Earlier this year, Janet Spangler got an object lesson in the tension between data access and security. A new patient at Family Medical Associates of Raleigh (N.C.) toted his own laptop into the exam room, recalls Spangler, administrator at the five-physician group practice. When the physician arrived, the patient--a computer technician--turned his laptop around, revealing he had just gained access into the group's ostensibly secure wireless network, then admonishing the physician about the need to improve access controls. "We have since modified our wireless system," Spangler says. "But the experience left us uneasy."

No sensitive information was exposed during the interlude, but the episode gives insight into why Family Medical Associates takes what Spangler describes as "a conservative approach" to data access. Not only did the group bolster its firewall against unwarranted outside intrusion, it put limits on what its own staff can see on the EHR, an ambulatory system from Greenway Medical Technologies that has been in place for five years. The practice even takes the extraordinary step of maintaining any employee medical records on paper-in a locked cabinet-and not on the EHR. "We can restrict access to our online charts, but you don't want records inappropriately accessed by other staff," she explains. "We are all for access if it results in better care. But we are quick to limit access if there's a risk of a security breach."

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access