Wednesday, May 19, 2010
Trustworthy Information Systems for Healthcare
I'm an advisor to the Dartmouth Trustworthy Information Systems for Healthcare (TISH) project, a National Science Foundation funded effort to address emerging areas of information security in healthcare. Specifically, TISH will examine novel approaches to the protection of clinical information while ensuring clinicians can access the information they need when and where they need it. The work also focuses on the collection of sensor data through personal sensor devices including both physiological and activity data to enable monitoring of patient outcomes while giving patients control over their privacy.
We heard 4 presentations today that framed the scope of research ahead:
mHealth - how can we use wireless sensor networks on the body or in the home to gather telemetry that can be used to monitor or improve health? How do we maintain integrity of that data? What patient controls over data uses should be included? How can we guarantee the authenticity of the data, ensuring it came from the right person?
Economics and Risks - how can we reduce fraud including falsified billing, stolen pharmaceuticals/supplies/equipment schemes, or medical identity theft? How do we mitigate the risks of security failures such as stolen laptops, deceptions, and inadvertent disclosure that might occur through accidental search engine exposure or through the use of peer to peer file sharing? Will HITECH help?
Access Control - What is the current state of access control practices among various industries? How often are complex access rules used in practice? How often do users circumvent control mechanisms to get their work done? Can we express security policies by specifying who is using what and why (user/action/resources) with allow/deny settings?
Social Informatics - What is the patient perception of uses of their healthcare data? How does this compare to actual IT practices? What is the pattern of data flow for the average patient. For example, in 1997, an Institute of Medicine study For the Record identified that patient data is sent to 27 different groups in the course of treatment.
I look forward to participating in this effort, since answers to these questions will empower the policy and technology work we're doing nationally, regionally and locally.
Posted by John Halamka at 3:00 AM