Data security and protection in cross-institutional electronic patient records.

This paper describes data protection and data security requirements of a cross-institutional electronic patient record, and presents possible solutions for meeting these requirements. A comprehensive analysis of literature and legal documents was performed. Beside the general requirements that the EPR of a single institution must meet, specific requirements exist for cross-institutional EPRs. In Germany, patient information may only be revealed to external physicians within so-called "treatment connections". A secure connection between the EPR-systems of two health institutions in Germany, which jointly treat tumor patients, was established using additional SecuRemote Software. The development and implementation of a cross-institutional EPR is a complicated process, mainly due to data security regulations. However, its introduction is thought to be valuable, since a cross-institutional EPR will improve communication within shared care processes, and, thus, improve the quality of patient care.