Are your EHR’s under threat?
Speaking on the Patient Privacy Rights (PPR) EHR and Privacy Panel last month, Shahid Shar (a.k.a The Health IT Guy) discussed the diminution of patient privacy concerns, raising some interesting points around the erosion of patient privacy.
The panel discussed ‘Fact vs. Fiction: Best Privacy Practices for EHRs in the Cloud’ during which Shar highlighted the following key points;
– Patients understanding of digital privacy is inadequate.
The notion of digital privacy for most is difficult to fully understand as the ‘cyber world’ has matured and will continue to evolve at a rapid pace. It’s all too easy for patients to assume their EHRs are fully protected when there is little education around the measures health providers should be taking. Email, for example, is inherently insecure and should not be used for the transfer of EHR.
– ‘When it comes to features and functions vs. privacy, features win.’
There are a plethora of cloud-IT service providers that claim to ease what can be a difficult time when it comes to healthcare for the individuals affected, and both small and large practices. Yet, security is not always a leading component resulting in the compromise of the patients records.
– It is assumed secure IT solutions are costly.
Security can often be overlooked as part of the build process for cloud-based solutions with Shar stating that ‘because it’s cheaper to leave it out, it’s often left out’. Insufficient security systems, due to a hasty development process, risk the exposure and violation of EHRs.
So what can be done?
For cloud-IT service providers working alongside healthcare professionals and organizations it is crucial to understand where EHR could be compromised. Speaking at the American Bar Association’s Health Law Section’s Annual Washington Health Law Summit last month, privacy specialist with the U.S. Department of Health & Human Services (HHS) Office for Civil Rights Iliana Peters advised “Every time you change your software, do a risk analysis”.
The advice from Peters becomes more pertinent as data available from the HHS Breach Tool shows a troubling number of HIPAA breaches in 2013 following the exposure of of protected health information in EHRs, laptops and mobile devices. The number of breaches could have been heavily reduced had secure processes been in place.
– Cloud-IT service providers have a moral responsibility to ensure HIPAA-compliant security measures are in place to protect EHRs.
– Education is key. Undoubtedly breaches will occur but by educating both patients and healthcare professionals on the importance of security cases can be minimized.
– It is important individuals and large organizations choose a provider that can offer both excellent functionality and security – especially as the popularity of BYOD in healthcare rises.
– Security should be the core component of any cloud-IT service.