Patient Confidentiality,Data Security,and Provider Liabilities in Diabetes Management

From inception, the electronic patient record has raised issues of data protection and patient confidentiality. These privacy issues have become more complicated with the introduction of electronic links to patient information held in databases sited on local and wide area networks. The first purpose of this paper is to review, from the provider's perspective, the issues surrounding patient confidentiality, data security, and consequential provider liabilities. The second is to propose possible immediate strategies and long-term solutions. Clinical procedures in diabetes practice create patient data from confidential information. This information is owned by the patient, received by the provider, enriched by a professional interpretation, and merged with other data into health records. Ownership, privacy, accountability, and responsibility issues are raised. Consequential data security and patient privacy are easily met by storage in a locked box or file cabinet. Conversion of such records into digital data in databases on local and wide area networks markedly increases the provider's exposure to liabilities. Current methods for securing remote data exist. These involve user authentication and secure transmission, but remote data storage is far less secure than a locked box. New tools for the secure storage of patient data are outlined. These involve encryption and decryption by the provider alone. A suite of computer protocols is presented that can restore security equivalent to a "locked box" and thus reduce liabilities for the provider. Providers should protect the privacy of their patients by encrypting all data that are stored in remote repositories. The tools to do this are urgently needed. A standardized digital protocol for verifying user identities, preserving patient confidentiality, and controlling data security by encryption will fully mitigate provider liabilities. Standardization and economies of scale promise future cost containment.