EHR security risk study findings announced
HIPAA Weekly Advisor, October 1, 2007
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
The board of the eHealth Vulnerability Reporting Program (eHRVP) recently announced the results of a 15-month study that evaluated security risks associated with the EHR and includes recommendations aimed at protecting information systems in the healthcare industry.
The study evaluated current security practices, assessed risk levels associated with EHRs, and benchmarked practices against other industries.
The study found that EHR vendors either don't disclose or inadequately disclose system vulnerabilities to customers, preventing them from appropriately managing risk or implementing controls that compensate. Recommendations include better collaboration between customers, EHR vendors, and security vendors to facilitate the exchange of information related to vulnerability.
"The industry is investing in, and relying heavily on, the promise that [EHR] systems offer through improvements in quality and efficiency of care," said Robert Mandel, MD, eHRVP board member and vice president of health care services for Blue Cross Blue Shield of Massachusetts.
To read a summary of the report, including findings and recommendations, click here. The full report will be available soon here.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- What does case-mix index mean to you?
- Capturing all necessary codes for IUD insertion and removal can be challenging
- QA:Coding multiple initial infusions
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- HIPAA Q&A: Level of encryption needed for email
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- Q&A tackles coding questions about injections and infusions
- Joint Commission Center announces handoff communication solutions
- Inside best practice: Reduce patient falls with a stoplight
- Identify modifiable risk factors to prevent patient falls
- Searched