TRENDING:

Electronic Healthcare Records , Governance & Risk Management , Privacy

'Virtual Assistant' EHR Tools: Privacy, Security Issues

Kate Borten of The Marblehead Group Analyzes Potential Concerns Marianne Kolbasuk McGee (HealthInfoSec) • April 23, 2018     15 Minutes   
'Virtual Assistant' EHR Tools: Privacy, Security Issues
Kate Borten, president of The Marblehead Group

Data integrity and privacy issues are among potential concerns related to voice-activated "virtual assistant" tools that some vendors are beginning to offer for their electronic health record systems, says privacy and security expert Kate Borten.

Similar to Amazon's Alexa or Apple's Siri voice-activated assistant products in the consumer marketplace, vendors of EHR systems, including eClinicalWorks and EPIC Systems - are planning or have already rolled out tools that allow clinicians to use voice commands for accessing and navigating patient records.

While the voice-command products have the potential to simplify the use of complex EHR systems - such as making it easier for a doctor to access specific hospital test results of a patient - the technology also raises some potential security and privacy concerns, Borten, president of consultancy The Marblehead Group, says in an interview with Information Security Media Group.

"The most important aspect is data integrity - the actual data that's in the system as well as the software that's retrieving data," she says. For instance, if a clinician speaks a command to access a particular patient's lab test results, "if the software isn't written perfectly, and it gets a little confused ... and reports back incorrectly or not the latest test results, and the caregiver acts on that information, it's a patient safety [concern] with serious potential consequences," she says.

"So, data integrity - the integrity of the information that this virtual assistant relies on or provides to the human being is critical."

Meanwhile, the voice activated tools also pose privacy concerns, she notes.

"So we have to be a little bit more careful about where this [voice activation use] is occurring. ... If this is being done in an open area where the public is walking through, then we need to think about the physical security and the implications for the patient's privacy."

In the interview, Borten also discusses:

  • Potential patient ID matching and user authentication challenges related to EHRs and virtual assistant technology;
  • The pros and cons of virtual assistant technology in the clinical workflow;
  • Advice for healthcare entities considering the use of voice activated virtual assistant technologies.

Before founding The Marblehead Group, Borten led the enterprisewide security program at Massachusetts General Hospital in Boston and established the first information security program at Beth Israel Deaconess Medical Center and its parent organization, CareGroup, as its CISO.

Previous
A New Way to Handle Cyber Claims
Next
Analysis: 'Orangeworm' Attacks Appear to Involve Espionage



Around the Network

Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.