Physician IT Security – The Electronic Health Record (EHR) & Future Threats to Physician IT Security

EHR-- The Future of Healthcare and a Physician IT Challenge

EHR, or Electronic Health Record is Defined by the National Alliance For Health Information Technology (NAHIT) as "an electronic record of health related information on an individual that conforms to actually recognized interoperability standards and that can be created, managed, and consulted by authorized clinicians and staff across more than one healthcare organization" will soon be changing the security landscape for healthcare providers forever.

For a glimpse at the Physician IT security challenges that will soon face even small healthcare providers we don't need to dig to deeply...

Two recent examples of large volumes of personal health information being hacked highlight just how difficult it can be to protect medical records.

In October 2008, Express Scripts, one of the nation’s largest processors of pharmacy prescriptions, became the target of medical information extortionists. These hackers threatened to disclose personally identifiable medical information for millions of Americans if the company did not comply with their demands for payment! At one point Express Scripts was offering a $1,000,000 reward for information that would lead to the arrest and conviction of those responsible.

More recently in May of 2009 another mass hacking of health information was reported by the Virginia Prescription Monitoring Program (VPMP). The VPMP is used by pharmacists and others to identify potential prescription drug abuse. It has been reported that the hackers encrypted over 8 million patient records and over 35 million prescriptions before posting a note on the VPMP website that flaunted the hack-job and demanded money before the records would be returned.

EHR will fundamentally change the health information security risks for your practice

So, what's important to you, the small practice healthcare provider, is that EHR will fundamentally change the way your practice deals with Physician IT in the future; especially as it relates to health information security risks. When taken to its logical extension your practice will no longer be a standalone Physician IT entity but rather part of much larger and more complex interconnected ecosystem of information systems through entities known as Health Information Organizations (HIOs) and Health Information Exchanges (HIEs).

HIOs are defined by the National Alliance for Health Information Technology as organizations that oversee and govern the exchange of health related information among organizations according to nationally recognized standards. HIEs are defined by the NAHIT as facilitating the electronic movement of health related information among organizations according to nationally recognized standards.

Clearly, the concept of EHR creates an environment that will foster better care, but will also test and challenge your ability to ensure the confidentiality, integrity and availability of patient data.

Physician IT, Information Security and the Small Healthcare Practice

While the aforementioned breaches occurred at much larger institutions they are illustrative of the perils facing small healthcare providers who may not have the expertise or capital resources that large healthcare institutions do.

So what is the small healthcare practice to do? One option is to seek out information security and practice continuity experts that can manage and host services for you. This takes the burden and worry of HIPAA Security Rule Technical Safeguards and EHR security off your plate, allowing you to focus on what matters most and what you enjoy most—patient healthcare.

To help you make more sense of what the future of EHR holds for your practice, the HIPAA Security Rule and practice continuity I highly recommend you get the white paper titled "Is There an IT Doctor in the House?"

In this Physician IT Resource you'll learn why the HIPAA Security Rule was just the beginning of your practice's IT challenges and get links to over a dozen other helpful resources.

Kurt Buckardt is CSO of Konsultek a leading edge Network Infrastructure and Information Security Company serving medical practices of all sizes. Kurt can be reached at 847.426.9355. To learn more about Konsultek and how we can help you with your information security needs visit http://www.konsultek.com