Health Information Privacy and Security
Security: An internet connection is a necessity in order to facilitate electronic exchange of patient information, whether to submit claim electronically, generate records, or e-prescription. Basic cyber security measures are required to maintain the integrity and protect the confidentiality, and provide the health information in electronic health record (EHR) system.
In addition to cyber risks, there are threats to protected health information (for example, a missing portable device that can store or access patient information). There are also security vulnerabilities, like a user accessing improperly configured controls, or viewing of patient health information inappropriately by staff.
For any threat that might make a patient's information vulnerable, a security review of the electronic health care system must by routinely performed, and corrected whenever any disparity is found. This may include a security update with updated software, change in the workflow process or storage method, updated procedures or new policies, staff training etc. Necessary corrective action must be taken to eliminate any security deficiency or deficiencies identified with the risk analysis methods.
HEALTH INFORMATION SECURITY QUICK TIPS
A few good practices can help to meet the security requirements:
Use Encryption Technology: Whether EHR is over the Internet or locally installed, encryption technology can help to protect the patient health record from being read by any unauthorized party during transmission, or when stored on any device. For example, encrypting PHI sets information in a coded form, which can be read only by an authorized user who has the "key".
Prevent inappropriate or unauthorized access: Issue unique user name and password to the individual who will use the EHR. It would help to prevent inappropriate or unauthorized access to patient information as well as system controls. The EHR system should also have capability to associate access levels with specific roles, such as "medical assistant" or "attending physician".
Backup the system: To provide information when and where it is needed, proper back up an EHR system is essential in order to recover the system data in the event of any incident, like cyber-attack, fire, or any natural disaster.