Overcome E-Health Record Security Challenge - InformationWeek
Healthcare // Electronic Health Records
07:27 PM

Overcome E-Health Record Security Challenge

Finding the technology to lock down e-health records is the easy part. Understanding all the requirements is where it gets hard. Here's what you need to be thinking about.

InformationWeek Healthcare - August 2010 InformationWeek Healthcare Logo
Download the entire August 2010 issue of InformationWeek Healthcare, distributed in an all-digital format (registration required).

Many large healthcare organizations have been securing electronic health records for years. But now, industrywide adoption will include providers of all shapes and sizes—most of which don't have chief security officers, compliance specialists, CIOs, or even full-time IT staffs.

Helping them secure their electronic records is an unprecedented challenge. The products and technologies needed are available, but the trick is in getting all providers to understand what's required, prepare physicians and staff, and tap into the appropriate expertise.

The Health Insurance Portability And Accountability Act, or HIPAA, requires that EHRs and the data in them be guarded throughout their life cycles. Risk assessments must be performed and access privileges determined. You'll need policies to secure all possible points of data leakage, including desktops, servers, databases, mobile devices, and the Internet.

In short, you must protect data at rest and in motion, and prepare for the inevitable breaches.

Creation And Use

When a patient walks into a provider's office for the first time, the terminal at reception must be hardened, hosted on a trusted network, and continually scanned for viruses and malware. Receptionists should be able to add basic patient information but have limited access to executable files.

Access privileges should be assigned that strictly regulate employees' ability to view, enter, edit, and delete data based on what they need for their jobs. For example, billing personnel don't need to see the results of the medical tests that they're charging patients for.

Attending physicians should use unique credentials to access the EHR application to record diagnoses. E-medical records must be signed with electronic signatures, which include PIN codes and are saved in encrypted files. Signatures verify that information has been reviewed every time a physician signs off on an EHR. They also let the medical staff sign off on records from any location, expediting processing, reducing workflow costs, and maintaining HIPAA compliance.

Securing EMR Systems

Become an InformationWeek Analytics subscriber: $99 per person per month, multiseat discounts available.

Subscribe and get our full report, "Electronic Medical Records Secured"

This report includes action-oriented analysis, including:

  • Where personal health record portals fit in
  • How to handle change management issues
  • Secure EHR system costs for a three-provider practice

Get This And All Our Reports

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll