3 EHR security risks and what you should do about them
Security risks in a medical practice are inherent when you are handling the personal, private and medical information of many thousands of patients. It is the responsibility of all healthcare providers to ensure patient privacy, following all guidelines set forth by the Health Insurance Portability and Accountability Act (HIPAA). If managed poorly, an EHR system creates security risks which can compromise the privacy of protected health information.
According to the United States Office of Civil Rights, in the first half of 201 there were 139 reported episodes of HIPAA data breaches. Only data breaches that affected 500 or more individuals were required for reporting (so it is likely there were even more breaches on a smaller scale). There were more than 94 million individuals affected in these breaches. In analyzing the type of breaches, it was determined that 32% of cases were a result of unauthorized access, 30% were due to theft, 26% were due to hacking or IT incident, 8% was due to loss, and 4% was due to improper disposal of information. All of these breaches fall upon the practice and can lead to huge legal and financial ramifications.
Recommended Reading: EHR Vendor Directory - Find security conscious EHR vendors
The medical practice must make it a priority to ensure patient privacy is maintained at all time and do everything in its power to ensure the following EHR security risks don’t compromise patient data security.
EHR Security Risk 1: Mobile devices
One of the benefits of EHR systems is their ability for remote access and remote communication. For this reason, many providers are utilizing mobile laptop and handheld devices for documentation and access to patient records. It is important that this mobile access is done over a secure network. In addition, staff must ensure that they are only accessing information in a private area, not in a busy coffee house, where information is often broadcast to all (in a physical and networked sense).
EHR Security Risk 2: Staff negligence
Unfortunately human error or laziness can cause huge security breaches in EHR utilization. Staff must ensure that devices are logged out of the EHR system when not in use to ensure information is not viewable to unauthorized individuals, such as visitors or other patients. Staff must also refrain from creating a paper copy of sensitive information unless it is absolutely necessary. In addition, staff must not share user name and passwords, in order to keep user access secure.
EHR Security Risk 3: Technical safeguards
The EHR system must have processes in place to keep secure information protected, including secure log-ins and restricted access. The system should have role-based security in which access is restricted to different user types. For example, the clerical access should not have the same access to information as the attending physician. In addition, the server must have a security system in place to block outside access to the network. The system should continually scan servers and workstations for software corruption.
The will most likely always be some form of EHR security risk in whichever system you choose, but as this article demonstrates there are ways to reduce the likelihood of risks happening.
How to sell cloud EHR to practice management
Practice managers can be cautious when it comes to cloud EHR - here's how to ease their fears
Five things US healthcare providers can learn from the NHS ransomware attack
US healthcare providers should be aware of tips to keep their systems safe from ransomware attacks
Mobile EHR predictions for the next five years
Some thoughts on how mobile EHR could shape the direction of healthcare IT over the coming years