The Future of EHRs, Big Data, and Patient Privacy

Print Friendly, PDF & Email

Moving patient data online has been a great boon for the practice of medicine. Patient records, formerly pieces of paper in a folder, are transitioning to electronic health records, or EHRs. While this has done wonders for transferring records between offices and aiding in connecting technology like wearables and providing big data for machine learning, the quantity also raises questions of patient privacy and data security.

Volume of Data

The start of this story is in the volume of data. Even back in 2011, Duquesne University estimated there to be 150 exabytes of healthcare data collected. In 2015, they noted, 83 percent of doctors had adopted electronic records. This, on the surface, sounds fantastic. All that data, which has only increased since then, can be used for predictive analytics.

Big Data

Thanks to the amount of data collected, predictive analytics is possible. This helps healthcare professionals make smarter decisions regarding patient care. A computer is able to catch symptoms that are comorbid of other problems that a specialized doctor would miss.

An added bonus to being able to make better decisions thanks to big data is that it has also created new roles such as the nurse informaticist. These nurses care for patients and affect healthcare policy. The key, however, is they use big data to drive these decisions. For example, they might be able to predict staffing needs based on historical data, so that they have enough nurses to manage patients. Before the adoption of EHRs and machine learning, the technology that makes this job possible, and thus those decisions, simply did not exist.

Privacy and Security

On the flip side, the massive amount of data means security needs to be kept to a high standard, or data breaches could reveal patient data. In the first quarter of 2018 alone, nearly 1.13 million records were exposed due to a data breach. Then, in July, more than 2 million more records were exposed. Over the past 8 years, more than 176 million records were breached.

Worse, in 2016, the WannaCry ransomware locked out hospitals from EHRs, effectively stopping all patient care due to lack of access to patient charts. The hospitals were forced to pay a ransom or let their patients suffer from lack of treatment.

That’s where the Health Insurance Portability and Accountability Act of 1996 comes into play. More commonly known as HIPAA, it puts stiff fines on a company should they find themselves the target of a successful breach. The penalties are sorted into four categories.

A breach that could not have realistically been avoided, and the company or hospital has taken measures to be in compliance, is a category 1 violation. This results in an up to $50,000 fee with a minimum fine of $100 per violation. A category 2 violation is where the company should have been aware of the problem, but the violation could not be avoided. It carries the same penalties as a category 1, but with a fine of at least $1,000 per violation. Willful neglect but with an attempt to correct the violation is a category 3. It carries a minimum fine of $10,000 per violation, up to $50,000. The worst violation, category 4, is willful neglect with no attempt on the company’s part at correction, carries a minimum fine of $50,000 per violation, up to $1.5 million.

Still, as long as companies hold the data, someone will try to steal it. Security will need to continually evolve to combat the threat of patient record leaks.

The volume and quality of patients records being transferred online is awesome in the original sense of the word. It holds far-reaching implications for what can be done with the data in the future in regards to big data, machine learning, and predictive analytics. These will only improve as more data is added. However, it also presents an ever-growing security risk, and standards will need to be held, with security researchers rising to the challenge of keeping the information as secure as possible and ensure companies maintain compliance with HIPAA.

About the Author

Avery Phillips is a freelance human based out of the beautiful Treasure Valley. She loves all things in nature, especially humans. Leave a comment down below or tweet her @a_taylorian with any questions or comments.


Sign up for the free insideBIGDATA newsletter.

Speak Your Mind