News | September 30, 2007

Study: Healthcare Industry Must do More to Protect EHRs

October 1, 2007 - The board of the eHealth Vulnerability Reporting Program recently reported the results of a fifteen-month study assessing the security risks associated with electronic health record (EHR) systems, evaluating current industry information security practices and assessing level of risk related to EHR systems, finding that commercial EHR systems are vulnerable to exploitation given existing industry development and disclosure practices.

In all cases, evaluated EHR system vulnerabilities could be identified using standard tools and techniques. Subsets of these vulnerabilities were exploited to gain control of the application and access to data to demonstrate the potential consequences. EHR vendors are either not disclosing or inadequately disclosing system vulnerabilities to customers, preventing organizations from appropriately managing risk or implementing compensating controls.

No industry organization could be identified that has established guidelines or practices to appropriately mitigate and manage risks associated with ehealth systems. Also, no industry organization could be identified that has the responsibility, charter or mission to address security vulnerabilities in ehealth systems.

The study was supported by various working groups, penetration testing resources and demonstration sites and was overseen by a board of advisors. The study included a survey of over 850 provider organizations and penetration testing of seven ehealth systems, including five CCHIT certified ambulatory EHR systems. The evaluation and testing was performed on EHR systems targeting small, medium and large practices. It was not intended to be representative of a specific EHR system, but to understand the type and severity of vulnerabilities, and practices and processes implemented by vendors and customers to mitigate security related issues.

For more information: www.ehvrp.org

Related Content

HHS Extends Comment Period for Proposed Electronic Health Information Interoperability Rules
News | Electronic Medical Records (EMR) | April 19, 2019
The U.S. Department of Health and Human Services (HHS) is extending the public comment period by 30 days for two...
DrChrono and 3D4Medical Partner to Bring 3-D Interactive Modeling to Physician Practices
News | Advanced Visualization | March 18, 2019
DrChrono Inc. and 3D4Medical have teamed up so practices across the United States can access 3-D interactive modeling...
IBM Watson Health Announces New AI Collaborations With Leading Medical Centers
News | Artificial Intelligence | February 14, 2019
IBM Watson Health announced plans to make a 10-year, $50 million investment in research collaborations with two...
Life Image and Mendel.ai Bringing Artificial Intelligence to Clinical Trial Development
News | Artificial Intelligence | November 15, 2018
Life Image and Mendel.ai announced a new strategic partnership that will facilitate the adoption and enhancement of...
News | PACS Accessories | October 01, 2018
M*Modal announced that several large U.S. health systems have adopted its cloud-based artificial intelligence (AI)...
Technology | Electronic Medical Records (EMR) | September 25, 2018
TransformativeMed, a provider of directly embedded, smart clinical workflow solutions for electronic health records (...
Study Points to Need for Performance Standards for EHR Usability and Safety
News | Electronic Medical Records (EMR) | July 18, 2018
A novel new study provides compelling evidence that the design, development and implementation of electronic health...
Drchrono EHR Partners With Ambra Health for Medical Imaging Access
News | Remote Viewing Systems | March 14, 2018
drchrono Inc. announced a new partnership with Ambra Health to give physicians and radiologists direct access to...
Cerner is extending its population health, clinical and administration portfolio with an integrated solution that combines Salesforce Health Cloud and Marketing Cloud with Cerner’s HealtheIntent, its big data platform.
News | Electronic Medical Records (EMR) | March 06, 2018
Cerner announced a new collaboration with Salesforce, a global leader in customer relationship management (CRM). Cerner...
electronic medical records
News | Electronic Medical Records (EMR) | June 15, 2017
During the first quarter of 2017, Black Book surveyed 140 chief information officers (CIOs), 159 chief financial...