Canadian Security Magazine

Securing digital medical records

By Tarun Khandelwal   

Features Opinion

Canadian adoption of electronic medical record (EMR) systems lags behind that of other western countries – where in several countries adoption rates have been documented at well over 90 per cent of practitioners.

But there’s no arguing that domestic adoption is on the rise, driven by government incentives for the meaningful use of electronic records, a desire to streamline and improve the way medical records are archived, and new technologies that are accelerating the options for change.

According to Canada Health Infoway, EMR systems have been shown to save clinicians time, ranging from more efficient administrative processes for staff to faster turnover for lab result updates – all of which of which can ultimately lead to better care and faster diagnoses for patients. Implemented across general practitioners, specialists and hospitals, electronic medical records build a network of interconnected systems that facilitate timely access to a patient’s health history, no matter where the patient may be. For example, an ER doctor could have access to a patient’s complete medical history, including allergies, current prescriptions and existing conditions, as well as recent test results – something that could save valuable time in a medical emergency. Individual clinics may find it difficult to maintain the right level of ongoing security on their on-premise computers without a dedicated IT resource – something a trusted cloud provider would have both the time and staff to devote to.

Securing EMRs: Identity is the new perimeter
Despite the benefits, there are still challenges associated with digitizing medical records – particularly when it comes to security and privacy. As more practitioners assess the benefits of software-as-a-service (SaaS)-based EMR systems, it raises two critical issues: will the information entered into this system be safe, and will practitioners be able to access it whenever they need it, without interruption?

While there are legitimate concerns that need to be taken seriously when evaluating an EMR vendor, in many instances cloud computing can actually provide a higher level of security than an individual clinic computer or local data centre can provide on its own – both in terms of security of data and availability of data. One of the primary reasons for this is directly associated with cost. When the security technology is shared, the actual cost to the end-user becomes much less than implementing a proprietary system, something that may be prohibitive for an independent medical practice of three or four doctors.


But an organization – no matter what the industry sector – should not rely entirely on a cloud provider’s security solution at the data centre. While a good cloud provider will ensure the data is safe on the data centre they’re using to store it, the end user of that data (in this case the medical practitioner) is still responsible for making sure the computers accessing this information are safe. This is especially true when dealing with extremely private and confidential medical records. A healthcare clinic, whether it consists of an individual practitioner or a group of many, should ensure it has its own system in place to manage privacy, in addition to encrypting information on the network, to ensure legitimate and authorized access to sensitive medical records.

Cloud computing has impacted the way data needs to be protected. Today, identity is the true perimeter that every organization needs to manage and secure in order to ensure only the appropriate users have access rights to specific data. The implications of this new security reality for a medical practice are significant. With the right identification and access management solutions in place, it’s possible to more closely control and monitor who has access to an EMR, when these records are being accessed, and from where. This is powerful intelligence for a medical practice to have when such personal and private information is being handled.

Ultimately, thanks to cloud computing and rising mobility trends, it doesn’t matter where information is stored: data is not inherently more or less secure from unauthorized access whether stored on an internal network or in a hosting company’s data centre. But having privileged identity management and information protection in place can add the extra layer of security medical practitioners need to ensure patient data is safe.

Tarun Khandelwal is a Senior Solution Strategist for Security Solutions with CA Technologies in Canada.

Print this page


Stories continue below


Leave a Reply

Your email address will not be published. Required fields are marked *