The Security Scrutinizer with Howard Anderson

Building Trust in EHRs: A Big Task

Building Trust in EHRs: A Big Task

The online survey of 2,180 Americans, conducted by Harris Interactive, found only 26 percent want their medical records to be digital, even though 40 percent acknowledge EHRs will enable healthcare to become more efficient.

A whopping 82 percent said they had concerns about EHRs. Their biggest worry was the potential for digital records to be stolen. Other concerns included misuse of the information and lost/damaged/corrupted records.

If you think consumer trust in EHRs is low now, consider the impact of a major information breach. 

These fears about stolen or lost records seem somewhat justified, given that a majority of the major breaches reported to federal authorities so far have involved the loss or theft of computer devices and media.

"Providers can ease this fear by discussing security precautions taken to safeguard against data breaches," says John Jones, vice president, healthcare providers, at Xerox Corp., which sponsored the survey.

But those assurances will ring hollow if your organization subsequently reports a breach.

In the months to come, many hospitals and physician groups will be expanding their use of EHRs, thanks to financial incentives under the HITECH Act..

The new poll makes it clear that as they make the move to EHRs, these organizations must do a good job developing and implementing detailed security policies. A thorough risk assessment is an important first step.

Given the number of breaches that have involved the theft of mobile devices, encryption should be an essential component of any security strategy. But it's not enough.

In a recent blog, Terrell Herzig of UAB Medicine offered a practical 10-point plan for making sure mobile devices and media are secure.

If you think consumer trust in EHRs is low now, consider the impact of a major information breach, which must be reported to the media and federal authorities under the HITECH Act's Beach Notification Rule.

You don't want to be in a position of explaining why your organization failed to prevent a breach.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.