Recently a co-worker mentioned that a family member's medical records may have been breached and that there is a possibility that some of his records were too. This got me to think more about the security around all of the systems that contain our most personal information. Ultimately, I find this as just another force behind the push for Electronic Health Records (EHRs).
As it stands today many doctors' offices have a room full of shelves that are buried under files and files of medical records. Note that this room of files is frequently left open to be accessed by nurses and physicians assistants prepping patients. Sometimes, at small clinics and private doctor's offices, it is even open for the public to see. And as many of us have multiple doctors and specialist, security breaches exists when paper based medical files are literally mailed and shipped from office to office. This lack of security puts anyone who has ever been seen or treated at that facility at risk. This is where EHRs could play a major role.
Implementing a BPM system to facilitate your EHR project can equip your organization with greater control and visibility than you think. First, BPM can streamline the process of electronically capturing and organizing the data contained in your client's medical records. Secondly, with all of the data and records being electronic, BPM allows you to set up rules and restrictions around the records. This is extremely beneficial to healthcare organizations in several ways:
- While BPM is not software security, it does have the ability to define a workflow, involving only pertinent parties at each step. From this, rules and authorizations can be applied to the process ensuring that only authorized personnel are able to complete necessary tasks.
- As a back end piece to the point above, BPM can be used to automate and ensure security clearance and the authorization approval process for nurses and physicians assistants
- It allows the process champion to name responsible individuals in the process
- Most importantly, based on login access, BPM can be used to track and report on who accessed the patient database, when it was accessed, who's records were opened, and updates or changes that were made.
Mary Katherine Strupe