CASE WESTERN (US)—While some Americans might argue against an increase in government regulation, two experts warn that without federal oversight, electronic health record systems might be vulnerable to security breaches.
“Electronic information can be illicitly accessed from anywhere and transmitted across the globe quickly, cheaply, and with little risk of detection,” says Sharona Hoffman, professor of law and bioethics at the Case Western Reserve School of Law. “Electronic health record systems could transform health care in the U.S., but their potential will be realized only with careful oversight.”
Hoffman, along with her husband, professor Andy Podgurski from the Case School of Engineering, are responsible for one of the first scholarly studies to assess the need for federal regulation of electronic health record systems. The report, scheduled for publication in Harvard Journal of Law and Technology, comes on the heels of two previous publications by the two on security and privacy issues of electronic health records (EHR) and critiques of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
“We regulate drugs, transportation, communication, food, and many other goods and services,” she says. “A safe and effective transition to computerized medical records cannot be achieved without federal regulation.”
Hoffman says electronic systems offer great promise for significantly improving health care in the United States and around the world, “however, their complexities generate many risks of software and hardware failures and adverse patient outcomes, and thus they require rigorous regulation. This is an exciting time for health information technology, but it must be approached cautiously and thoughtfully.”
Currently the Certification Commission for Healthcare Information Technology (CCHIT), a private organization, conducts one-day testing of EHR systems. Hoffman and Podgurski , however, believe that CCHIT’s certification process is not sufficiently thorough and has several important shortcomings.
The professors suggest that CCHIT oversight be replaced by governmental oversight and that an extensive testing and approval process be established. Without this testing, new EHR systems should not be marketed, just as drugs and devices cannot be sold if they have not been approved by the Food and Drug Administration (FDA). In addition, EHR systems must be subject to monitoring throughout their operational lifetimes to ensure that technical problems are detected and resolved.
When asked who should be responsible for this regulation Hoffman replies: “Some may think the FDA is the natural choice. However, the FDA is currently a beleaguered agency, which is heavily criticized and plagued by insufficient resources. In addition, the clinical trial model that is used for drug and device approval is not a good fit for EHR systems.”
Instead, the researchers suggest regulation by the Centers for Medicare and Medicaid Services, which already enforce HIPAA, or a newly created agency with jurisdiction over health information technology.
Case Western Reserve news: http://blog.case.edu/case-news