Shifting from desktop PCs to thin clients can provide a more secure way for clinicians to access electronic health records, says Dee Cantrell, R.N., chief information officer at Emory Healthcare in Atlanta.

In an interview, the CIO of the integrated delivery system, which is affiliated with Emory University and includes four hospitals and a 1,500-physician clinic, outlines her risk management strategy. For example, she describes why Emory is:

• Growing its information security team as a result of implementing EHRs and computerized physician order entry;
• Taking a different approach to encryption than many other provider organizations;
• Experimenting with several different approaches to two-factor authentication; and
• Offering annual security education to all clinicians.