Posted By Monique Dever On July 25, 2017
In the June 2017 “Report on Improving Cybersecurity in the Health Care Industry” published by the Department of Health and Human Services Health Care Industry Cybersecurity Task Force, it was noted that many healthcare agencies are still running patient records databases on legacy systems. And not only are these systems subject to more successful hacking, but the agencies also do not have the proper funding to hire adequate personnel to maintain the cybersecurity measures required. The report states that cybersecurity is “a key public health concern that needs immediate and aggressive attention!”
One of the key report details addresses Legacy EHR systems. “In addition to the workforce limitations, a majority of these health care providers still have legacy EHR systems, aging infrastructure, poor disaster recovery capabilities, and capital investment limitations.” It goes on to say, “By moving to a secure cloud environment, health care providers will have increased security and the ability to effectively use their clinical resources to support patients without having to worry about maintaining their on-premises infrastructure and systems.” And at many older facilities it will likely free up your basement or closet space as well!
The federal government has mandated the use of a federally certified EHR. In addition, be sure you have a “complete EHR” not a “modular” system of which many legacy systems are structured. Suggested action items to improve the security were spread across the government, the health insurance providers and the industry. As follows:
- The federal government should evaluate incentive options, such as grants, to encourage industry to develop secure options for supporting health care organizations. Additional incentive options, including tax incentives, to encourage health care providers migrate to more secure environments including hosted services or cloud service providers.
- The Federal regulatory agencies should provide additional guidance to service providers (including HHS-compliant Business Associate Agreements) that wish to align their security management practices with HIPAA and create increased awareness among health care providers that alternative technologies exist to store, access, share, and process their data.
- Industry should develop use cases and contracts tailored for these small and medium-size organizations.
- Insurance companies should provide more incentives to encourage health care service providers who migrate to a more secure environment than the one in which they currently operate.