Study: EHR systems need better security

Posted by Sean Keating on September 17th, 2007. Filed under: EHR, , , .

A study released today by the eHealth Vulnerability Reporting Program concludes that the level of security built into commercial EHR systems is insufficient, leaving these systems “vulnerable to exploitation given existing industry development and disclosure practices.”

The study, which included a survey of over 850 provider organizations and penetration testing of seven ehealth systems, including five CCHIT certified ambulatory EHR systems, also concluded that “EHR vendors are either not disclosing or inadequately disclosing system vulnerabilities to customers, preventing organizations from appropriately managing risk or implementing compensating controls.”

“Although existing application certifications are an important tool to aid in evaluating applications, including their
functionality, interoperability and security capabilities, these certifications do not address application hardening or
known vulnerability reporting,” said the study authors.

An executive briefing document summarizing the report including findings and recommendations is available here.

Study finds healthcare industry must do more to protect electronic health record systems [Via www.ehvrp.org]

From Medical Economics magazine, more on EHR ...

Permalink

Leave a Reply

« Voice recognition can make EHRs easier to use | British hospitals ban long sleeves, neckties »

  • Latest ME issue

    Click to read the latest issue of Medical Economics

  • Now on memag.com