Posted By Monique Dever On August 17, 2016
The 2 Sides of Safeguarding your EHR Data from Cybersecurity Threats
In today’s electronic healthcare world, it is important to make the patient feel safe about sharing their health details. If they feel their personal health information (PHI) could be at risk of hackers, they may be more likely to withhold information, which could result (worst case scenario) in life threatening consequences. To fully create a secure and private healthcare agency two safeguards must be met: the technology must be encrypted and secure, and as guardians, the people handling the data must follow strict policies and guidelines to protect it.
As an important element of safeguarding PHI, make sure you are using a certified Electronic Health Record (EHR) software. As part of the criteria of certification, EHRs must comply with the stringent encryption and security requirements put forth by the Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare and Medicaid Services (CMS). CMS supports that “Certification helps providers and patients be confident that the electronic health IT products and systems they use are secure, can maintain data confidentially, and can work with other systems to share information.” This goes a long way to put your patient at ease and provide peace of mind for securing electronic PHI. To find out if your current EHR meets federal certification requirements, check the ONC Health IT Certified Health IT Certified Products List.
Your EHR should also offer specific functionality to help users do their part such as Role-Based Access Control (RBAC) to ensure that users only get access to information they need rather than everything. Additionally, your EHR should provide audit trails and other privacy and security features you should expect.
Ensuring that PHI is secure goes much further than the security of your EHR software. Once you understand all the security capacity of your EHR system, the second, and just as important safeguard should be to revise all your policies to make sure these are aligned with the technology and the safekeeping of PHI data. According to Health IT, your practice, not your EHR developer, is responsible for taking the steps needed to protect the confidentiality, integrity, and availability of health information in your EHR system.
The user is usually the weakest link in any computer system and having an EHR affects required policies and workflow responsibilities for keeping PHI well protected. If you don’t already have strict security policies in place, act now and stay off the U.S. Department of Health and Human Services Office for Civil Rights dooming list of reported breaches. Here are the Top 10 Tips for Cybersecurity in Health Care offered by HealthIT.gov.