical threat - an

attacker with no authorization and no physical access. An example is the intruder who

breaks into a system from an external network and extracts patient records. This threat is


25/46

45

dangerous when patient records are accessed regularly through an external network. It is

clear that most providers are moving toward the use of networking and distributed

computing technologies as they move towards electronic medical records. Therefore this

type of threat will cause mass disclosure of confidential information.

Figure 2.4: The different types of insider threats to informationSource: Vericept

2.8 CASE STUDIES ON SECURITY BREACHES IN EMR SYSTEMS

The increasing adoption of EMR is fundamental to the transformation of the healthcare

system. The information created, accessed and stored in these systems, and their ability to

integrate with health information networks and data exchanges, introduces complex


26/46

46

security issues. This, coupled with the rising number of information security breaches, has

raised concerns regarding their vulnerability.

To address those issues, the board of eHealth Vulnerability Reporting Program undertook

two case studies in 2006 in the United States. The summaries of the two case studies are

described in the next sections (eHVRP, 2007):

2.8.1 Case Study #1

The first case study was done for duration of fifteen (15) months, from May 2006 to

August 2007. It aimed to assess the security risks associated with EMR systems.

Methodologies used in this study were:

Evaluate current industry information security practices

Assess level of risk related to EMR systems

Benchmark healthcare information security practices against other industries

Produce a set of recommendations relating to activities beneficial to

protecting information systems in the healthcare industry

A total of 850 EMR solution provider organizations, and penetration testing of seven EMR

systems were surveyed, including:

One (1) eRx (Electronic Prescription System)

One (1) inpatient EMR system (custom developed)

Five (5) CCHIT (Certification Commission for Healthcare Information

Technology) certified ambulatory EMR Systems


27/46

47

Some of the research questions in this survey were:

1. Can EHR vulnerabilities be exploited to gain control of application or access

to data for modification or retrieval?

The Significance of findings were:

a. Vulnerabilities can be exploited

b. Skill level required to exploit is low

Figure 2.5: Level of vulnerability exploitation

Source: eHVRP Industry Review, 2007

2. Do EMR applications have vulnerabilities consistent with other complex

applications?

The significance of findings were:

a. Significant difference between best and worst

b. Relatively easy test to perform

c.

Validates common assumptions


28/46

48

Figure 2.6: Level of vulnerability severitySource: eHVRP Industry Review, 2007

3. Does security software effectively reduce time of exposure?

The significance of finding was:

a.

Risk of vulnerability exploitation can be dramatically reduced

when vulnerabilities are known and appropriate security controls

are in place

Figure 2.7: Vulnerability durationSource: eHVRP Industry Review, 2007

The study also recommends eHealth system vendors and healthcare organizations to:

Regularly perform application security tests, document results and incorporate

these activities in their SDLC


29/46

49

Recommend and implement compensating controls

Vendor recommended system hardening

Timely review and deployment of vendor approved patches

Effective security controls such as IDS/IPS, and application firewalls to protect

systems until patches are available

Security policies/rules to protect against known and unknown vulnerabilities

Solution approaches that address the needs from the large and technologically

sophisticated to the small and less technologically sophisticated healthcare

organization

2.8.2 Case Study #2

Another study by the same organization, during the same period of duration, was held at

medical centre with the below criteria:

More than 500 medical practitioners

Serving more than 500,000 patients in a large metropolitan city

Recognized as a top performing medical group

Implemented EMR system in 2004 that considered as a critical system.

Downtime would have significant impact on business operations

And the major findings of this survey were listed as:

1. Initial survey response/dialogue indicated no knowledge of EMR specific

vulnerabilities or application specific intrusion protection or application level


30/46

50

security systems implemented. Other network perimeter defenses where

implemented.

2. Performed vulnerability and penetration testing of EMR applications using

automated tools and manual techniques.

