Originally Published February 2001
The memorable phrase from 2001: A Space Odyssey, "Open the pod-bay doors, HAL," evokes images of the lone explorer threatened by an advanced computer system. Although the dawn of our new century has not been marked by developments as dramatic as those involving HAL, there may be more than a little truth to the film's underlying themes of society's sometimes uncertain relationship with its technology. Modern innovations are indeed startling and are occurring at a near-frantic pace—particularly in the various disciplines of medical care. Some of these developments, however, may pose serious hazards that are difficult to assess and mitigate at the rate such advances are taking place.
The current state of healthcare is generally being shaped by expanding use of microprocessor- and computer-based systems, as well as increasing reliance on Internet-based tools and applications. Telemedicine would be little more than an intriguing concept without this technical foundation. Similarly, the state of the art in such fields as medical imaging, clinical laboratory functions, and patient monitoring is advancing largely as a result of becoming increasingly "connected." But the increased reliance on computer- and Internet-based systems is also posing risks in terms of patient safety and security. Such risks range from confidentiality concerns to more significant threats to the patient as a result of medical errors. Increased industry concern regarding such hazards, in addition to growth in public regulatory pressure, are promoting research and development of more effective methods of ensuring the security of patients and patient records.
MEDICAL ERRORS AND MALPRACTICE ARE TOP ISSUES
Widespread media attention to the 1999 Institute of Medicine report on medical errors quickly brought the issue to the forefront of public attention. A nationwide survey of over 2000 adults conducted last year by the Kaiser Family Foundation (Menlo Park, CA) and the Agency for Healthcare Research and Quality (AHRQ) found that medical errors and malpractice are now among the public's leading measures of healthcare quality. The survey results indicate that people are more concerned about mistakes happening when they are in the hands of the healthcare system than when they are flying on an airplane.
Of course, not all medical errors occur inside hospitals. For example, an examination of pharmacists by the Massachusetts State Board of Registration in Pharmacy estimated that as many as 2.4 million prescriptions each year are improperly filled in that state.
Errors in medication, surgery, and diagnosis are considered the easiest to detect. According to the AHRQ, however, "medical errors may result more frequently from the organization of healthcare delivery and the way that resources are provided to the delivery system." The agency adds that any effort to reduce medical errors in an organization requires changes to the system design. Because they address issues on the system level, use of patient tracking and security systems can support efforts to reduce the potential for these types of medical errors.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT
A number of factors are driving development of improved systems for ensuring the security of patients and patient records. Among these was passage in 1996 of the Health Insurance Portability and Accountability Act (HIPAA). This federal statute established regulations designed to protect health insurance benefits of and sensitive information about the insured. Intended to provide workers who change employment better access to health insurance coverage, HIPAA limits exclusions for preexisting conditions and restrains health plans from denying health insurance to individuals based on health status. In addition, HIPAA mandated the development and implementation of uniform national standards for the secure electronic transmission of healthcare information.
An underlying principle of HIPAA is that the confidentiality of patient records may be threatened by the risk of unauthorized access to the stored information or the interception of such data while it is being transferred from one location or system to another. It has been noted that the potential threat to confidentiality of electronic data is just as serious as the risks associated with the use of paper-based records. In addition, growing reliance on the Internet is generally viewed as posing new challenges and security risks for electronic data.
In addition to requiring establishment of systems to better safeguard patient records, HIPAA mandates that patients must be given easier access to their own health information. The goal was to make it as simple for patients to view that information as it currently is for them to view their own bank statements. To comply with HIPAA requirements, data security systems must incorporate techniques to ensure proof of identity. Adequate authentication is considered to be the only way to differentiate authorized users from potential intruders. Authentication is particularly important in the event that more sophisticated communication methods, such as Internet-based systems, are used.
IDENTIFICATION IS NOT AUTHENTICATION
The foundation of most systems intended to safeguard patients and patient records is the ability to accurately verify the identity of all parties involved—including the patient, caregivers, and administrative or support staff. There is an important distinction, however, between identification and authentication (or verification). Within most common frameworks, the process of identification involves determining the identity of an individual user within a given population, based on characteristics associated with that user without the individual necessarily claiming a specific identity. A computer network, for example, may be set up to identify users accessing the systems at a given time based on connectivity addresses. But the actual identity of a given user cannot be guaranteed without the use of additional tools. Authentication, on the other hand, is used to verify a claim of identity. In the example of the network user, an authentication system would verify the individual's identity claim when the individual provides specific information or a specified set of characteristic such as a personal identification number (PIN), password, or physical attribute.
