The Security Scrutinizer with Howard Anderson

Basics of Security Often Neglected

Survey: Many Physician Practices Lack Info Security Protections
Basics of Security Often Neglected

Many physician group practices adopting their first electronic health records systems will have a lot of work to do when it comes to information security, a new survey confirms.

A CDW Healthcare survey of 200 practices that have not yet installed EHRs found that 30 percent do not use anti-virus software, 34 percent do not use network firewalls and 28 percent do not encrypt their wireless or hard-wired networks.

"To protect IT investments and patient information, physician practices moving to EHRs will need to significantly improve their security and business continuity profiles," according to CDW. That may be an understatement.

For many years, most physician practices have had practice management software installed to handle billing, scheduling and appointment functions. So it's alarming to learn that so many lack basic security protections for the sensitive financial information they're handling.

As practices scramble to qualify for the HITECH Act electronic health record incentive payment program, which begins in 2011, many will be completing their first-ever risk assessments. Although assessments have been required under HIPAA, thousands of practices have yet to complete one. Now that conducting a risk analysis is also a requirement for earning the Medicare and Medicaid EHR incentives, many practices will be taking a closer look at their security vulnerabilities. And it's about time.

Hopefully, practices will do a good job of pinpointing security risks and mitigating them with encryption, firewalls and other appropriate protections. Otherwise, the privacy of clinical information, in addition to financial information, will be in jeopardy.



About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.