Households, Demography & Public Wellbeing
Views
May 23, 2023
6
Minutes read

Challenges Arising From Digitalising Health Records

Health, Nutrition & Public Health
Author
Dr Jun-E Tan
Senior Research Associate
Dr Jun-E Tan
Senior Research Associate
Co - Author
Ilyana Syafiqa Mukhriz Mudaris
Ilyana Syafiqa Mukhriz Mudaris
Download PDF
Loading the Text to Speech AudioNative Player...
Key Takeaway
Data Overview
Digital technology, which includes digitalised health records, is fast becoming part of the solution to tackling gaps in healthcare delivery both globally and within the Malaysian context. However, despite the potential benefits of having an electronic health records (EHR) system, it is important to consider the possible risks associated with the introduction of a centralised database of sensitive health data and a digital layer onto the already complex healthcare system. Key issues that need to be tackled by those implementing EHRs include security and privacy risks, system design and implementation issues, and inequalities in access and literacy.
Table of contents
Content
Content
Content
Content
Content
Title H2
Title H3
Title H4
Title H5
Title H6
Title H2
Title H3
Title H4
Title H5
Title H6
challenges-arising-from-digitalising-health-records
Views
Individual perspectives on current issues help people understand the issue better and raise awareness through informed opinions and reflections.
Download PDF
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Introduction

Healthcare around the globe has seen a gradual movement towards community-based care, especially with the rise of an ageing population and the need to provide for those with chronic diseases. As such, technological innovations have been developed and implemented to allow the health of an individual to be longitudinally tracked over the course of their lifetime to ensure continuity of care and improvement of preventive healthcare, among other benefits.

Malaysia has been no exception to this trend in its efforts to put in place a system that digitalises health records. Historically, the nomenclature for Malaysia’s envisioned system has varied. In this article, we use the term “electronic health record” (EHR) to refer to “a digital, longitudinal record of patient health that can be shared between multiple healthcare providers and facilities”. We will briefly summarise the potential benefits of EHRs, and focus on outlining some of the possible pitfalls and risks of EHRs to inform Malaysia’s journey towards digitalising the nation’s health records.

The Benefits of EHRs

We have addressed the benefits of EHRs extensively in previous writing. Most of these benefits stem from the advantages of having a centralised database of patient data in a digital format, so that data can be processed and read in useful ways by different stakeholders.

At a macro level, healthcare administrators have more information to manage patient flow between large hospitals and community/primary healthcare providers, and to recommend digital consultations if appropriate. With an EHR system housing updated and comprehensive patient data, it is also possible to conduct health screening campaigns targeted at patient populations vulnerable to specific health conditions to catch developing diseases at early stages.

At the patient level, having access to their medical history and health data empowers them to monitor their health and make more informed decisions. An integrated data sharing system across healthcare facilities also eliminates expensive duplicative testing when patients move between different facilities. Another way that an EHR supports patient empowerment is through automated reminders for follow-up appointments and taking medication at scheduled times, which can help significantly in improving and maintaining patient health.

All these lead to desirable outcomes of saving cost, promoting continuity of care, and improving preventative services, at the levels of population and patient care. A well-maintained EHR also forms the foundation for data analytics and machine learning for further applications such as epidemic detection and improving medical diagnostics, which rely on robust and large datasets.

Potential Risks of EHRs

While the benefits of EHRs are many, it is important to recognise challenges that will arise with the introduction of a centralised database of sensitive health data and a digital layer onto the already complex healthcare system.

Security and privacy risks

The digital infrastructure of critical systems is a lucrative target for cybercriminals. As healthcare facilities share information and data across devices and third party vendors, there are multiple points of vulnerability that can be exploited by attackers that are often (but not always) motivated by profit. In recent years, there have been multiple ransomware attacks on the digital infrastructure of hospitals, whereby criminals conduct a “double extortion” on hospitals.

The first point of blackmail happens by capturing and restricting access to data and hospital systems, which can lead to life and death situations. The second point exploits the fact that healthcare data is sensitive and valuable, and criminals threaten to release the data into the public domain unless their demands are met. A particularly chilling example of ransomware happened to a psychotherapist centre in Finland, involving a third dimension of extortion beyond the usual. Cybercriminals did not only target the facility, but also individual patients, threatening to publish personal identity codes and therapy session transcripts if they did not pay the ransom.

