Building Trust in EHRs: A Big Task
The online survey of 2,180 Americans, conducted by Harris Interactive, found only 26 percent want their medical records to be digital, even though 40 percent acknowledge EHRs will enable healthcare to become more efficient.
A whopping 82 percent said they had concerns about EHRs. Their biggest worry was the potential for digital records to be stolen. Other concerns included misuse of the information and lost/damaged/corrupted records.
If you think consumer trust in EHRs is low now, consider the impact of a major information breach.
These fears about stolen or lost records seem somewhat justified, given that a majority of the major breaches reported to federal authorities so far have involved the loss or theft of computer devices and media.
"Providers can ease this fear by discussing security precautions taken to safeguard against data breaches," says John Jones, vice president, healthcare providers, at Xerox Corp., which sponsored the survey.
But those assurances will ring hollow if your organization subsequently reports a breach.
In the months to come, many hospitals and physician groups will be expanding their use of EHRs, thanks to financial incentives under the HITECH Act..
The new poll makes it clear that as they make the move to EHRs, these organizations must do a good job developing and implementing detailed security policies. A thorough risk assessment is an important first step.
Given the number of breaches that have involved the theft of mobile devices, encryption should be an essential component of any security strategy. But it's not enough.
In a recent blog, Terrell Herzig of UAB Medicine offered a practical 10-point plan for making sure mobile devices and media are secure.
If you think consumer trust in EHRs is low now, consider the impact of a major information breach, which must be reported to the media and federal authorities under the HITECH Act's Beach Notification Rule.
You don't want to be in a position of explaining why your organization failed to prevent a breach.