News | September 30, 2007

Study: Healthcare Industry Must do More to Protect EHRs

October 1, 2007 - The board of the eHealth Vulnerability Reporting Program recently reported the results of a fifteen-month study assessing the security risks associated with electronic health record (EHR) systems, evaluating current industry information security practices and assessing level of risk related to EHR systems, finding that commercial EHR systems are vulnerable to exploitation given existing industry development and disclosure practices.

In all cases, evaluated EHR system vulnerabilities could be identified using standard tools and techniques. Subsets of these vulnerabilities were exploited to gain control of the application and access to data to demonstrate the potential consequences. EHR vendors are either not disclosing or inadequately disclosing system vulnerabilities to customers, preventing organizations from appropriately managing risk or implementing compensating controls.

No industry organization could be identified that has established guidelines or practices to appropriately mitigate and manage risks associated with ehealth systems. Also, no industry organization could be identified that has the responsibility, charter or mission to address security vulnerabilities in ehealth systems.

The study was supported by various working groups, penetration testing resources and demonstration sites and was overseen by a board of advisors. The study included a survey of over 850 provider organizations and penetration testing of seven ehealth systems, including five CCHIT certified ambulatory EHR systems. The evaluation and testing was performed on EHR systems targeting small, medium and large practices. It was not intended to be representative of a specific EHR system, but to understand the type and severity of vulnerabilities, and practices and processes implemented by vendors and customers to mitigate security related issues.

For more information: www.ehvrp.org

Related Content

Life Image and Mendel.ai Bringing Artificial Intelligence to Clinical Trial Development
News | Artificial Intelligence | November 15, 2018
Life Image and Mendel.ai announced a new strategic partnership that will facilitate the adoption and enhancement of...
News | PACS Accessories | October 01, 2018
M*Modal announced that several large U.S. health systems have adopted its cloud-based artificial intelligence (AI)...
Technology | Electronic Medical Records (EMR) | September 25, 2018
TransformativeMed, a provider of directly embedded, smart clinical workflow solutions for electronic health records (...
Study Points to Need for Performance Standards for EHR Usability and Safety
News | Electronic Medical Records (EMR) | July 18, 2018
A novel new study provides compelling evidence that the design, development and implementation of electronic health...
Drchrono EHR Partners With Ambra Health for Medical Imaging Access
News | Remote Viewing Systems | March 14, 2018
drchrono Inc. announced a new partnership with Ambra Health to give physicians and radiologists direct access to...
Cerner is extending its population health, clinical and administration portfolio with an integrated solution that combines Salesforce Health Cloud and Marketing Cloud with Cerner’s HealtheIntent, its big data platform.
News | Electronic Medical Records (EMR) | March 06, 2018
Cerner announced a new collaboration with Salesforce, a global leader in customer relationship management (CRM). Cerner...
electronic medical records
News | Electronic Medical Records (EMR) | June 15, 2017
During the first quarter of 2017, Black Book surveyed 140 chief information officers (CIOs), 159 chief financial...
News | PACS Accessories | April 25, 2017
April 25, 2017 — ImageMoverMD announced the availability of ImageMover Media, a universal, web-based solution to...
ECRI Institute, top 10 patient safety concerns, 2017 report, information technology, healthcare
News | Information Technology | March 24, 2017
Safe implementation of new technologies and therapies accompany classic patient safety challenges on ECRI Institute's “...
Logicalis Healthcare Solutions, Epic service desk, HIMSS17
News | Electronic Medical Records (EMR) | March 06, 2017
March 6, 2017 — Logicalis Healthcare Solutions announced in February a new service desk offering – Service Desk for E