Health warning network guards privacy
- By Trudy Walsh
- Jun 11, 2003
A new health alert system could be a shot in the arm for New York City health-care workers.
When the city began a smallpox vaccination campaign earlier this year, many workers at city hospitals volunteered to become first responders if a smallpox outbreak occurred.
But because the disease was eradicated in the 1970s, most health care workers have never experienced a smallpox vaccination. It requires 15 injections with a two-prong needle, said Ed Carubis, CIO of the city's Health and Mental Hygiene Department.
'You have to go back a week later to have the spot checked,' he said. 'If the vaccination was successful, it looks really horrible. If it failed, it doesn't look like anything at all.'
So health officials photographed a successful vaccination with a digital camera, posted it on the city's new Health Alert Network Web portal and alerted doctors registered with HAN.
HAN is 'a portal within a portal' for New York medical providers, Carubis said.
The overarching network has registered more than 500 emergency room directors, hospital workers in the smallpox vaccination program and other health care personnel. New HAN participants need an invitation from the Health Department to be eligible to register, but the restriction will ease once the network's security framework is in place, Carubis said.
HAN has three functions:
- It can send alerts to health-care providers via e-mail and office or cell phones.
- It maintains an online library about public health topics such as West Nile virus, smallpox, anthrax, severe acute respiratory syndrome and botulism.
- It's a peer-to-peer collaboration system with bulletin board discussions, online chats and other conferencing mechanisms.
Although public health surveillance activities are exempt from the privacy mandates of the 1996 Health Insurance Portability and Accountability Act, the network guards patient privacy with passwords and Secure Sockets Layer encryption, Carubis said.
Once the portal is fully operational, probably by the end of this month, the department will issue digital certificates and one-time passwords, which Carubis called 'second-factor authentication.'
'We recognize that the 40,000 doctors in New York City are mobile,' he said. 'We don't want to limit them to their PCs.'
One method of distributing one-time passwords uses Short Message Service-enabled wireless phones. When registered users log in to HAN, their phones ring and light up with a password.
'We believe we will exceed HIPAA requirements' with passwords, encryption and identity management, Carubis said.
Trudy Walsh is a senior writer for GCN.