Although the use of passwords, PINs, or other information may be sufficient for many applications, the security needs of the healthcare environment often demand measures that can offer considerably more robust capabilities. Advanced authentication systems for medical applications are relying more frequently on biometric information, such as fingerprints, voice patterns, or signature verification to ensure user identity. In most situations, some method is used to clearly identify:
Something that is in the individual's possession, such as a smart card.
Something that the user knows, such as a password.
A physical attribute of the user, such as a fingerprint or other biometric information.
The ability to use these parameters consistently and accurately in authenticating a patient's or caregiver's identity is the basis for the security systems being developed for use in healthcare environments. An effective biometric system would offer accurate performance in two different functions. First, it would be incapable of allowing access by an unauthorized person.
Second, it would never deny access to an authorized person. Ideally, it would also function in an unobtrusive manner and be compatible with other equipment to be used, enabling it to
be merged relatively seamlessly into existing systems within the facility. Because most available systems have their own strengths and weakness, no single solution has yet emerged as the technology leader.
PREVENTING MEDICAL ERRORS
Medical errors involving the incorrect administration of medication or transfusions can have catastrophic results. Although such events often gain significant attention in the popular press, mistakes made in collecting specimens for diagnostic testing can pose equally serious hazards for patients. Blood, bodily fluid, and tissue samples can be mislabeled; samples can be taken at the wrong time; or incorrect quantities can be taken. The results can often be a need for new samples, longer hospitalization, and higher costs. In some cases, the results can be more
serious, including misdiagnosis or the subsequent incorrect administration of medication or therapy.
Results of a survey conducted in 1999 suggest that there is limited awareness of specimen identification errors among hospital department managers. Although more than 90% of CEOs and department heads involved in the survey indicated that they were well informed on medication errors within their facilities, less than 70% were well informed of specimen collection errors. In addition, 58% of hospital CEOs and 38% of nursing administrators could not estimate the number of such errors that had taken place at their facilities in the four weeks prior to the survey.
The use of bar code technology is proving to be useful in ensuring specimen collection accuracy, though costs associated with implementation of such systems has often limited facility-wide use. Becton Dickinson (BD; Franklin Lakes, NJ) is among the companies examining the use of bar code technology. BD acquired the IntelliCode division of Med Plus Inc. (Cincinnati) in January 1998. Intellicode had been working on intelligent bar coding systems that can customize labels to improve workflow and had used bar code technology in its warehousing operations. BD realized there was a strong potential for tying the bar coding technology in with its sample administration and disposable products. A new division, BD.id, determined that a novel method could address two significant issues—the need to "positively associate the right specimen with the right patient and eliminate preventable medication errors."
The company has developed Rx and Dx systems for reducing medication and specimen errors using its bar coding technology. Both the Rx and Dx Solutions use the Symbol SPT 1740 handheld device, coupled with Riverbed Technologies' ScoutSync 3.0 software. The Symbol SPT 1740, based on the Palm OS platform, provides bar code scanning capabilities, along with pick lists and pull-down menus for data capture. Riverbed's ScoutSync software provides the simultaneous, two-way communication between multiple Symbol devices and the BD Rx/Dx Server.
According to the company, "The Rx system allows healthcare providers to access vital information about medication dosage and potential drug interactions before administering a drug. Using the Rx system, nurses scan the bar code labels on unit-dose medications and patient wristbands to ensure that the right drug is given to the right patient at the right time. Built-in management reporting tools track missed doses, misidentification, and other errors."
|The Bridge Medication Management System works with bedside computers to reduce medical errors.|
The Dx system, which is used during the collection stage of the specimen management process, is intended to ensure positive identification of the patient. The system
can also verify vital collection data. It is designed to print the correct bar code specimen label at the point of collection. The company indicates that this capability eliminates the need to manually write the date, time, and caregiver's name on each tube.
According to Walter Kalmans, the company's marketing director, "The Rx and Dx systems are designed to significantly reduce errors in medication administration and specimen collection. This has a huge impact on our healthcare system, significantly reducing injuries, improving quality, and lowering costs." He estimates that the systems can pay for themselves in less than two years.
Last year, former-president Clinton announced a comprehensive plan for reducing medical errors. Following the announcement, Bridge Medical Inc. (Solana Beach, CA) and Northern Michigan Hospital (Petoskey, MI) began to assess the use of a technology that includes computer networking and bar code scanning to act as a double check before medication is
The Bridge Medication Management System enables nurses to bar code scan the drug to be administered, the patient ID bracelet, and their own ID badge. According to the firm, "The system then verifies the 'five rights'—right patient, right drug, right dose, right time, and right route of administration." The system also ensures that safe dosing levels are being administered and alerts nurses of potential hazards involving medications that may have a similar appearance or name.
The system is designed to be compatible with bedside computers that interact with a radio-frequency-controlled communication system installed in the ceilings of hospital facilities. The configuration allows changes in medications, dosage levels, or other patient information to be communicated between the hospital information systems and the bedside units in order to keep floor nurses abreast of changes.
