DOD health records project hinges on security

The Defense Department is expanding a project through which it is entrusting outside entities to store its medical health records for the first time.

Through a partnership with Google, Microsoft and the Veterans Affairs Department, DOD's Military Health System (MHS) plans to securely store electronic health records (EHRs) through the Internet, allowing global access by medical personnel and by the patients themselves. The effort will open doors to accessibility — and also to potential threats to confidentiality.

“We have all this information we need to push out,” said Chuck Campbell, MHS chief information officer. “We have newer ways of doing business, and it’s important to capture all the information on every patient, no matter where they go — from the roadside to the military facility.”

The program started in March 2008 at Madigan Army Medical Center in Tacoma, Wash. More than 400 patients had enrolled in that program as of June 2009, according to an MHS announcement. Now that the department has given a green light to expand it, officials are planning where next to deploy it but have not yet announced new sites.

The system's key feature is that it is patient-controlled, MHS officials said. Patients can see their test results, medications, medical histories and other data that doctors have traditionally kept locked away in file drawers.

As part of a Web 2.0 push, DOD will overhaul its back-end EHR program, which Campbell said is cumbersome and unreliable. MHS will use Microsoft HealthVault and Google Health to store records.

Creating a Web-based archive of extensive medical records — a virtual lifetime electronic record, as Campbell sees it — is a massive undertaking. The details of the agreements with the service providers are still taking shape, and the health system is working toward instituting a system of penalties as a security measure to give the firms a greater incentive to handle the records with care, Campbell said. Still, more will be needed in a push to digitize volumes of sensitive medical data, other health records experts say.

“There are inherent security challenges in open architecture,” said Susan Feinberg, vice president of business development at HealthCare Resolution Services, which has numerous contracts dealing with EHRs within the military and government. “The sheer volume of records, including older records and retirees, requires best practices and security safeguards.” HCRS is not directly involved with the records storage project.

Campbell said he envisions a system that also includes each participant's benefits, eligibility information and personnel records. Eventually, there could be a single repository for DOD recordkeeping and departmentwide access, though “with 50,000 visitors a day to a single database, security is certainly a concern,” Campbell said.

Campbell is far from the only one concerned. Navy Chief Information Officer Robert Carey, speaking at a conference last month, also addressed DOD’s security challenges. “The revolution is ongoing for the Internet, and the battle is ongoing for security,” Carey said. “At this point, we’re committed to a [network-centric] world.”

A successful system depends on several key tenets, Feinberg said. A standardized platform will be necessary to reach across time zones, branches, departments and agencies. That platform will need to comply with the Health Insurance Portability and Accountability Act of 1996, which governs privacy.

Security will hinge on system management, particularly data encryption on multiple levels for passwords and unique identifiers for users, said HCRS project manager Valerie Pair-Biggs, who also stressed the importance of a dependable backup system.

“You need a backup system that works in real time, from all entry points, stored in a separate location,” she said. Those systems "have been used in industry for many years, but in health care, you especially have to make sure 100 percent that information doesn’t fall into the wrong hands.”

Beyond the mechanics of security, the human factor represents an important facet of the move to electronic recordkeeping, particularly in military health care, Feinberg said. Knowledgeable personnel and adequate support can make the difference between a smooth operation and a public-relations nightmare.

“People need help," Feinberg said. "Sometimes they’re scared, they have a new doctor, or they’re in a new place.… You have to think about how the patient feels. You have to have the human factor. If something goes wrong, say maybe there is a glitch, service is being denied — people talk and the word gets out.”

However, handled properly, the transition will offer plenty of benefits.

“Ultimately, using electronic records will result in a faster, more flexible and more cost-effective system," Feinberg said. "Improved health care will result in a healthier population and long-term enhanced wellness for military families.”