Magazine article Information Management

HHS Report Finds Holes in EHR Security

Magazine article Information Management

HHS Report Finds Holes in EHR Security

Article excerpt

The push to digitize medical records has failed to plug longstanding security holes that expose patients most sensitive data to hackers, government investigators warned.

Two reports released by the U.S. Health and Human Services Department (HHS) inspector general reveal that the effort to enable hospitals and doctors to share patient data electronically is being layered on a system that already has glaring privacy problems, the Associated Press (AP) reported. Connecting it could open new inroads for hackers, investigators said.

The main report said the system's shortcomings "need to be addressed to ensure a secure environment for health data" and added the findings "raise concern" about the effectiveness of security safeguards for personal healthcare information.

The inspector general's auditors found that the government agency leading the drive toward electronic health records (EHRs) has enacted some requirements for safely transmitting computerized medical data, the AP reported. However, that agency has not issued general security requirements for the computer systems at hospitals and doctors' offices, which is where the sensitive data would be created, shared, and stored.

According to the AP, the second audit examined computer security at seven large hospitals and found 151 security vulnerabilities, ranging from ineffective wireless encryption to a taped-over door lock on a room used for data storage. The auditors classified four out of five of the weaknesses as "high impact," meaning they could cause expensive losses or even injury and death. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.