'Virtual Assistant' EHR Tools: Privacy, Security IssuesKate Borten of The Marblehead Group Analyzes Potential Concerns
Data integrity and privacy issues are among potential concerns related to voice-activated "virtual assistant" tools that some vendors are beginning to offer for their electronic health record systems, says privacy and security expert Kate Borten.
Similar to Amazon's Alexa or Apple's Siri voice-activated assistant products in the consumer marketplace, vendors of EHR systems, including eClinicalWorks and EPIC Systems - are planning or have already rolled out tools that allow clinicians to use voice commands for accessing and navigating patient records.
While the voice-command products have the potential to simplify the use of complex EHR systems - such as making it easier for a doctor to access specific hospital test results of a patient - the technology also raises some potential security and privacy concerns, Borten, president of consultancy The Marblehead Group, says in an interview with Information Security Media Group.
"The most important aspect is data integrity - the actual data that's in the system as well as the software that's retrieving data," she says. For instance, if a clinician speaks a command to access a particular patient's lab test results, "if the software isn't written perfectly, and it gets a little confused ... and reports back incorrectly or not the latest test results, and the caregiver acts on that information, it's a patient safety [concern] with serious potential consequences," she says.
"So, data integrity - the integrity of the information that this virtual assistant relies on or provides to the human being is critical."
Meanwhile, the voice activated tools also pose privacy concerns, she notes.
"So we have to be a little bit more careful about where this [voice activation use] is occurring. ... If this is being done in an open area where the public is walking through, then we need to think about the physical security and the implications for the patient's privacy."
In the interview, Borten also discusses:
- Potential patient ID matching and user authentication challenges related to EHRs and virtual assistant technology;
- The pros and cons of virtual assistant technology in the clinical workflow;
- Advice for healthcare entities considering the use of voice activated virtual assistant technologies.
Before founding The Marblehead Group, Borten led the enterprisewide security program at Massachusetts General Hospital in Boston and established the first information security program at Beth Israel Deaconess Medical Center and its parent organization, CareGroup, as its CISO.