The Ministry of Health in Malaysia has acknowledged that ransomware attacks might be a concern once the country builds an integrated health database system. Data breaches are not uncommon in Malaysia, which ranks 11th in the most breached countries in the world. Ransomware attacks have also affected Malaysian companies, as seen in the November 2022 attack on AirAsia, in which the data of five million passengers and AirAsia staff were compromised. Incidentally, Daixin Team, the group claiming responsibility for the AirAsia attack, also has a history of attacking healthcare businesses in the US.

Besides guarding against data breaches and malicious cyberattacks, it is important that healthcare data is insulated from commercial exploitation. The Code of Practice for Private Hospitals in the Healthcare Industry in Malaysia requires private hospitals to obtain additional consent if patient data is used for non-medical purposes, such as for direct marketing activities. However, it is also stated within the Code of Practice that anonymised personal data can be kept “for research, education, or for uses that does not require identifiable information” without restrictions on data retention so long as data subjects are not identifiable.

Elsewhere, researchers have raised ethical concerns on private companies acquiring databases of healthcare systems, even when anonymised, as there is a danger of that data being traceable back to the individual. Vulnerable populations can be targeted by those with commercial interests, such as exposing recovering addicts to triggering advertisements, or charging higher insurance premiums to those who have medical conditions. Stringent data governance will have to accompany an EHR to safeguard the population against such violations.

System design and implementation issues

A study interviewing 31 medical doctors in three Malaysian government hospitals uncovered some themes on unsafe use of hospital information systems (HIS) relevant to our discussion on EHRs. Factors that contributed to higher error rates that affect patient safety include the following:

  • Lack of capacity in using the HIS: This applied especially for new doctors who did not understand how the system worked, and how to integrate the use of HIS in the healthcare delivery process.
  • System quality in terms of usability and reliability: An example of a usability problem is that patient data was spread out in different pages of the HIS interface, causing delays and increasing the likelihood of confusing patient identities. Doctors also related that system breakdowns forced them to do the work manually, causing problems in patient data entry and critical tasks such as ordering medication.
  • High workload, multitasking and interruptions: These were cited as common stressors in the doctors’ work that increased the likelihood of erroneous data entry and information processing.
  • Insufficient computer resources: In some clinics and wards, doctors had to share computers and laptops, causing delays and double work in data entry, as notes had to be taken by hand first and then entered into the system later.
  • Teamwork and coordination: The HIS did not ensure seamless coordination and clear communication within the medical team, leading to problems such as multiple ordering of medication, or wrong treatments based on outdated information within the system.

The factors above inform us about the Malaysian context in which EHRs will be applied, providing a preview of potential problems that might happen in local healthcare facilities when adopting digital technologies. Studies connecting EHRs and patient safety have been conducted outside of Malaysia, and appear to confirm some of the anticipated pitfalls.

In general, the existence of EHRs does not automatically lead to better and safer outcomes for patients. EHRs are able to enhance healthcare delivery only when they are designed and implemented properly. As Malaysia embarks on its EHR journey, more empirical research needs to be done to monitor and evaluate that the process of digitalising healthcare does not compromise patient care.

Inequalities in access and literacy

The usage of EHRs will require healthcare providers and patients to undergo a digital transition, exposing inequalities in access and literacy in the fields of healthcare and communications. Even though the Covid-19 pandemic had expedited this process, some indicators show that the transition does not happen at an equal pace across the population.

To begin with, the quality of digital infrastructure within different states in Malaysia differs, as indicated by the Network Performance Reports published by the Malaysian Communication and Multimedia Commission. Different providers of wireless and wired broadband services in different parts of the country yield uneven quality of service, and therefore a nation-wide digitalised health records system needs to take into account disparities in access.

In terms of actual usage of the internet for health-related purposes, the ICT Use and Access by Individuals and Households Survey (ICTHS) 2021 published by the Department of Statistics Malaysia (DOSM) provides some idea of usage patterns across different states. For example, there is a significant difference in percentage points in individuals using the internet to seek health information between the most active state (Terengganu, at 91.5%) and the least active state (Sarawak, at 57.9%). For making medical appointments online, the disparity is even worse (Terengganu at 75.5% compared with Perlis, at 11.9%).

Conclusion

As seen during the Covid-19 pandemic, embracing technology within the healthcare landscape is integral to ensuring that Malaysia’s people continue to be protected against current and future health challenges. In the process of digitalising healthcare records, minimising risks and unintended consequences on patient lives, the healthcare system, and society in general needs to be of the utmost priority.

