May 28, 2010

Vanderbilt medical researchers, engineers play major role in new national center established to secure the privacy of electronic health information

Slowly but steadily the U.S. health care community is moving into the digital age: shifting their medical records from paper to electronic information systems. This movement raises serious concerns about security and privacy of patients’ medical information.

Slowly but steadily the U.S. health care community is moving into the digital age: shifting their medical records from paper to electronic information systems. This movement raises serious concerns about security and privacy of patients’ medical information. In an attempt to put these concerns to rest, the U.S. Department of Health and Human Services has awarded $15 million to create a new center for health information and privacy.

The center, which will be headquartered at the University of Illinois, will include researchers from Vanderbilt University; University of California, Berkeley; Carnegie Mellon University; Dartmouth College; Harvard Medical School; Johns Hopkins University; Northwestern Memorial Hospital; Stanford University; University of Massachusetts, Amherst and the University of Washington. It is one of four health care research centers established and funded for four years with American Recovery and Reinvestment Act of 2009 funds as part of the $60 million Strategic Healthcare Information Technology Advanced Research Projects on Security
(SHARPS) program.

“Our participation in the new SHARPS center reflects the fact that Vanderbilt has become highly visible in the field of health care security and privacy,” said Janos Sztipanovits, director of the Institute for Software Integrated Systems (ISIS) at Vanderbilt’s School of Engineering. He; Mark Frisse, Accenture professor of Biomedical Informatics at the Vanderbilt University Medical Center; and Edward Schulz, director of Information Technology Integration at VUMC, head up the joint Vanderbilt team. William Stead, the Medical Center’s Chief Strategy and Information Officer, will serve as one of the center’s two chief scientists.

One of Vanderbilt’s unique contributions is the close partnership it has established between its engineers and clinical researchers, Sztipanovits and Frisse agree. The Medical Center has a 15-year track record in the development of electronic health care records and ISIS contributes a structured approach to data security and extensive software tools that it has developed to protect sensitive data for the Department of Defense.

“Our ability to combine engineering and medical skills and apply them to the domain of health care gives us a distinct advantage in fulfilling the goals of the new program, which is to identify barriers to adoption of information technology and develop solutions that allow its meaningful use,” Frisse said.

Vanderbilt has gained experience in this area through its participation in the TRUST Science and Technology Center founded in 2006 by the National Science Foundation. The $40 million TRUST Center, whose core members are the University of California, Berkeley; Carnegie Mellon University; Cornell University; Stanford University; and Vanderbilt University, is one of the nation’s leading research consortiums focusing on the scientific foundations of system security and privacy. Vanderbilt has headed up TRUST’s health-care-related program.

“Vanderbilt Engineering is very pleased to partner with our colleagues in the VU Medical Center and around the U.S. to advance the state-of-the-art for secure health care information technology. It is a terrific team working to solve a critical challenge,” said
Kenneth F. Galloway, dean of the School of Engineering at Vanderbilt University.”

The SHARPS center will focus on three specific subjects: electronic health records, health information exchanges and telemedicine:

  • Most U.S. hospitals have digitized their health records despite the fact that they are subject to new kinds of risks, such as the ease with which a thief can carry away thousands of patient records on a USB thumb drive or the possibility that the records can be hacked when they are put online to increase accessibility.
  • Health information exchange comes into play whenever patients and their doctors are separated geographically – for example, when a patient seeks emergency care when traveling or when a patient’s primary care physician wants to consult a specialist located at a hospital in a different state. Such exchanges are complicated considerably by differing laws and policies as well as incompatibilities between different health information systems.
  • Technologies that allow people to monitor and manage their health at home and other settings outside of hospitals is being used for a number of health wellness goals, such as chronic disease management and independent aging. However, security and privacy risks are a major barrier to their adoption. Sensing devices collect sensitive personal information, ranging from physiological data to patients’ activities and location, and networked implanted devices raise the risk that adversaries can find ways to control them.

Media contact: David Salisbury, (615) 322-NEWS

david.salisbury@vanderbilt.edu