With all the recent hacks of some of the world’s leading financial and government sites making the news, it only stands to reason that there is growing concern among doctors and patients alike that perhaps Electronic Health Records (EHRs) are not safe from breach. In an effort to protect the rights of patients, health law and policy makes it clear what security measures should be in place to safeguard sensitive information and furthermore, it is suggested that the general population be informed as to how they can keep their private information safe from hackers.
Healthcare Providers Mandated to Keep Electronic Records
What many people probably don’t know is the fact that doctors have been mandated by law to keep electronic patient records and the final year to institute this change was last year, 2015. This was set in motion by the American Recovery and Reinvestment Act, ARRA, and if providers didn’t institute these measures they will be penalized. It is no longer a time when doctors can simply scribble a note in a patient’s file and this was all anyone would ever see of it unless a hard copy was requested. Now that patient’s record is digital and readily available online to anyone with proper permission to view it. So then, this raises the question as to how safe those records are from breach.
Concerns Are Very Real
Although there haven’t been large numbers of hacks, there have been enough to cause concern among patients and doctors alike. It only stands to reason that patients would not want sensitive information out there for the world to see and doctors most assuredly wouldn’t want to breach confidentiality. It doesn’t take a healthcare law degree to imagine the type of lawsuit which could ensue if a patient’s rights were violated. Could the hospital or physician be named in the suit? There is a chance if it could be proven that adequate security measures weren’t in place. Even so, health care law programs are studying this issue to find ways to further secure EHRs from breach in an effort to reassure the general public that their information is safe in cyberspace.
What Measures Can Be Taken to Enhance Security?
While it goes without saying that employees should be well-trained in security procedures, it is also understood that there is a real need to screen employees before turning them loose on confidential information. This is a vital step in safeguarding private information because many times the ‘leak’ comes from within an organization. Also, healthcare providers need to find a way to keep their mainframes inaccessible to anyone but authorized personnel. Verification measures should be in place and authorized users should be well trained and supplied with personal identifiers and extremely strong passwords.
To date there is no way to empirically say there EHRs are 100 percent safe from breach but patient information is getting safer by the day as technology is improving. One suggestion is to only allow a qualified person to do the backup and recovery so that a breach doesn’t happen there and to continue updating security software regularly to ensure adequate protection against new threats as they are identified. No, EHRs are not totally safe from breach but unfortunately, at this time they are a necessary evil as they have been mandated by law. The one ‘saving grace’ (if there is one) is the fact that few hackers actually are interested in breaching medical records, so there is that hope to offer patients leery of digital files that have the potential to be intercepted.