2021 has ushered in a new phase of the digital transformation for the European Union. 22 of the Member States are expected to start exchanging vital patient health data with the help of newly legislated electronic health records (EHR). Countries like Estonia and Finland have already gotten a headstart with 100 per cent of patients given access to EHRs. And now Germany is also set to take a big step forward thanks to legislation requiring EHR accessibility by 1 January 2021.
The introduction of EHRs is a significant boon to the healthcare sector. By consolidating a patient’s health records, medical professionals gain a more comprehensive and holistic overview of a patient’s medical history. EHRs not only facilitate administration (e.g. writing prescriptions and providing specialist referrals), they also eliminate unnecessary efforts (e.g double testing and time-consuming patient queries) and ensure that medical professionals have access to important patient data in emergency situations. Should patients opt-in for EHRs, they are at liberty to decide what data is collected, stored, and deleted. And they will also be able to review their own personal health data at their own discretion via an app. This reflects a major step forward for patient data autonomy.
Is the healthcare sector ready for EHRs?
So why did this step towards digitalization take so long? One of the primary reasons that Germany, for example, hesitated to get on board was the very real and serious issue of data protection and security. This concern was well warranted. An investigation conducted by VerizonData Breach in 2019 revealed that 80 per cent of hacking breaches were the result of weak credentials. Though two-factor authentication (2FA) has been mandatory for statutory healthcare providers since 2020, the appeal of such sensitive and personal data is a real draw for cybercriminals. One successful attack on a healthcare provider could provide access to the most sensitive personal data of millions of patients.
Not all two-factor authentication is created equally. Statutory insurance providers looking to implement the highest level of security, need to bear in mind that comfort and ease can not be sacrificed in the process. Although users want assurance that their data is safe against unauthorized access, they also want it to be easily accessible to them. 2FA solutions that rely on external hardware devices, like code generators or tokens, are a real inconvenience to users who can only access their accounts and data when these devices are at hand. Likewise, requiring lengthy and complex passwords may provide an added level of safety, but it also creates an added layer of complexity.
More security, less hassle
How can healthcare providers strike the best balance between security and comfort? One of the first steps they should consider is eliminating the password. This might seem like a counterintuitive approach. However, in order for passwords to offer the type of protection such sensitive personal data demands, they have to include a combination of uppercase and lowercase letters, symbols, and numbers. This makes them so complex to remember that many users make the risky mistake of using one password for several services, making their data AND company portals and apps more susceptible to data theft.
The best way to go passwordless is to transition to user verification methods that rely on biometric factors like facial recognition or fingerprint scans. With today’s mobile devices already equipped with the necessary technology to scan biometric features, it’s easy to incorporate this authentication factor into a two-factor, or even multi-factor (MFA), authentication strategy. This solution not only offers maximum security, but it is also based on technology that many users are already comfortable and familiar with. And providing users with the best possible experience will ensure their loyalty.
More security, less overhead
EHRs will facilitate many routine medical processes like filling prescriptions, providing specialist referrals, sharing medical information and histories, or even simply accessing one’s own data. Each of these processes is considered a transaction. One that needs to be authorized by the data owner: the user or patient. This is a key safety feature for those concerned about data protection since it ensures that only the data proprietor can authorize third-party access.
However, security strategies that rely on one-time PINs sent via SMS to the user’s mobile device will quickly accrue substantial costs for all these transactions. Replacing one-time PINs with biometric verification will eliminate unnecessary expenses.
EHRs have the potential to revolutionize the medical system and allow patients to become active participants in their own healthcare. They provide doctors with a quick and comprehensive overview of patients, giving them more time for valuable patient interactions. They create quicker access to complete patient information and histories, which means better and faster healthcare decisions. Providing the right level of security, which balances protection and ease, will be essential to ensuring widespread acceptance of this very beneficial technology.