Continuously evaluating your security with the ever changing technology landscape

Full article: We have seen a surge in the implementation of electronic health records. This of course has improved access to patient medical data and made it accessible from literally anywhere in the world. But with the incredible growth seen in Smartphones in consumer market and clinicians, comes the challenge of what to do to ensure the protection and safety of the medical records. When an organization selects to implement a complete EHR in their environment the software vendor will assist in implementing, configuring, installing and maintaining the system. They will also stage the system for accessibility from patient portal, Smartphones, Tablets, and other methods. But as health information becomes more accessible from different devices and at different points this creates a daunting task for many IT departments to ensure the security of the entire infrastructure. The real security difficulty that we will be facing in today’s complex environment is the unknowns created by some of the newly adopted mobile devices. But mobile devices are not the only ones that can pose a potential risk for data exposure. While most EHR advertise that the patient data is secured and can only be accessible by users who are allowed to see that information, it is far from the truth. Following is a list of dangerous situations that can jeopardize patient’s information: Some EHR products while installed on an end user’s PC download data to the workstation’s temp folders and retain protected health information in the local station accessible by ANYONE locally. Windows Phone 7 SD file system is not encrypted which means that installed apps can be read and accessed if the device is compromised Several EHR products use database engines that can easily be accessed and data extracted by technical staff who may not and should not have access to clinical data (Database Example: Advantage, Ctree, SQL, MySQL, etc..), and there are several available tools online that can help gain access to health data that otherwise should only be accessible by the end user. Few products in the market place also allow unsecured emails send from the applications that may contain sensitive medical information regarding the patient. Web servers that maybe exposed to the internet from within the organization to provide access to data for Smartphones and tablets through web services. This requires far more complex security planning to ensure its protection as it is more exposed to the elements that may target the organization EHR products that store images or documents such as scanned charts in wide open shares for anyone to access from the organization While we have several other areas that can pose a risk for health organizations and allow data to be leaked out, many CIO and health administrators have followed a methodology to ensure that their data is protected and secured regardless of the new products and technologies implemented.