EHR Privacy: Tackling the Concerns

Researchers seek best practices for security
EHR Privacy: Tackling the Concerns
A four-year, $15 million federally funded research project will yield practical, updated strategies that hospitals, physician group practices and others can use to keep electronic health records private and secure, the project's leader says.

Healthcare organizations could make better use of EHRs and other information technologies if they could "defeat some of the barriers" to progress, especially concerns about privacy and security, says Carl Gunter, a professor of computer science at the University of Illinois at Urbana-Champaign. The university's Information Trust Institute is heading up the project, which also involves 11 other organizations.

Within two years, the 20 researchers participating in the study expect to publish a series of papers on strategies for improving privacy and security of healthcare information, with a focus on EHRs, health information exchanges and telemedicine. Over the four-year life of the project, Gunter says, researchers will propose "more substantial changes in the way things are done."

The research project is one of four that received funding from the Department of Health and Human Services' Office of the National Coordinator for Health Information Technology. The $60 million for the Strategic Health IT Advanced Research Projects, or SHARP, program came from the HITECH Act, a section of the American Recovery and Reinvestment Act.

Key issues

Among the issues that the researchers will investigate, Gunter says, are how to:

  • Protect EHRs with encryption and other security technologies;
  • Make IT outsourcing arrangements more secure;
  • Address the "tricky business" of ensuring information transmitted among many participants in emerging health information exchanges remains private; and
  • Ensure telemedicine applications, such as implantable medical devices and in-home monitoring systems, adequately address security risks.

In the meantime, Gunter advises healthcare organizations to continually refine their risk management strategies because security technologies are rapidly evolving.

"I would urge as a top priority to think of the security and privacy of the organization as a process that you build incrementally over time," he says. "It's not going to be, in many cases, cost-effective to think that you are going to figure out everything that needs to be done, and do it, and then it's over."

Research partners

University of Illinois' partners in the project are:

  • University of California at Berkeley,
  • Carnegie Mellon University,
  • Dartmouth College,
  • Harvard Medical School,
  • Johns Hopkins University,
  • New York University,
  • Northwestern Memorial Hospital,
  • Stanford University,
  • University of Massachusetts Amherst,
  • University of Washington, and
  • Vanderbilt University.

Updates on the Strategic Healthcare IT Advanced Research Projects on Security, or SHARPS, project will be available at

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.