MultiCare Health System

Privacy, Protection and Security

How can I be sure the patient data is confidential?
We have multiple levels of security in place. There are firewalls to protect against attempts to break into the system. All data is encrypted as it passes over the Internet. Users must go through two levels of password protection, the first to log onto the server, the second to access the Epic application itself. Different users have different levels of access, so that physicians, clinical staff and accounting personnel can access only the data appropriate to their role.

Most important, every data access is logged, the entire system audited, and unusual patterns of access investigated by our security group. Some incidents are automatically flagged - for example, a user who accesses the record of a patient that shares the user’s last name. Attempts to access records of public figures, or patients involved in high profile accidents or criminal incidents receive special scrutiny.

Everyone who works on the system signs a confidentiality statement, and employees have been terminated for inappropriate access. Privacy and security are also a big part of the training provided to individual practices.

Can other physicians access my patient records?
Other physicians may access any patient record, if they know the patient’s name. Our aim in creating the system was to duplicate the accessibility of records in the medical community, with the efficiencies of a shared, online record. We did not want to burden the system with checks and controls that could slow patient care; if a patient is involved in an accident, the record should be instantly accessible.

This common access exists only for individual patient records. Lists of patients in an individual practice, schedules, or any other type of data sorted by practice is accessible only to that practice.

How do I know the data will always be accessible when patients need it?
Our server availability record is 99.87%. The only planned downtimes are short windows for maintenance and upgrades, performed monthly.

To maintain this high level of availability, there are multiple servers. In the event of a production server failure there is a hot spare that can immediately take over. There is also another spare server located in a secondary location in the event of a facility issue. To maintain high levels of performance on the main server a shadow server is utilized for reporting. All servers are powered by uninterruptible power supplies, with onsite generators on standby in case of a power failure.

How do I know the patient data is permanent?
All the data is backed up and archived using the same practices large financial institutions use to protect their data and ensure continuous operation. That includes disk-to-disk backups, daily backups to data tapes, regular archiving and secure, vaulted offsite storage.

The business continuity of the company supplying the software is also well-protected. Epic was established solely to provide software for the medical community and is privately held. The company is deliberately structured internally so it cannot be sold, in order to protect the practitioners and patients who rely on its systems. In addition, MultiCare has made a huge commitment in Epic here locally, and is heavily invested for the long term.