News | September 30, 2007

Study: Healthcare Industry Must do More to Protect EHRs

October 1, 2007 - The board of the eHealth Vulnerability Reporting Program recently reported the results of a fifteen-month study assessing the security risks associated with electronic health record (EHR) systems, evaluating current industry information security practices and assessing level of risk related to EHR systems, finding that commercial EHR systems are vulnerable to exploitation given existing industry development and disclosure practices.

In all cases, evaluated EHR system vulnerabilities could be identified using standard tools and techniques. Subsets of these vulnerabilities were exploited to gain control of the application and access to data to demonstrate the potential consequences. EHR vendors are either not disclosing or inadequately disclosing system vulnerabilities to customers, preventing organizations from appropriately managing risk or implementing compensating controls.

No industry organization could be identified that has established guidelines or practices to appropriately mitigate and manage risks associated with ehealth systems. Also, no industry organization could be identified that has the responsibility, charter or mission to address security vulnerabilities in ehealth systems.

The study was supported by various working groups, penetration testing resources and demonstration sites and was overseen by a board of advisors. The study included a survey of over 850 provider organizations and penetration testing of seven ehealth systems, including five CCHIT certified ambulatory EHR systems. The evaluation and testing was performed on EHR systems targeting small, medium and large practices. It was not intended to be representative of a specific EHR system, but to understand the type and severity of vulnerabilities, and practices and processes implemented by vendors and customers to mitigate security related issues.

For more information: www.ehvrp.org

Related Content

electronic medical records
News | Electronic Medical Records (EMR) | June 15, 2017
During the first quarter of 2017, Black Book surveyed 140 chief information officers (CIOs), 159 chief financial...
News | PACS Accessories | April 25, 2017
April 25, 2017 — ImageMoverMD announced the availability of ImageMover Media, a universal, web-based solution to...
ECRI Institute, top 10 patient safety concerns, 2017 report, information technology, healthcare
News | Information Technology | March 24, 2017
Safe implementation of new technologies and therapies accompany classic patient safety challenges on ECRI Institute's “...
Logicalis Healthcare Solutions, Epic service desk, HIMSS17
News | Electronic Medical Records (EMR) | March 06, 2017
March 6, 2017 — Logicalis Healthcare Solutions announced in February a new service desk offering – Service Desk for E
HIMSS Leadership and Workforce Survey, HIMSS17, electronic medical records, EMR, health information technology
News | Electronic Medical Records (EMR) | February 21, 2017
A new study from the Healthcare Information and Management Systems Society (HIMSS), unveiled at the 2017 HIMSS...
Logicalis Healthcare Solutions, top five cybersecurity issues, CIOs, chief information officers, HIMSS17
News | Electronic Medical Records (EMR) | February 10, 2017
With the Healthcare Information and Management Systems Society’s annual meeting (HIMSS17) scheduled for Feb. 19-23 in...
Logicalis US, healthcare CIOs, enterprise imaging, value-based care, new white paper, seven tips
News | Enterprise Imaging | January 20, 2017
To help healthcare chief information officers (CIOs) examine the important role enterprise imaging plays in value-based...
AMA, American Medical Association study, EMRs, electronic medical records, physician burnout
News | Electronic Medical Records (EMR) | September 07, 2016
Technological and administrative obstacles are significantly cutting into available time for physicians to engage with...
EMR
Feature | Electronic Medical Records (EMR) | September 07, 2016 | By Erin Martin
From streamlining your workflow to maximizing your return on investment (ROI), there are numerous benefits to having...
HIE, health information exchanges, participation strategy, Binghamton University
News | Information Technology | August 18, 2016
The U.S. healthcare industry has failed to create and sustain an efficient network for storing and sharing patient...
Overlay Init