Previously in this blog series, we've looked at how patient data is collected and aggregated in order to provide a complete electronic record of a patient's care and to derive insights into the performance of healthcare systems.

Now we come to the challenge of providing appropriate controlled access to clinicians so they can use the data to improve a patient's care. It's crucial that privacy and security policies are put in place granting only authorised access to the aggregated data by uses with the right privileges and the need to view it to better manage a patient. This leads us to the third A in the series of six As: Access.

Access is the ability to provide data for viewing to certified personnel - almost always clinicians with the need to know - in the right place and at the right time. Concerns about security and privacy arise if the confidentiality and integrity of transmitted data is not maintained and if unauthorised users are able to access sensitive clinical information. These are important challenges and ones that can be met with the right approach.

Sharing Aggregated Data Securely

Smooth access to data for key stakeholders is essential and can be achieved by creating (1) a patient portal for patients, their families, and next of kin and (2) a clinical portal for care providers. In today's world naturally there also needs to be provision for other means of access such as using dedicated apps on mobile devices and very close linkages to physician EMR systems so providers are always assured they can rapidly access needed information.

While security and privacy rights of patients must be maintained, there needs to be a balance chosen regarding who has access to shared clinical information. If access is to tightly restricted and sectioned off to a select few, then value from the system becomes limited. Patients need to have the ability to control who sees their information, and providers need to form sensible policies that comply with relevant legal restrictions while still delivering worthwhile benefits from sharing of information.

Balancing the various requirements can be difficult, such as the need to balance data security and usability, more generally to balance security and privacy with usability. However, it can be done with the right solutions and the right policies in place. This is something that Orion Health has two decades of experience with, abroad and across Canada. Our seasoned experts have developed ways to meet government and other standards while also improving healthcare through sharing of information.

Empowering Patients, Enabling Care: How Access Can Shape Healthcare

eHealth Saskatchewan used Orion Health solutions to create the eHR Viewer – a system that integrates lab repositories and medical records across the province in order to give patients and healthcare providers' access to patient information, regardless where Saskatchewan's 1.1 million residents seek care across the province.

Using Orion Health's Clinical Portal, Results Viewer, Clinical Data Viewer and Central Data Repository, authorised care providers are able to view 90% of lab results as well as immunisation information, clinical encounters, structured medical reports, discharge summaries, medical imaging reports and chronic disease information. By providing healthcare practitioners with timely access to patient information at the point of care, patient outcomes are improved, as are patient experiences.

However, this extensive connected network would be quickly shut down if it didn't include stringent data security and patient privacy mechanisms. Not only is the system secure-by-design, but it also has multiple layers for secure patient privacy and data aggregation. 'Masking' is a built-in control mechanism that allows patients to hide or 'mask' all or part of their personal health information from being viewed in the eHR Viewer. eHealth Saskatchewan also provides transparency by offering patients the ability to request a detailed audit outlining who has accessed their profile in the eHR viewer.

Safety protocols like these meet the vigorous compliance requirements laid out in the The Health Information Act (HIPA) and The Freedom of Information and Protection of Privacy Act (FOIP). eHealth Saskatchewan demonstrates that with the right technology and safety standards in place, healthcare organisations can, in fact, ensure that clinical data remains secure while delivering much anticipated benefits to care providers and their patients.

In the next post in this series, we'll explain how to engage stakeholders in the Adoption of this technology and to endorse the delivery of data-inspired value based care.