Secondary Use of Electronic Health Record: Opportunities and Challenges

In the present technological era, healthcare providers generate huge amounts of clinical data on a daily basis. Generated clinical data is stored digitally in the form of Electronic Health Record (EHR) as a central data repository of hospitals. Data contained in EHR is not only used for the patients' primary care but also for various secondary purposes such as clinical research, automated disease surveillance and clinical audits for quality enhancement. Using EHR data for secondary purposes without consent or in some cases even with consent creates privacy issues. Secondly, EHR data is also made accessible to various stakeholders including different government agencies at various geographical sites through wired or wireless networks. Sharing of EHR across multiple agencies makes it vulnerable to cyber attacks and also makes it difficult to implement strict privacy laws as in some cases data is shared with organization that is governed by specific regional law. Privacy of individuals could be severely affected when their sensitive private information contained in EHR is leaked or exposed to the public. Data leaks can cause financial losses or an individual may encounter social boycott if his / her medical condition is exposed in public. To protect patients personal data from such threats, there exists different privacy regulations such as General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) and My Health Record (MHR). However, continually evolving state-of-the-art techniques in Machine Learning (ML), Data Analytics (DA) and hacking are making it even more difficult to completely protect an individual's/patient's privacy. In this article, we have systematically examined various secondary uses of EHR with the aim to highlight how these secondary uses affect patients' privacy. Secondly, we have critically analyzed GDPR & HIPAA regulations and highlighted their possible areas of improvement, considering escalating use of technology and different secondary uses of EHR.