3 EHR security risks and what you should do about them

Security risks in a medical practice are inherent when you are handling the personal, private and medical information of many thousands of patients. It is the responsibility of all healthcare providers to ensure patient privacy, following all guidelines set forth by the Health Insurance Portability and Accountability Act (HIPAA). If managed poorly, an EHR system creates security risks which can compromise the privacy of protected health information.

According to the United States Office of Civil Rights, in the first half of 201 there were 139 reported episodes of HIPAA data breaches. Only data breaches that affected 500 or more individuals were required for reporting (so it is likely there were even more breaches on a smaller scale). There were more than 94 million individuals affected in these breaches. In analyzing the type of breaches, it was determined that 32% of cases were a result of unauthorized access, 30% were due to theft, 26% were due to hacking or IT incident, 8% was due to loss, and 4% was due to improper disposal of information. All of these breaches fall upon the practice and can lead to huge legal and financial ramifications.

Recommended Reading: EHR Vendor Directory - Find security conscious EHR vendors

The medical practice must make it a priority to ensure patient privacy is maintained at all time and do everything in its power to ensure the following EHR security risks don’t compromise patient data security.

EHR Security Risk 1: Mobile devices

One of the benefits of EHR systems is their ability for remote access and remote communication. For this reason, many providers are utilizing mobile laptop and handheld devices for documentation and access to patient records. It is important that this mobile access is done over a secure network. In addition, staff must ensure that they are only accessing information in a private area, not in a busy coffee house, where information is often broadcast to all (in a physical and networked sense).

EHR Security Risk 2: Staff negligence

Unfortunately human error or laziness can cause huge security breaches in EHR utilization. Staff must ensure that devices are logged out of the EHR system when not in use to ensure information is not viewable to unauthorized individuals, such as visitors or other patients. Staff must also refrain from creating a paper copy of sensitive information unless it is absolutely necessary. In addition, staff must not share user name and passwords, in order to keep user access secure.

EHR Security Risk 3: Technical safeguards

The EHR system must have processes in place to keep secure information protected, including secure log-ins and restricted access. The system should have role-based security in which access is restricted to different user types. For example, the clerical access should not have the same access to information as the attending physician. In addition, the server must have a security system in place to block outside access to the network. The system should continually scan servers and workstations for software corruption.

The will most likely always be some form of EHR security risk in whichever system you choose, but as this article demonstrates there are ways to reduce the likelihood of risks happening.

author image
Jeff Green

About the author…

Jeff Green, MPH, JD works as a freelance writer and consultant in the Healthcare information Technology Space.

author image
Jeff Green