Health Records Should Belong To Patients

Health Records Should Belong To Patients .jpg

By Sean Martin, host of At The Edge and An InfoSec Life

This is part 2 of the two-part podcast where ITSPmagazine's Sean Martin had a chance to connect with Gerard Scheitlin, the Chief Risk Officer and chief of security, risk, and assurance for Orion Health. If you missed part 1, be sure to catch that part of this episode where Gerard provides some insight into the challenges CISOs face with the growth of technology counterbalanced with the long-lasting legacy systems organizations, and their patients continue to rely on every day.

In this second episode, the two continue the conversation, looking beyond the systems aspects and digging deeper into the health records. Gerard spends some time looking at what data is included in today’s electronic health records; you might be surprised about some of the things are collected, submitted, and used to provide health services, all driven by an industry looking to transition from a model of populous care to one of precision medicine.

We are in a transition in healthcare, one moving from a populous system of care to a model where precision medicine can be applied, and specific treatments can be directed toward particular patients based on a wealth of health information made available to the caregivers via our medical records. With this, the questions become: how do patients provide the information that matters and how do they take an active role in the data access and management process? And, more importantly, are they in control of the processes that manage how and when data is submitted, collected, access, shared, and analyzed? Can they turn on and off access to their medical like a light switch?

With more data becoming more distributed and more readily available to the entire healthcare ecosystem, how do we approach and manage risk? How do we make the information only valid (and valuable) when in use by the patient that owns it and not worth a penny for anyone looking to steal the information for malicious or fraudulent purposes? It’s this type of radical transformation that's required to move healthcare forward while dramatically reducing the risks we currently face in making our data available electronically. As Gerard notes in this episode, we need to be able to own our data; we need to be aware of where our data lives.

Just as in part 1, Gerard has some tremendous stories to share. We hope you enjoy the conversation.

Enjoy the podcast, listen to it carefully and share it recklessly!