Making EHR a reality

Share this article:

Canada's system of socialized medicine may be seen as a model from abroad, but some critics inside the country believe its condition is critical.

The malady is a lack of technological investment, specifically on the security side.

In a scathing analysis issued last year, the Canadian Medical Association (CMA) called Canada “a laggard in the use of information technology in the service of patients.” The slow pace of investment in Canada's digital health infrastructure was echoed by the Information Technology Association of Canada (ITAC) in November.

While countries such as Denmark and the United Kingdom have had national electronic health records (EHRs) for several years, fewer than half of Canada's 35 million people have access to online medical files. Given the current state of security, that may be just as well, said John Millar, president of Digital Boundary Group, provider of IT security assurance services.

“There is virtually no security at the endpoint, where health care is delivered to the patient,” he said. “With something like 100,000 access points in the province of Ontario alone, that's a concern.”

Without a substantial investment in awareness-building as it relates to security, the system is wide open to major breaches.

“We have clients that are clinics and smaller hospitals, and I've been impressed with some of the work on their data centers, but the security awareness stops at the executive level," Millar said.

He cited unsecured desktop computers and other data-entry points as significant risks.

“You have to get to the people who are delivering health services and educate them," he said. "One of our big issues is that 50 to 60 percent of data is vulnerable through technology. If security relies on people alone, that rate goes up to almost 100 percent.”

Like the CMA and ITAC, Millar – whose company established itself providing risk assessments for the financial sector – cited spending as the weak point in the system. While the federal government has estimated that a national EHR will require an investment of $350 for each Canadian, the current investment stands at about $50 per capita. The CMA is hoping that the $500 million expenditure included in the 2010 federal budget, tabled in early March, will help make an EHR a reality in the coming decade.

Millar hopes that funds will be directed where they are needed.

“Where's the money at the delivery end?" he said. "You have to get it to the people in the clinics, educate them about security and teach them best practices.”

With Canada's health care delivery system stretched to its breaking point in hospital emergency rooms, and high-profile patients such as Newfoundland and Labrador Premier Danny Williams heading across the Canada-United States border for elective surgery, speculation is high about when an EHR will help ease the strain.

Millar has a grim prognosis. For him, the delivery of an effective online health system “is as close as the first major security disaster. The nature of risk in our business – whether it's public utilities or banking – is always changing. In our view, health care is no different. People need to be aware of how susceptible it is.”

Share this article:
close

Next Article in SC Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

More in SC Canada

Health law needs reform, says provincial privacy watchdog

The Albertan Information and Privacy Commissioner has formally asked the government to amend the province's Health Information Act with mandatory breach reporting and notification measures.

Well.ca security not that well, letter reveals

Well.ca, an online store selling health and beauty products, exposed names, addresses and credit card details for some of its customers in December, it admitted last month.

Canada signs Wedge Networks to secure government data centers

The Canadian government has hired Wedge Networks, a provider of cloud-based security services, to secure its computing infrastructure.