Electronic health record (EHR) technology leverages digital progress and is transforming the way care is delivered and compensated. EHR allows patients’ medical information to be available whenever and wherever it is needed.1 According to HealthIT.gov, benefits of EHR range from improved medical care, care coordination, and patient outcomes to practice efficiencies and cost savings.2
Despite its benefits, recent security breaches of health records have left many feeling exposed. According to HHS Office for Civil Rights (OCR), more than 120 million people have been affected by the Health Information Technology for Economic and Clinical Health (HITECH) Act breaches through March 17th of this year.3 The Anthem breach alone exposed personal information of 80 million current and former members, according to a company statement. In this instance, cyber attackers obtained names, birthdays, medical IDs or social security numbers, street addresses, email addresses, employment information, and income data.
Cyber Attacks Not the Only Risk
There are five security components for risk management, according to the Guide to Privacy and Security of Electronic Health Information authored by The Office of the National Coordinator for Health Information Technology.4 The guide reports that for any single risk, a combination of security mitigation strategies may be necessary because of the number of potential vulnerabilities.
Five Security Components for Risk Management4
|Security Component||Examples of Vulnerabilities||Examples of Security Mitigation Strategies|
|Policies and Procedures||
Patients Can Help
Patients can also help to keep their health information safe. The Federal Trade Commission outlined the following safeguards for patients to help protect their medical information:5
- Be wary if someone offers you “free” health services or products, but requires you to provide your health plan ID number. Medical identity thieves may pretend to work for an insurance company, doctors’ offices, clinic, or pharmacy to try to trick you into revealing sensitive information.
- Don’t share medical or insurance information by phone or email unless you initiated the contact and know whom you’re dealing with.
- Keep paper and electronic copies of your medical and health insurance records in a safe place. Shred outdated health insurance forms, prescription and physician statements, and the labels from prescription bottles before you throw them out.
- If you decide to share your information online, look for a lock icon on the browser’s status bar or a URL that begins “https:” the “s” is for secure.
As patient enrollments grow, more health information will be gathered. Making sure this data is secure is essential for the healthcare industry and for the patients.
What health information technology (HIT) issues keep you up at night?
Leave a comment below to continue the discussion.