TU faculty, grad students explore healthcare solutions using computer science
The phrase “patient medical records” conjures up an image of shelving units jammed with folders full of sheets of paper looming over the front desk staff.
More and more, however, those folders are going digital. That means they are also hackable.
Towson University Jess & Mildred Fisher College of Science and Mathematics associate professor Subrata Acharya took an interest in healthcare security after finishing her dissertation.
“About 11 years ago, there was a security need in the University of Pittsburgh Medical Center (UPMC). They were asking, ‘How can we provide for a secure transaction of medical records?’” recalls Acharya.
She put together a proposal to provide basic evaluation of information security system with regards to UPMC healthcare system, a 400–500 bed hospital as well as area clinical practices.
“The basic question was, ‘How is information being translated, transmitted, stored and accessed by the physicians?’ says Acharya. “This includes all types of information received—prescriptions, electronic medical records or the translation of a paramedic services or a 911 call.”
Her goal was to perform a stress test on UPMC’s information storage and transmission systems to find holes or loopholes. Acharya holds a patent for a method and apparatus for optimizing a firewall.
Acharya and her students’ work was funded by part of the Health and Human Services and Centers for Medicare and Medicaid Services (HHS/CMS) meaningful use funding granted to UPMC in 2011.
They found enough trouble spots for the original $80,000 sub-award to balloon to over $400,000 for her team to write policies, protocols and access processes to improve the systems.
“We also designed a two-part training curriculum for the physicians, the nurse practitioners and other staff. The first part is to provide the medical centers with the tools to help them with current network security. The second part is to provide the staff with standardized policies to help them build better systems and learn to speak the language of computer science.”
Acharya and her graduate students work in the UPMC data center, running scripts and testing UPMC’s systems.
One of her former doctoral students—Brian Coats ‘14—developed an extensive checklist for the UPMC computer engineers “to assess and determine methods to improve and implement those methods around their HIPPA compliance.”
“Working on Subrata’s project provided a wealth of information and opportunities academically and practically,” says Coats, assistant vice president for technology and planning at University of Maryland, Baltimore (UMB).
Coats credits his experience with giving him a deeper understanding of the day-to-day and overarching concerns of faculty members, something that helps him in his CIO role at UMB.
“One thing that research like this forces you to do is think of unique approaches to common problems,” Coats says. “Much about research is not finding concrete solutions but finding avenues to achieve a possible solution.”
Another of Acharya’s former students—Camden Thatcher ‘19—is working on a unique approach to a possible solution for a problem that’s become frighteningly common: opioid overdoses.
Thatcher, a contractor for federal security agencies, joined Acharya’s project after taking a course in health information security and risk management. She developed it based on feedback from UPMC medical staff that they couldn’t access health databases in other parts of the U.S.
Their patients on addictive drugs were going to other states, getting duplicate prescriptions and overdosing.
Over the last two years, Thatcher built a framework based on blockchain technology that attests the physicians based on their medical license, a unique ID that can be easily verified.
Related: Can Facebook reinvent money?
Thatcher and Acharya have a pilot with UPMC and the physician practices and pharmacies in the surrounding area.
“We use the blockchain to provide for registration, for example, so that next time a patient asks a physician for a drug, the physician can look in the database to see that what has been issued to this person,” says Acharya.
The main focus of this part of the project is accountability. Hypothetically, the system works like this: a doctor, using his ID or license, prescribes a drug and notes it in the blockchain ledger. The drug dissemination happens at the pharmacist, who checks the ledger and compares the prescription with any other medicines that patient is taking. Then, if something irregular happens, the physician would be liable. It makes the process a lot more transparent and accountable to the patient.
One of the most critical parts of the potential for this project, notes Acharya, is how it affects paramedic services.
“If a paramedic finds a patient unconscious, then he or she knows what to administer because he can read the patient’s previous ledgers with his license,” she says. “That's where the communication between the systems is important. Because if this person is from Florida and visiting her sister, the paramedic can look her up and still see what she's taking regardless of that fact that she's passed out in Maryland.”
Acharya believes having a nationwide or international health information exchange would enhance the interoperability of information storage systems and allow physicians to access patient information regardless of where the patient is.
“It would also address a lot of liability with regard to the physicians thinking twice to reduce errors and cut back on unnecessary prescriptions. It’s not a knock against physicians; it's more like making the system more transparent, like a checks-and-balances system,” she says.