• E-mail
• Print
• RSS

EHR security risk study findings announced

EHR Connection, September 24, 2007

The board of the eHealth Vulnerability Reporting Program (eHRVP) announced on September 17 the results of a 15-month study that evaluated security risks associated with EHR and includes recommendations aimed at protecting information systems in the healthcare industry.

The study evaluated current security practices, assessed risk levels associated with EHRs, and benchmarked practices against other industries.

The study found that EHR vendors either don't disclose or inadequately disclose system vulnerabilities to customers, preventing them from appropriately managing risk or implementing controls that compensate. Recommendations include better collaboration between customers, EHR vendors, and security vendors to facilitate the exchange of information relating to vulnerability.

"The industry is investing in, and relying heavily on, the promise that [EHR] systems offer through improvements in quality and efficiency of care," said Robert Mandel, MD, eHRVP board member and vice president of health care services for Blue Cross Blue Shield of Massachusetts.

To read a summary of the report, including findings and recommendations, click here. The full report will be available soon here.

• E-mail to a Colleague
• Print
• RSS
• Archive