CIA-Security Triad for Medical Data Integrity

CIA trio that stands for Confidentiality-Integrity-Availability has a eminent role in protecting a system for data breaches, malicious threats and vulnerabilities. Data integrity by definition means assuring the consistency and accuracy of data in its entire lifecycle. In this paper, I'm vigilant on exploring the data integrity breaches in Medical field and how data integrity should be maintained in order to avoid any kind of data attacks. An Electronic Health Record (EHR) system must enable productive accessibility of critical, precise and complete data in order to help improved clinical administration through the advancement, execution and enhancement of clinical pathways.

Needless to say data integrity is the main thrust and is a essential aspect at all levels.

This concern needs a serious thought in health care, where in inaccurate data leads to adverse impact which may kill or incur long-term health damage to patients. The below table gives us some of the errors which may ends in compromise quality of care.

• EHR Risk
• Impact on Data Integrity
• Transcription error

A baby died due to massive drug overdose, result of transcription error while recording handwritten notes into computer system.

Get quality help now

Sweet V

Verified writer

Proficient in: Cyber Security

4.9 (984)

“ Ok, let me say I’m extremely satisfy with the result while it was a last minute thing. I really enjoy the effort put in. ”

+84 relevant experts are online

Hire writer

This can be prevented if there are automatic alerts activation

• Internal Software programming inconsistency
• Calculations for weight check, temperature gauges, etc.
• Copying and pasting critical information

Accidentally cloning the same data for several rows may result in unexpected results.

Considering the above scenarios and many more like this, some investigation has been done to measure and analyse them, identifying the root causes and some strategies implemented to reduce the risks.

The need for identifying and analysing the EHR related risks are paramount. Improper user training, human errors, unintended system use may also result in EHR system errors. In 2012, Russian hackers targeted Gold coast medical center to ransom after encrypting thousands of health records wherein the server was compromised and these compromises remained for days, weeks and some remained uncompromised.

Data integrity in EHR systems- The integrity of EHR can be achieved from the following three phases explained in detail. PHASE-1(Ensuring Data Integration in EMR(Electronic Medical Record)systems): Data integrity at this phase should be carried out by any clinical software systems that makes use of international medical coding system rather than free text usage. The coding system has to be an option to choose from a pre developed system to prevent spell mistakes. This facility has been introduced by Australian health care providers where in various medical information related to patients are recorded. They provide the total information that patients communicate at the time consultation.

PHASE-2(Ensuring data integrity with linkage for right records): For a healthy system a clear link has to be established in order to avoid potential harms to the patients as well poor medical records management. Identification of right patient at right timeframe with right information is eventually a vital part in the phase of integrity. For example, Australia uses HI(Healthcare Identifier) to all the patients enrolled with Medicare. HI is 16 digit unique number to identify the patients that helps the healthcare providers ensuring personal health information is linked to the right person. HI's act as building blocks for Personally Controlled Electronic Health Record (PCEHR) system. HI number is created based on ISO7812 standards, that comprises of 1 digit Major Industry Identifier, 6-digit Issuer Identifier Number(IIN), Individual Account Identifier (IAI) and a single digit checksum based on Luhn algorithm.

PHASE-3(Data Integrity in EHR systems): The major benefits of EHR's constitute to improved patient consideration, diagnostics and patient outcomes, practice efficiencies and cost savings. on the other hand, exposure of this data over the internet sources will be exposed to theft and data attacks. Pseudonymisation technique helps us to preserve the data privacy which has the process of preserving the critical data and at the same time allowing user access to less critical elements by substituting the critical data elements with pseudonyms.

References

1. https://www.hipaajournal.com/category/healthcare-data-security/
2. https://arxiv.org/ftp/arxiv/papers/1802/1802.00577.pdf
3. https://www.nuemd.com/news/2016/07/05/data-breaches-cost-medical-industry-millions-dollars
4. http://www.informationweek.com/news /healthcare/EMR/231000763