As Malaysia is still in early stages of implementing a full-fledged EHR, the country is well-placed to proactively address issues that may arise from this digital transition. Stringent data security and data governance measures have to be set in place to counter security and privacy risks. We need to design the system to be inclusive, thoroughly test it for usability issues and incorporate low-tech backup protocols. This is to reap the full range of benefits of EHRs, as the country closes its digital divide in the years to come.

Read Full Publication

Article highlight

"A well-maintained EHR also forms the foundation for data analytics and machine learning for further applications such as epidemic detection and improving medical diagnostics, which rely on robust and large datasets."

Dr Jun-E Tan
Senior Research Associate
featured report

Conclusion

Share this publication
Share
https://stg.krinstitute.org/publications/challenges-arising-from-digitalising-health-records
Download Resources
Files uploaded
File name
Last updated
Action
No items found.
Footnotes
Attributes
References
["Alami, Jawad, Clare Hammonds, Erin Hensien, Jenan Khraibani, Stephen Borowitz, Martha Hellems, and Sara Lu Riggs. 2022. “Usability Challenges with Electronic Health Records (EHRs) during Prerounding on Pediatric Inpatients.” JAMIA Open 5 (1):ooac018. https://doi.org/10.1093/jamiaopen/ooac018","Aniza Ismail, Ahmad Taufik Jamil, Ahmad Fareed A. Rahman, Jannatul Madihah Abu Bakar, Natrah Mohd Saad, and Hussain Saadi. 2010. “The Implementation of Hospital Information System (HIS) in Tertiary Hospitals in Malaysia: A Qualitative Study.” Malaysian Journal of Public Health Medicine 10 (2). Malaysian Public Health Physicians’ Association. http://mymedr.afpm.org.my/publications/43066","Association of Private Hospitals of Malaysia. nd. “Code of Practice for Private Hospitals in the Healthcare Industry.” https://www.pdp.gov.my/jpdpv2/tata_amalan/the-personaldata-protection-code-of-practice-for-private-hospital-eng/","Bernama. 2017. “Cyber Attack: Ministry Does Not Expect Hospitals in Malaysia to Be Affected by Ransomware Astro Awani.” Astro Awani, May 14, 2017. https://www.astroawani.com/berita-teknologi/cyber-attack-ministry-does-not-expecthospitals-malaysia-be-affected-ransomware-142569","Chiruvella, Varsha, and Achuta Kumar Guddati. 2021. “Ethical Issues in Patient Data Ownership.” Interactive Journal of Medical Research 10 (2):e22269. https://doi.org/10.2196/22269","Collier, Kevin. 2021. “Baby Died Because of Ransomware Attack on Hospital, Suit Says.” NBC News, October 1, 2021. https://www.nbcnews.com/news/baby-died-due-ransomware-attackhospital-suit-claims-rcna2465","Department of Statistics Malaysia. 2022. “ICT Use and Access by Individuals and Households Survey Report 2021.” Putrajaya: Department of Statistics Malaysia.","Fam, Christopher. 2022. “AirAsia Allegedly Hit with Ransomware Attack, Data of Five Million Passengers and Employees Reportedly Compromised (Updated).” The Star, November 23, 2022. https://www.thestar.com.my/tech/tech-news/2022/11/23/airasia-allegedly-hitwith-ransomware-attack-data-of-five-million-passengers-and-employees-reportedlycompromised","Howe, Jessica L., Katharine T. Adams, A. Zachary Hettinger, and Raj M. Ratwani. 2018. “Electronic Health Record Usability Issues and Potential Contribution to Patient Harm.” JAMA 319 (12):1276–78. https://doi.org/10.1001/jama.2018.1171","Ilyana Mukhriz. 2021. “Electronic Health Records: Planning the Foundation for Digital Healthcare in Malaysia.” KRI Discussion Paper 05/21. Kuala Lumpur: Khazanah Research Institute. http://www.krinstitute.org/assets/contentMS/img/template/editor/EHR%20Discussi on%20Paper%20Ilyana%20Final.pdf","Kroth, Philip J., Nancy Morioka-Douglas, Sharry Veres, Stewart Babbott, Sara Poplau, Fares Qeadan, Carolyn Parshall, Kathryne Corrigan, and Mark Linzer. 