Every EHR's weakest link
When asked to rate the security of typical electronic health records, SANS Institute senior analyst John Pescatore answered: 9.
At first blush that might even seem positive, but in the world of IT and information security where the phrase “five 9’s” — in this case meaning 99.999 percent secure — indicates the highest level of protection, a simple 9 leaves plenty to be desired.
And with stolen health information commanding ever-higher prices on the black market, criminals growing more and more sophisticated, and the complex nature of EHRs themselves, it’s time to better understand the problem.
Whether your patient records sit in the cloud managed by a service provider or behind a firewall at your practice, those records may also be sitting ducks for hackers, spammers and malware purveyors. And it gets worse.
HIPAA privacy rules essentially place physician practices into one of three buckets — treatment, payment or operations — thereby making practices fully liable for ID theft.