3. Identified security vulnerabilities and demonstrated exploits including:

o Ability to remotely gain full access to the system and view any

health record or information

o Ability to remotely modify any data such as drug dosage

o

Ability to remotely delete any specific record or all records

o Ability to generate orders, such as for medications operations

4. Established requirements for security technology

Practical to deploy

Cost effective

Minimal impact on operations

5. Evaluated host intrusion prevention systems (IPS) as a compensating control

6. Initial results support premise that solutions are available that meet the

requirements (cost of ownership, operational impact and level of protection)

Some of the research questions in this survey were:

1.

How many defects does a typical application contain?


a.

Likely many, for the following reasons:


31/46

51

i. Applications are complex and rely on upwards of a 100

million lines of code when the Operating System, database

and application code are taken in account.

ii.

Studies have shown that 1 to 1 vulnerabilities exist for

every 1,000 lines of code irrespective of type of application

or industry.

2. How exploitable are they, can they really be used to cause damage?


a.

It varies depending on certain factors including criticality of

the vulnerability, the level of access to the system required to

exploit, effort and sophistication of the attack, controls in

place among others.

b. As part of the program, penetration testing demonstrated how

new vulnerabilities could be found and successful exploits

created in only a matter of days. Additionally security

statistics show how widely exploitable systems are, the rate at

which vulnerabilities are being found and the areas that

attacks are targeting.

60% of customer-facing web applications have an

exploitable vulnerability.

4,375 vulnerabilities in the first 9 months of 2006.

Web flaws are the most common.

75% of attacks take place at the application layer.


32/46

52

3. We have a firewall isnt that sufficient?


a. No, perimeter firewalls are important network security controls that can

limit where an application attack can originate, but do not deal with the

application flaw itself

Figure 2.8: Level of protection against attacksSource: eHVRP Industry Review, 2007

4. Isnt it impractical and cost prohibitive for system purchasers to address

software vulnerabilities?


a.

No, an entire security industry has evolved to help organizations cope

with vulnerabilities in application software. Organizations need to

establish their risk tolerance and implement appropriate controls to

ensure compliance. These controls have been identified as best practice

and are commonly used in many industries.


33/46

53

2.9 TECHNICAL REVIEW OF SMARTCARD TECHNOLOGY

Smartcards are used in information technologies as portable integrated devices with data

storage and data processing capabilities. As in many other fields, smartcard use in healthcare

systems became popular due to their increased capacity and performances. (Yanjiang, 2002)

Their efficient use with easy and fast data access facilities leads to implementation particularly

widespread in security systems. Smartcards role in the healthcare sector is obviously

constrained by the technical capabilities that are available at any point in time.

The smartcard is defined as a credit card with a brain on it, the brain being a small

embedded computer chip. (Rinaldo, 1997) Some types of smartcard may have a

microprocessor embedded, while others may only have a non-volatile memory content

included. In general, smartcard is an integrated circuit card (ICC), which is a portable,

tamper-resistant computer with a programmable data store. In either type of smartcard, the

storage capacity of its memory content is much larger than that in magnetic stripe cards.

The total storage capacity of a magnetic stripe card is 204 bytes while the typical storage

capacity of a smartcard ranges from 256 bytes to 64K bytes. In other words, the memory

content of a large capacity smartcard can hold the data content of more than thousands of

magnetic stripe cards.

Due to the high security level of smartcards and its standalone capability, it is extremely

difficult to tamper the card, or otherwise put unauthorized information on the card. Because

it is hard to get the data without authorization, and because it easy to carry, a smartcard is

uniquely appropriate for secure and convenient data storage. Without permission of the


34/46

54

card holder, data could not be captured or modified. Therefore, smartcard could further

enhance the data privacy of user. Microsoft considers smartcard as an extension of a

personal computer and the key component of the public-key infrastructure in Microsoft

Windows 98 and 2000. (Clercq, n.a)

