A Viewpoint of Security for Digital Health Care in the United States: What's There? What Works? What's Needed?

In health care, patient information of interest to health providers, researchers, public health researchers, insurers, patients, etc., is stored in different locations via electronic media and/or hard-copy formats. All potential users need electronic access to health information technology systems such as: electronic health records, personal health records, patient portals, and ancillary systems such as imaging, laboratory, pharmacy, etc. Controlling access to information from multiple systems requires granularity levels of privileges ranging from one patient to a cohort to an entire population. In this paper, we present a viewpoint of the state of secure digital health care in the United States, focusing on the resources that need to be protected as dictated by legal entities and regulations, the available approaches in the present state-of-the art, and, the potential needs for the future of security for digital health care. By utilizing a real world scenario, the authors explore the limitations of health information exchange in the United States, and present one possible architecture for secure digital health care that builds on existing technology alternatives.