Securing Patient Data in the Age of Electronic Medical Records

Electronic medical records (EMRs) are patient records of health-related information that can be created, gathered, and managed by authorized clinicians and staff within one health care organization. EMRs were designed to streamline the daily workflow of a busy medical office and could have potential to provide substantial benefits to physicians, clinic practices, and health care organizations. The word could is used here because the technology that is currently in use, is good, but not great, just yet.

EMRs vs EHRs
EMRs differ slightly from electronic health records (EHRs) which can move with the patient to various medical practices but these terms are usually used interchangeably. The upside is that these types of records cut way down on the glut of paperwork, filling in medical offices, and lessens the chance that a record could get lost, among other benefits.

Patient Privacy to Consider
Although there are benefits to moving to a paperless system, the concern that we have at our practice is patient privacy and cyber security. A recent wave of cyberattacks that have shut down hospitals highlights the weaknesses that are still problematic in some of these software programs and online systems currently in existence. Our patients rest assured of the utmost compassion and privacy when discussing the most intimate details of their sexual health with us. Patients deserve not only the highest level of care, but also the most stringent form of privacy.

We Love Technology, But…
We are thrilled with some existing technologies, such as email, our website, and social media avenues of communication, that enable us to continue the conversation about patient health, while educating and continuing to encourage patients outside of the examination room and our offices. So, until cybersecurity improves a lot, we will keep our “UN-hackable” paper health records. We hope other practices and hospitals that use electronic health records are following the recommendations provided by the Health Care Industry Cybersecurity Task Force.

Six Action Items for Practices (They are also good rules for your home computer systems, too.)

1. Ensure that computer operating systems and antivirus software are updated with available upgrades and patches.

2. Establish policies against opening emails and attachments from unknown sources and from accessing websites with suspicious content.

3) Continuously educate staff (your kids, grandchildren and parents) about those policies in number 2 above.

4. Hire a cybersecurity firm to conduct penetration tests, a common practice in other industries, where security professionals test their clients’ computer systems and staff to find vulnerabilities that attackers could exploit.

5. Consider implementing technologies that allow staff (or family members) to open suspicious emails and attachments in a contained environment segregated from other systems and computers.

6. Prohibit unauthorized access to patient data; enforce passcodes, and automatic logoffs.

7. Never share password. Period!

Contributed by

No Comments Yet.

Leave a Reply

Message