Using a few added security services, small and medium businesses can run affordable EHR systems without worry. Find your options.
Whether your practice uses a thousand-dollar EHR (Electronic Health Record) or free software, security should be your primary concern. Small and medium businesses (SMBs) are not financially equipped to pay a large sum for expensive EHR systems. Moreover, the software from large vendors may not exactly meet the requirements of SMBs. For these reasons, SMBs often rely on less expensive options.
This is arguably a smart move from an economic point of view. But what about security of health information in electronic health records? Do these systems fully comply with regulatory requirements including HIPAA? Is there a way to enhance the security of EHR using other means?
No doubt, the government requires every EHR vendor to follow basic security measures like encryption (during storage) and access control. However, these might not be enough to prevent a sophisticated attack. Moreover, a number of processes during the use of an EHR can still be open to an attack. For example, texting, videoconferencing (video telehealth), sending or receiving email etc.
As per HIPAA, EHR vendors become business associates only when they have access to the health information. Simply put, if they host your data, they have to comply with all the requirements just like the covered entities. However, those vendors who merely sell software do not need to sign a business associate agreement (BAA).
Read the rest of this post »