Thus smartcards are particularly suited to applications that require data security as well as

data integrity. Data security ensures that a data value or computation contained on the card

can only be accessed by authorized parties. Data integrity guarantees that the value of the

data stored on the card is defined at all times and is not corrupted. Some of the potential

benefits of smartcards are (Rogerson, 1998):

Smartcard is a secure mean of authenticating the identity of reader device

It is a portable and secure store of data available to all

Access can be made available in geographical locations where online

communication is not possible

Reduced fraud

2.10 SMARTCARD IN HEALTHCARE

The capacity of a card is the major determining factor in limiting the information that can

be stored on it. While it is possible to store less than the maximum capacity of the card, it is

obviously never possible to store more. A few kilobytes of capacity are generally accepted

as being sufficient to store basic identification details such as name of the card holder in the

healthcare context, domain-specific but generally applicable information such as details of


35/46

55

allergies, medication and other emergency data. While the smartcard is being used as a key

to unlock an access control mechanism, encryption keys large enough to resist extensive

brute force attempts to break them can also be stored. Episode specific data could also be

designed to fit into a few kilobytes.

However, the limits of capacity are rapidly reached when one talks about the sort of

information that would constitute a patient's medical history over an extended period of

time, or a shorter period of time with multiple or severe conditions. In particular, X-ray or

similar medical images stored with sufficient resolution and color depth useful, typically

occupy at least 8-16Kbytes (64-128Kbits) of memory, even with suitable compression. The

space required to hold just one image exceeds the capacity of the latest EEPROM cards.

FRAM cards could also be considered for this purpose, but even then the number of images

that could be stored is limited.

2.10.1 HEALTHCARD APPLICATIONS OF SMARTCARD

Due to the level of security provided for data storage, IC cards offer a new perspective for

healthcare applications. Medical applications of smartcards can be used for storing

information including personal data, insurance policy, emergency medical information,

hospital admission data and recent medical records. Numerous national hospitals in France,

Germany and even Hong Kong have already started to implement this kind of healthcare

card.

With the microcontroller on-board, smartcards could be used for managing the levels of

information authorized for different users similar to a workflow control system. Doctors


36/46

56

would be able to access the medical record from the patients card, while pharmacists could

make use of the prescription information stored on the card for preparing the medical

treatment. Emergency data kept on the patients card, which includes the cardholders

identity, persons to contact in case of accident and special illness details, can be used for

saving the patients life. In some countries, medical insurance is required for hospital

payment. With the insurance records stored in the patients card, the administrative

procedures are simplified.

2.10.2 WHAT MAKES SMARTCARDS IMPORTANT IN HEALTHCARE?

Smartcards have two key attributes: they can carry a substantial quantity of data in a

compact and computer readable form, and they can carry it securely. The second attribute is

crucial to the role that smartcards will play in healthcare, in which security of data and

confidentiality are generally recognized as being pillars of ethical practice.

Computing environments that have many users routinely experience problems in three

areas: authenticating the identity of individual users, ensuring confidentiality of data in

storage, and securing data against interception or alteration while in transmission.

2.10.3 USING SMARTCARD TECHNOLOGY TO OVERCOME SECURITY

BREACHES IN EMR

The privacy, security and confidentiality of patient health records have been the sensitive

topic debated in the medical sector. This is due to the rapid use of information technology

within the health sector. Broad use of internet, large databases and health information

systems create further anxiety among medical practitioners and a patient thus calls for


37/46

57

immediate check on how patient health information is maintained by the healthcare

institutions. Information on how these data are handled is important to ensure policies and

procedures are well established to handle vulnerabilities these systems entail.

Existence of electronic medical records (EMRs) increased the accessibility and sharing of

health information among authorized individuals. Although this is a visible and the most

important benefit, however this technology has created a hidden high risk of losing

information to unauthorized individuals (eHVRP, 2007). When individual personal health

information is disclosed, it creates significant economic and social harm. Transmission of

confidential information over the various types of system infrastructure further erodes the

individual privacy and concerns are growing as critical information such as psychiatric

records, HIV status and genetic information is stored in these electronic medical records.

