Security gets top priority in 'shared care' EPR

Decentralized healthcare is becoming increasingly common as a way of maximizing resources and medical expertise. Adding a cross-institutional electronic patient record should theoretically improve the quality of this "shared care," so long as the system protects patient's medical data from unauthorized access and alterations.

Researchers at the Institute of Medical Biometry and Informatics at the University of Heidelberg have been assessing how to set up a single EPR for two institutions treating the same set of cancer patients. Their solution, published in the July 2003 issue of the International Journal of Medical Informatics, meets even the most complex rules on data security and data protection required by law in Germany.

The Heidelberg/Mannheim Tumor Center is typical of many German regional centers supporting distributed oncology care and cancer research. The center comprises four separate institutions: the German Cancer Research Center, the University Medical Center of Mannheim, the University of Medical Center Heidelberg, and the ThoraxKlinik-Heidelberg.

Radiologists, radiotherapists, and oncologists from the latter two institutions work particularly closely, prompting efforts to establish shared data access between the facilities.

Heidelberg researchers first identified the legal requirements for a cross-institutional EPR according to five key criteria:
? confidentiality of patient data
? integrity of patient data
? authentication of physicians accessing the system
? accountability of physicians adding or modifying data
? availability of patient data on demand (if authorized)

They then devised a series of technical solutions and organizational procedures to implement the EPR between the ThoraxKlinik-Heidelberg and the University of Medical Center Heidelberg's department of clinical radiology.

"German laws on data protection and security are particularly complex," said lead author Minne van der Haak, research assistant at the University of Heidelberg's department of medical informatics. "There are several laws at the federal level, in which data security and protection are laid down, and then there are the laws of the different federal states."

Team members opted for a "virtual" EPR, in which data are stored where they were generated and accessed remotely. They then implemented a one-way virtual private network (VPN) that allowed radiologists visiting the ThoraxKlinik-Heidelberg for weekly meetings to access information stored in their home department.

A bidirectional VPN connection between hospital firewalls at the two institutions has now been implemented as well, and this is being used to share pathology data, van der Haak said. Image transfer has yet to be added to the EPR, although a PACS is currently being installed at both institutions.