Start Your Search
Chris Hobson
Author of
-
OS06 - Advancing Frameworks for Patient Engagement (ID 6)
- Event: e-Health 2017 Virtual Meeting
- Type: Oral Session
- Track: Clinical
- Presentations: 1
- Coordinates: 6/05/2017, 04:00 PM - 05:30 PM, Room 203CD
-
OS06.01 - How to Address Two Major Physician Concerns: Safety and Privacy (ID 147)
- Abstract
Purpose/Objectives: A literature review on causes of physician concerns about adoption of EHRs showed that privacy and safety are very high on the list of barrier issues. In fact, privacy and safety were second only to cost and equal with level of functionality across a review of 25 studies. It is increasingly understood that the software vendor community plays a key role in addressing and improving privacy and safety as application software is a major potential cause of vulnerabilities. We wanted to develop an innovative process for management of application vulnerabilities, safety and privacy risks from the use of our software that aligned with the COACH e-Safety Guidelines. Over the course of the last several years, we have built such a process and applied it initially to detection of safety risks. More recently we have also adapted it to the management of privacy risks. In 2015 we self-assessed our processes as being at level 3, the structured program level. We had a structured approach to identifying safety and privacy vulnerabilities that derive from the use of HIT / EHRs and had many years experience dealing with individual issues.
Methodology/Approach: Over the last five years, we developed and enhanced a rigorous process for detecting, confirming and addressing possible safety related software defects. In the last three years we have adapted the process to address privacy vulnerabilities as well. During that time, new key privacy requirements have emerged rapidly. Prominent amongst them includes D4P (data segmentation for privacy,) increasing consumer requests for control of their health record information, fine grained consent policies, and progressively moving personal health information to the cloud. These new emerging requirements served as rich grounds for improving our privacy capabilities even while increasing complexity has brought potential for software defects to have unexpected impacts. Once identified, software defects were tracked to root cause and remediated. To move from level 3 structured to level 4 managed and measured we developed a classification model in a from the ground up approach.
Finding/Results: A process was developed and deployed that successfully detected and addressed safety and privacy issues in advance of live use by clinicians and patients. We presented part of the process to eHealth Canada 2016 conference. In 2017, we would like to show how we adopted a similar process for addressing privacy issues, and the steps we took to move up the COACH pyramid. Additionally, we have learned a great deal about balancing privacy and safety issues that we will illustrate with detailed examples. Getting the balance right can require sensitive handling of both priorities and in-depth discussion with clinical governance teams and patients.
Conclusion/Implication/Recommendations: Understanding the nature and categories of potential safety and privacy issues that arise from integrated environments can improve the quality of the solution and make such solutions more deserving of trust by clinicians. By initiating a discussion on safety and privacy implications of EHR solutions, high quality, robust approaches can be developed across Canada to deal with common areas of concern.
140 Character Summary: This presentation addresses the privacy and safety issues that limit physician adoption, as well as differing approaches to implementation.