The dilemma of obtaining, using and sharing healthcare information to provide care while

not breaching patient privacy, is therefore a serious concern (Smith, 1999).

To address these concerns, a clear understanding of what are the type of threats exist in the

adopted health information systems needs to be analyzed. Each implementation of health

information systems provided by the vendors will normally be equipped with at least the

minimal security level such as user authentication. Although the increase of research in the

security field, had of course introduced various methods to improve the security level for

the data stored in these systems, the applicability of security technologies is still

questionable. This section will analyze in detail the research outcome by eHVRP surveys


38/46

58

and will identity if smartcard technology can be used in EMR systems to overcome those

security breaches.

2.10.3.1Use Of Smartcards In Preventing Security Breaches In Case Study #1

Security Breaches in Case Study #1How The Use of Smartcard Technology could

have overcome the issue?

Skill level required by an attacker to

exploit vulnerabilities is low

Smartcard systems can be implemented in different

ways. No two smartcard systems are similar. Use

of proprietary smartcard operating system, key

management system or file architecture could

decrease the level of breakability of an EMR

system. Attackers may require having high level of

skills to break into smartcard systems.

Application and Database were

exploited

Smartcard could provide a mean of secure access

control to any systems. Using smartcard with a

PIN entry for a system access will disallow people

without an authorization card to gain access to any

application.

Smartcards with extensive storage capacity could

hold a patients decryption key to their database

records. Database records that encrypted with a

patients key will be unusable even if there was

exploitation.

Attacker accessed remotely Physical presence of a user to insert smartcard and

exchanging keys to gain access will disallowremote access by attackers. Without a smartcard

inserted, the system will not respond or the

database will not decrypt patients health record.


39/46

59

Security software effectively reduce

time of exposure

Smartcard technology can be used as a software

firewall to a system. Authenticating operating

system environment and accessing file architecture

can be used as a method of software firewall.

Smartcard also can hold Public/Private Key

Infrastructure (PKI) for further security option.

2.10.3.2Use Of Smartcards In Preventing Security Breaches In Case Study #2

Security Breaches in Case Study #2How The Use of Smartcard Technology could

have overcome the issue?

Remotely gain full access to the

system

Smartcard systems can be implemented in

different ways. No two smartcard systems are

similar. Use of proprietary smartcard operating

system, key management system or file

architecture could decrease the level of

breakability of an EMR system. Attackers may

require having high level of skills to know-howto break into smartcard systems.

remotely add/modify/delete any/all

records

Remote access will be prevented using

smartcards. Physical presence of the user will be

required.

security technology that practical to

deploy

Smartcard technology is practical to deploy.

Globally well-accepted technology in many

sectors.

security technology that cost effective

to deploy

Over the years, price of smartcards and

application development and integration have

dropped tremendously. Smartcard implementation

even very cost-effective is patients and users pay

for their own card.


40/46

60

Applications are complex and rely on

more than millions of lines of code

Smartcard application development requires

embedded programming where software

programs can be directly written to the card.

Using well-defined APIs and ISO standard

protocols, application can be programmed with

minimum number of codes.

60% of customer-facing web

applications have an exploitable

vulnerability

Smartcard systems do not highly dependent on

internet as patient information stored within the

card memory. This reduces the requirement for

the system to be online all the time.

75% of attacks take place at the

application layer

Protecting application layers are made easy with

smartcard technology. Implementing PKI and

Key Management System can provide sufficient

security measures on application layer. Two or

more tier smartcard authentication can provide

robust security to the system

Firewall do not deal with the

application flaw itself

Apart from controlling network access,

smartcards do provide application level protection

when design in a respective way.

