Secondary Use of Electronic Health Record: Opportunities and Challenges

In present technological era, healthcare providers generate huge amount of clinical data on daily basis. Generated clinical data is stored digitally in the form of Electronic Health Records (EHR) as a central data repository of hospitals. Data contained in EHR is not only used for the patients' primary care but also for various secondary purposes such as clinical research, automated disease surveillance and clinical audits for quality enhancement. Using EHR data for secondary purposes without consent or in some cases even with consent creates privacy issues for individuals. Secondly, EHR data is also made accessible to various stake holders including different government agencies at various geographical sites through wired or wireless networks. Sharing of EHR across multiples agencies makes it vulnerable to cyber attacks and also makes it difficult to implement strict privacy laws as in some cases data is shared with organization that is governed by specific regional law. Privacy of an individual could be severely affected when their sensitive private information contained in EHR is leaked or exposed to public. Data leak can cause financial losses or an individuals may encounter social boycott if their medical condition is exposed in public. To protect patients personal data from such threats, there exists different privacy regulations such as GDPR, HIPAA and MHR. However, continually evolving state-of-the-art techniques in machine learning, data analytics and hacking are making it even more difficult to completely protect individual's / patient's privacy. In this article, we have systematically examined various secondary uses of EHR with the aim to highlight how these secondary uses effect patients' privacy. Secondly, we have critically analyzed GDPR and highlighted possible areas of improvement, considering escalating use of technology and different secondary uses of EHR.