Meeting the Security Challenges Posed by Web based Electronic Medical Records
The use of electronic health records is growing, and that’s a good thing for patients and practices alike. Electronic medical records can increase the efficiency of healthcare providers by 6% annually; digitizing forms makes it easier to collect data for clinical studies or epidemiological purposes, leading to better public health policy; and eliminating handwritten records can reduce avoidable errors associated with poor legibility and incomplete record-keeping. In this day and age, transitioning to EHR software is a question of when, and not if.
However, there’s one important topic any physician considering the implementation of web based electronic medical records needs to stay abreast of: security. Experian’s 2015 Data Breach Industry Forecast identifies healthcare data breaches as an area of significant concern for the upcoming year.
The Cyber Dangers
“The expanding number of access points to Protected Health Information (PHI) and other sensitive data via electronic medical records and the growing popularity of wearable technology makes the healthcare industry a vulnerable and attractive target for cybercriminals,” reads the Experian report. The healthcare industry does not protect itself as well as the financial or retail sectors, perhaps because of a perception that medical information is not as valuable as the kind of data stored by financial institutions. But medical information can be used for a wide variety of frauds. Furthermore, because of the rising popularity of web EMRs that give some access to patients, criminals can gain entry through those routes, which are likely to be less heavily protected.
As even the report itself notes, concerns over patient privacy have only been exacerbated, and not created, by the movement away from paper records. Medicare cards, for example, bear valuable information such as a patient’s social security number — and these cards are often carried around in patient’s wallets. Thus, securing data will require not only technical measures, but also a better public education regarding what information is likely to be sought by criminals.
What You Can Do
The best move you can make, of course, is choosing products from medical software companies with a good background in security. You don’t want your web EMR itself to be the weak point. Before you purchase any software, get information from its creators about its security features, and ensure that there’s a strong customer support system in place in case you have ongoing questions.
Second, you’ll want to secure your own facilities and devices so that you’re not giving access to cybercriminals. Experian warns that “Healthcare organizations will need to step up their security posture and data breach preparedness” in the coming year. If you’re using software that includes a patient portal, be proactive in helping your patients understand the privacy measures they can take, too, including choosing strong passwords and only accessing the portal through secure connections.