2.11 AN ANALYSIS OF PREVIOUS HEALTHCARE SMARTCARD

IMPLEMENTATIONS

Research shows that smartcard in healthcare has a long history. Many smartcard based

applications have been developed and adopted in many parts of the world, especially in

Europe. These implementations however are mainly linked on other applications such as

health insurance and access control.


41/46

61

In the this region, Taiwan has a successful implementation of patient health card, which

gives the patients to carry the health records in their wallet and at the same time use the

card for insurance claims and medical bill payment. A recent study by European-based

HBS Consulting is outlined in Table 2.2.

Table 2.2 Different smartcard implementation and descriptionSource: HBS Consulting, (2004)

Market Card Description

Germany Health Insurance Card Current system launched in 1993. 80million chip cards have been issued. New

system using more sophisticated

smartcard due to be launched in 2006

France Sesam-Vitale Version 1 issued in 1998. Version 2

scheduled to be launched in 2006, pending

agreement with health workers

Belgium SIS Introduced in 2000, card has been issued

to 10.5 million residents. Card specifies

eligibility for service. Carries no medicaldata.

Slovenia Health Insurance Card Slovenia has issued 2 million cards since

1999. New applications added in past 2

years, such as organ donor registration and

information on patients eyeglasses,hearing aids and other medical devices

Austria e-card Contract for 8 million smartcard awardedin this year to Giesecke & Devrient.

Rollout set for 2005. Will also to be usedto access government services online.

Europe E111 card Standard card for accessing health

services throughout Europe wasintroduced last month without a chip.

Plans call for introduction of a smartcard

in 2008.


42/46

62

HBS Consulting in 2003 also conducted a functional versus benefit study on the major

health card programs in the world. Although most implementations are identification and

medical insurance related, some of them are also incorporating patient health information

on the card. Table 2.3 highlights the major health card programs, their functions and the

benefits.

Table 2.3 Implementation of smartcard and its benefitsSource: HBS Consulting, (2003)

Country Function BenefitBelgium Entitlement card Patient acts as identification and speeds

reimbursement.

Insurers reduce cost

France Insurance card Patient speeds reimbursement

Insurers reduces costs and simplifies

processes

France Health professional

card

Health professional provides security and

systems and information access

Germany Insurance card Patient identification

Insurers process simplification

Germany Health professionalcard

Health professional provides security,identification and systems and information

access improves communications

Netherlands Medication alarm Patient helps management of chronic disease

Netherlands Drug monitoring Health Professional eases care of drug addicts

Slovenia Data storage,

identification,access

to systems

Patient identification to health professional

and to system via self service kiosks

Taiwan Data storage,

identification,

accessto systems, fraud

detection

Patient gains control over medical data

Health system payment providers fraud and

cost reduction


43/46

63

2.12 CURRENT RESEARCHES IN EMR SMARTCARD

There are few researches on electronic medical records currently undertaken by various

organizations, academic staffs and student around the world. In this section some of the

current researches that have direct approach using smartcards are conceptually presented

and evaluated.

A research titled Model-Based Design and Implementation of Secure, Interoperable EHR

Systems is being done by team of researchers from Germany, headed by Bernd Blobel. In

this research, Bernd highlighted that for establishing efficient and high quality care for

patients, health networks with an EMR as core application must be designed for enabling

trustworthy interoperability between different healthcare organizations. This

interoperability, according to Bernd, has to be provided at knowledge level meeting legal,

ethical, and organizational requirements in a flexible and portable way including with the

use of mobile devices such as smartcard (Blobel, 2003). This research uses smartcards to

perform strong mutual authentication prior to the security infrastructure components are

downloaded and installed to transfer data input and output. The SSL (Secure Socket Layer)

protocol deployed to initiate secure sessions is provided by the Java Secure Socket

Extension API. The applets and servlets for establishing the local clients and the open

remote database access facilities communicate using the XML standard set including XML

Digital Signature which has been incorporated in to a smartcard. In this research, smartcard

is used as a medium for authenticating medical practitioners to download EMR records via

SSL.


