Security is one of the most important considerations when using an EHR system. EHR security is vital to protect confidential and sensitive information from falling into the wrong hands. Any healthcare provider who ignores EHR security could face severe financial vulnerabilities as a result of a breach.
The requirements for EHR security are specified in the Health Insurance Portability and Accountability Act. The security requirements are broken down into three main categories:
- Administrative safeguards
- Physical safeguards
- Technical safeguards
It is important for healthcare providers to work closely with the EHR provider to continually monitor EHR security issues. This includes carrying out risk analysis on a regular basis. Despite the dangers of confidential data being made public, one survey showed that 25 percent of participants failed to analyze risks, or did so infrequently.1
The Move to Remote Storage
In the early days of EHR, most healthcare providers stored data locally. In-house data storage created a significant overhead for practices using computerized systems, especially for physical safeguards. Precautions to protect data in the event of fire, flooding and theft meant investing money in physical security. Many practices also had to spend big to get professional help in keeping computers protected from malware, viruses and hacking attempts.
Security Benefits of Remote Data Storage
There has been a gradual move away from locally stored data to cloud-based data, and that trend is forecasted to continue to the point where all EHR data is stored remotely.
Cloud EHR systems make use of dedicated data centers. Economies of scale mean these centers can provide maximum security. Physical access is tightly controlled, so the chances of hardware theft are virtually nonexistent. These centers also have top-level protection against hazards like fire and flooding. Data transmission is encrypted, preventing eavesdroppers from gaining access. Built-in fail-safe systems prevent data loss through hardware failure, and authorized users always have the ability to access and store data. In the future, it is likely that all data will be stored in remote data centers.
The Human Element of EHR Security Risks
No matter what technological advances are made, the human factor will likely be an ongoing issue when it comes to EHR security weaknesses. Data encryption and secure storage will continue to provide protection, but the humans interfacing with the system are a vulnerability. Educating staff and users, including patients, on secure usage will become increasingly important. For example, having restricted access to a system only protects data if authorized people ensure they log out each time they leave the monitor unattended. Automatic logout after a certain period of inactivity will become standard.
In-house, it will remain vital to have stringent measures in place to prevent unauthorized access to terminals. These include password-protected access to EHR systems, and restricted access to physical devices like computers and printers. We are likely to see an increase in biometric security, where access will be controlled by physical attributes like fingerprints or eye features.
Careless humans will continue to be the main weakness in the system. Across the pond in the U.K., the National Health Service has had numerous problems with individuals losing data they had stored on portable devices, such as sensitive information being found on a USB stick.2 Healthcare providers will need to continually develop and monitor procedures to limit the risk or prevent this type of data loss from occurring.