2019. “Association of Electronic Health Record Design and Use Factors With Clinician Stress and Burnout.” JAMA Network Open 2 (8):e199609. https://doi.org/10.1001/jamanetworkopen.2019.9609","Lizawati Salahuddin, Zuraini Ismail, Ummi Rabaah Hashim, Raja Rina Raja Ikram, Nor Haslinda Ismail, and Mohd Hariz Naim @ Mohayat. 2019. “Sociotechnical Factors Influencing Unsafe Use of Hospital Information Systems: A Qualitative Study in Malaysian Government Hospitals.” Health Informatics Journal 25 (4). SAGE Publications Ltd:1358–72. https://doi.org/10.1177/1460458218759698","Muhammad Nazhan Kamaruzuki. 2021. “The Quality of Mobile Broadband and Key Policy Recommendations.” In #NetworkedNation: Navigating Challenges, Realising Opportunities of Digital Transformation, 39–65. http://www.krinstitute.org/assets/contentMS/img/template/editor/KRI%20- %20NetworkedNation%20- %20Navigating%20Challenges,%20Realising%20Opportunities%20of%20Digital%20Malaysia.pdf","Murugiah, Surin. 2022. “Malaysia the 11th Most Data-Breached Country in 2Q22.” The Edge Markets, July 20, 2022. https://www.theedgemarkets.com/article/malaysia-11th-mostdatabreached-country-2q22-%E2%80%94-firm","Pacheco, Thomas B., Aaron Z. Hettinger, and Raj M. Ratwani. 2019. “Identifying Potential Patient Safety Issues From the Federal Electronic Health Record Surveillance Program.” JAMA 322 (23):2339–40. https://doi.org/10.1001/jama.2019.17242","Robertson, Sandy L., Mark D. Robinson, and Alfred Reid. 2017. “Electronic Health Record Effects on Work-Life Balance and Burnout Within the I3 Population Collaborative.” Journal of Graduate Medical Education 9 (4):479–84. https://doi.org/10.4300/JGME-D-16-00123.1","Tanner, C., D. Gans, J. White, R. Nath, and J. Pohl. 2015. “Electronic Health Records and Patient Safety.” Applied Clinical Informatics 6 (1):136–47. https://doi.org/10.4338/ACI-2014-11-RA-0099","Tuttle, Hilary. 2021. “Ransomware Attackers Turn to Double Extortion.” Risk Management Magazine, March 1, 2021. https://www.rmmagazine.com/articles/article/2021/03/01/- Ransomware-Attackers-Turn-to-Double-Extortion-.","Winder, Davey. 2020. “Hospitals On COVID-19 Frontline Facing ‘Double Extortion’ Cyber Threat.” Forbes. April 16, 2020. https://www.forbes.com/sites/daveywinder/2020/04/16/hospitals-on-covid-19- frontline-face-double-extortion-threat-security-experts-caution/.","Yuen, Meikeng. 2022. “AirAsia Ransomware Attack: Probe Ongoing to Find Source and Impact of Compromised Data, Says Fahmi.” The Star. December 10, 2022. https://www.thestar.com.my/news/nation/2022/12/10/airasia-ransomware-attackprobe-ongoing-to-find-source-and-impact-of-compromised-data-says-fahmi"]
Photography Credit

Related to this Publication

Explore More Publication
No results found for this selection
You can  try another search to see more
Homepage

Related to

Households, Demography & Public Wellbeing

Explore More Publication
Views
Oct 30, 2020

An Integrated Housing Database for Strategic Policy Planning and Decision-making

This article highlights the gaps in existing data that impedes evidence-based housing policy formulation and underscores the need for the Government to establish an Integrated Housing Database.
Views
Aug 3, 2021

Building Back Better from Unprecedented Changes in Education

As school closures continue, students face learning setbacks with long-term negative implications, especially for the underprivileged. This article discusses this and explores how to build back better.
Views
Dec 18, 2024

Inisiatif Digital Kerajaan: Memanfaatkan Trend Digital Pra dan Pasca Pandemik

Rencana ini mengupas trend capaian internet di kalangan penduduk Malaysia serta potensi penggunaan digital dalam perkhidmatan kerajaan

Want more stories like these in your inbox?

Stay ahead with KRI, sign up for research updates, events, and more

Thanks for subscribing. Your first KRI newsletter will arrive soon—filled with fresh insights and research you can trust.

Oops! Something went wrong while submitting the form.
Follow Us On Our Socials