44/46

64

In another attempt by Alvin in 2003, in a research titled Integrating smart card access to

Web-based medical information systems, he examines the application of smartcards in the

development of distributed medical information systems. Agreeing to the technical

capabilities of smartcard such as mobility and security features, he noted that smartcard is

an ideal medium for storing the critical medical records of a patient. However, his finding

shows the lack of interoperability and support for distributed operations have limited the

development and usage of smart cards in a networked environment. Alvins report also

highlights the benefits of combining the World Wide Web and smart card technologies to

support the development of highly robust health information system, while leveraging on

the rich benefits of the Web technology (Alvin, 2003). In particular, this research describes

an approach of using the WebCard service model as a common interface to communicate

and access the medical records residing in a smartcard that seamlessly integrates to existing

web infrastructure. Although this research has many similarities with Bernds approach in

terms of the use of smartcard as the access control device, his way of handling smartcards

in the system is varies. WebCard uses Java OpenCard Framework to enable the servlet

features and utilizes the internet as the communication medium.

In summary, most of these current researches are evolving around open-source, Java

OpenCard Framework and web-based approaches. Although these approaches benefit the

healthcare industry in whole, proprietary systems provide better security options especially

in isolating the sensitive medical records from potential hackers. A close-loop approach is

comparatively better way to go about in healthcare smartcard implementation to restrict

anonymous attackers from breaching the security walls. Open source systems, on the other


45/46

65

hand, by their very nature, are open to scrutiny. Often, this scrutiny can apply not only to

the systems source code, but also to the system design processes. For an environment that

requires high level of security, privacy and confidentiality open source still not the solution

(Jason, 2004).

2.13 SUMMARY OF RELATED LITERATURE

The above reviews on the electronic medical record, smartcard technology, existing

implementations and related current researches suggest for improvements in the way

smartcards being used in the healthcare industry. The lack of strong application

development in healthcare leads to a situation where the smartcards are only being used as

a tool for inter-industry data carrier and identification, as shown in Table 2.5.

Thus, the significance of this research is to show how to utilize the real technical

capabilities of smartcards in holding a patients medical records without compromising its

security, privacy and confidentiality. Based on the derived methods of securing medical

record in multiple levels, the patients will have their own medical record in the wallet,

secured and protected. The technical capabilities of smartcard in research are evaluated

from the storage capability, processing capability and security capability.

Research reviews discussed in this chapter have proved the emergence of technology has

contributed in a positive and negative manner. The initial idea put forward by the

information technology has of course proved to be in the positive in many ways. Visible


46/46

benefits of information technology in medical sector are the decreasing of paper records,

efficiency of clerical operations in a hospital environment and most importantly easy access

of information by different stakeholders in this environment. EMR was accepted as it was

viewed as a way to reduce file storage cost and also ease of maintenance of the health

record. Rate of instant and easy access to the patient records is currently the yardstick to

prove the delivery of quality healthcare by a healthcare institution. However recent

research shows the increasing concerns by patients of the security and confidentiality of

their health records. This could be due to the health systems deployed in a network or web

environment. Smartcard technology was brought in to address the issue of mobility and

security of patient records.

This literature review also has pointed the architecture of the smartcard and how it supports

the security and mobility. Countries adopting the smartcard EMR systems have studied the

ways of adopting and implementing the smartcard technology, however these researches

are normally construed towards the security of authentication in general, policy

implementation or ways of handling unauthorized access to the card. The isolation of these

research outcomes more than often were not integrated therefore the implementation of

security was often implemented in the smartcard level or the application level. Due to this,

privacy of data is not guaranteed and this gives opportunity to hackers of health

information through the layers where security is not implemented.

Documents

Jothi EMR Chapter2 LiteratureReview 07072009 MC