The system is intended to reduce the possibility for error and to eliminate many of the manual steps that were previously needed in drug administration. Phase one of the program was initiated in 1998 on the hospital's medical and surgical floor. Phase two is currently under way and involves upgrading the system that automates recordkeeping of medication administration, which nurses currently perform manually and is considered time-consuming.
According to Jim Douglas, RN, Bridge Medical's site coordinator at Northern Michigan, the key to error reduction is to use technology to simplify the medication delivery system and continually improve the process. "Many people don't realize that there are more than 65 steps involved in dispensing and delivering one medication, which clearly leaves room for error." He explains, "Rather than expecting perfect performance in these complex systems, we need to use technology as a backup check for humans, who can make mistakes. We should take the information we collect about 'near misses' and find ways to improve the system, reducing the chance that the same 'near miss' could happen again—that's what this program is all about."
The system is capable of automatically recording the time when a medication dose is given, the staff member who administered the medication, and other pertinent information. Reports can be generated that allow managers to monitor the medications given to patients and help hospital staffs identify opportunities for implementing improvements in their procedures for medication administration.
To date, use of the system has been considered successful. "With the system, we have the capability of tracking medication events and determining whether an error was prevented. Without the system, we are unable to identify all errors, let alone near misses, since the clinician involved is often unaware that an error has occurred," said Trudy Day, RN, a clinical nurse manager at Northern Michigan Hospital.
SECURITY AT THE FINGERTIPS
Among the recently developed biometric technologies are computer-based systems that are able to transfer information in real time using fingerprint scans. Like bar code scanning, fingerprint-based identification methods have been found useful for ensuring patient identity, reducing the risk of medication errors, improving recordkeeping, and preventing other potential problems.
Fingerprint scans do have some limitations in their range of applications because they cannot be used by staff members wearing surgical or exam gloves. This type of identification, however, can be used during patient admissions and in some clinical applications, and it is especially useful in situations where patients return frequently. A system such as the HealthID automated fingerprint identification system from NEC Technologies Inc. (Itasca, IL) can be used upon admission to link a patient's fingerprint to medical records contained in existing hospital case-management computer files. The method can even be used in instances when patients are unable to give their medical history to hospital personnel, because the case history can still be obtained and any existing conditions or illnesses identified.
The NEC system is also intended to eliminate other patient record problems. The company indicates that upward of 10% of hospital records are duplicates, or kept in error. Incorrect entry of a name during the admission process can result in the patient being linked to the wrong case history. With HealthID, the patient's finger is placed on a small pad linked to an optical character recognition system. The fingerprint is then displayed on the computer screen, followed by case documents.
In addition to helping improve patient care, the technology can be used to reduce medical care fraud. Many cases of fraud are reported in inner-city hospitals where patients are admitted using a false ID and charges are sent to Medicare. "But now such fraud can be prevented, as the actual patient being treated is accurately identified," says NEC product manager Chris Warner.
Outside of the hospital, fingerprint scans are also proving useful for ensuring security of patients. BioNetrix (Vienna, VA) has licensed its biometrics technology to DrugEmporium.com, the on-line subsidiary of Drug Emporium (Powell, OH), enabling the Web-based firm to authenticate the identities of physicians ordering patient prescriptions over the Internet.
The BioNetrix software prompts doctors placing the on-line prescriptions for biometric IDs to directly authenticate their identity and verify that they are authorized to access the patients' records. The ID can be a fingerprint, retinal or facial scan, or signature, each of which is unique to an individual.
BioNetrix is currently exploring expansion of its Hospital JumpStart, a comprehensive package of authentication software, hardware, and services, into hospitalwide systems. According to John Ticer, BioNetrix CEO, "A growing number of hospitals are exploring ways to provide quick and easy access to information while also increasing privacy and security."
PERVASIVE COMPUTING AND THE WORLD WIDE WEB
"Pervasive computing—the concept that computers in the future will be as inextricably woven into our daily lives as electricity is today—is an idea whose time is coming very, very rapidly," says Dick Lampman, director of Hewlett Packard Labs (HPL; Palo Alto, CA). The concept of pervasive computing is also the foundation of one of HPL's development efforts.
An Internet-enabled watch is among the first of the next-generation "context-aware" devices that will use biometrics to identify the user. In addition, positioning technology will track the location of the user, and sensors will provide information about the environment.
Another context-aware device in development at HPL is the BadgePAD, a smart badge that physicians or nurses will be able to pick up when they arrive at work. The identity of the physician or nurse will be authenticated through voice recognition. The cell-phone-size badge will then be worn like a conventional security badge, attached to a belt, or hand carried. Until the device is set down, it will continue to track the movements of the physician or nurse and provide continuous authentication for data access.
