Encryption and Electronic Health Records: A Q&A with Paul Fowler (Pt. 2)

(To read the first part of this blog post, click here.)

AXWAY: Let’s talk about compliance. Some would say that if you’re compliant, you’re doing fine.

PF: Some people think compliance is setting up a few rules and some people think compliance is pretty much locked-down infrastructure. The government tells you what needs to get done to satisfy the law; they never tell you how to go about actually satisfying the law. There are people who do not believe that encrypting email is necessary, but there are also people who don’t believe that seatbelts are necessary! It doesn’t mean that it’s not common knowledge that seatbelts save lives. There are many people asking themselves, “Do I cut three employees from my staff in order to buy an encrypted email system?” And their answer is, “No, that’s not necessary.” And I tend to liken it to seatbelt laws: anybody who thinks they don’t need a seatbelt is right until they have a wreck, don’t have one on, and die. Then the realization of its importance becomes clear, but at a high cost. In the same way, there are tons of people who don’t believe that encryption is a necessary thing. They don’t believe they need their files managed in a very secure, two-factor-authentication method. Now clearly, the government, when they’re ordering nuclear weapons, uses managed file transfer, a system that will provide that encryption. But when you’re chatting on IM with your friends, you don’t have any security there at all. And you don’t worry about it because who cares what you’re saying to your friends? But if you’re in a hospital and IMing with your friends that some famous actor came in, here’s his medical record, and look what they’re treating him for—this all creates a host of issues for the hospital to worry about, issues that could expose them to massive liability. That’s big dollars. Managed file transfer, encrypted email, the encryption of IM systems—these things should become important to hospitals so that they can identify who internally is responsible for violations and educate those people constructively.

AXWAY: Protecting the company is fine, but besides privacy concerns, what else do these technologies address?

PF: As you implement managed file transfer and these kind of encrypted email technologies, you begin to see patterns of your trading partners and exactly how they operate. You begin to establish the connections with networks and facilitate the safe spread of medical information. The more medical information gets shared, globally and collectively, the better patient outcomes are, both individually and collectively. So if every diabetic knows what works for every other diabetic, the community of diabetes patients is treated better. And if you can share one diabetic’s record with an expert, without compromising the diabetic’s identity, then that expert’s patient has an improved chance for better treatment, and everybody wins. Ultimately, that’s what’s it all about. It transcends mere compliance in some real way. The real challenge is this: How do we share medical information without compromising the privacy of an individual? The goal is not just to protect the information. The goal is to share the information with people who need it. For example, if I travel to Paris, which I do two or three times per year, and I don’t have an eHR, if I find myself in a hospital in Paris, nobody will know anything about me. How do I, as a patient, get my medical records to brand new doctors in a safe and secure way all the time?

Leave a comment

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s