Within the hospital setting, the patient records system will recognize the caregiver upon entry to the patient's room. Relevant charts will automatically be displayed on the computer screen. If someone else approaches the screen and is not authorized to view that patient's information, it will go blank. If the BadgePAD is set down and picked up by another individual, it will require a new authentication but will have the new set of e-services personalized for that person.
Use of the World Wide Web also figures prominently in several other patient security strategies, including efforts to provide remote data access while maintaining necessary security. For example, HealthCast LLC (Boise, ID) and HospITech Solutions (Montville, NJ) have formed a strategic alliance to offer a range of HIPAA-compliant Internet-based services that will help healthcare providers improve patient care, increase operating efficiencies, and reduce costs.
According to the firms, HealthCast's system is designed to securely integrate clinical and administrative information from disparate legacy systems and from data sources without requiring the creation of a new data repository. A variety of authentication methods are used to enable users to securely access real-time, integrated information via an Internet browser from hospital-based offices or off-site locations, including their homes.
SUPPORT FOR DECISION-MAKING SOFTWARE
Concern for maintaining security of patient data is also shaping the design and development of decision-making software for medical applications. Baylor College of Medicine (Houston) and Caducian Inc. (Austin, TX) recently signed a collaborative development agreement intended to enhance Caducian's real-time clinical decision-making support software for use in
The Caducian system will be designed to allow authorized individuals to view and analyze all of a patient's continuous clinical data flows that have been collected from a variety of monitoring devices from different manufacturers. Sophisticated algorithms will be developed for data mining and analysis of the information flows from the various devices.
"Patients with life-threatening conditions are monitored throughout the clinical process," states J. Robert Beck, MD, vice president for information research and planning at Baylor, adding, "We are pleased to work with Caducian to provide a seamless data flow, which will enhance our research on identifying critical events."
The system "allows for the secure portability of patient data in a way never before possible," the firm indicates. "Previously, patients, doctors, administrators, insurance companies, attorneys, and other interested parties in the healthcare provisioning cycle have had to rely on verbal and hand-rekeyed records of monitoring system read outs, taken at isolated times from isolated proprietary systems." Caducian's technologies will give physicians "a powerful new tool to help them in complex clinical decision making—weaning premature infants from ventilators as early as possible, for example."
Smart cards are also playing an important role in ensuring the security of patient records. Keyware (Woburn, MA) has been chosen to provide customized fingerprint smart card authentication for eMedicalFiles.com LLC. The system it will supply can store and retrieve comprehensive medical information via an exclusive combination of a smart card and Internet server.
According to Keyware, this product is a "patient-centric" approach to managing medical information. That is, the patient is in control of making his or her up-to-date medical information available when needed. New information can be added to the patient's card in real time at each encounter with a healthcare provider. Keyware's technology is intended to provide secure access to detailed medical records, leading to improved patient care, fewer errors, faster claims resolution and less paperwork. Every type of point-of-care facility—hospitals, doctors, dentists, pharmacies, and rehabilitation facilities—will be able to access patient records in order to obtain accurate, timely information, while biometric technology will provide high-level patient confidentiality and security.
Sense Holdings Inc. (Tamarac, FL), through its Sense Technologies subsidiary, has initiated a fingerprint-based smart card to provide enhanced security for storing and accessing portable data, including medical care information. Applications of the firm's BioCard system include securing and managing medication disbursement, patient test results, and treatment schedules.
The company suggests that "biometric technology, coupled with the use of smart cards, has the potential to take security, convenience, and versatility to another level for our customers." Says Dore Perler, CEO and founder of Sense Technologies, "Our ability to store and unlock data with a fingerprint should be of great interest to the medical, financial, and education markets. SmartCard technology offers a reliable yet secure method of storing and accessing portable data."
HAL sought to defend his behavior by explaining, "This sort of thing has cropped up before, and it has always been attributable to human error." New technologies to address patient safety and security concerns are, in one sense, part of an effort to avoid the irony of HAL's comment.
The more sophisticated technology becomes, the more complex and vital the dual issues of security and access become. On the one hand, systems in development must offer greater certainty that diagnostic or therapeutic care is administered to the correct patient, and that the treatment being provided does not pose undue risk to the patient. To achieve this, up-to-date and accurate data must be readily available to caregivers. On the other hand, research is being directed toward developing methodsto ensure that all data generated in the course of patient care is secure—that access to this sensitive information is granted only to authorized individuals. Use of systems based on biometrics technology—including voice recognition, fingerprints, and
others—will be a key element in creating new systems for maintaining adequate levels of security in both applications.
Gregg Nighswonger is executive editor of MD&DI.