The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.

The Coalfire Blog

Electronic Health Records and Meaningful Use: Protecting Electronic Health Information

January 09, 2012, Chris Lietz, Vice President, Marketing & Channels

Chris Lietz

Since 2009, healthcare providers and other companies providing services to the healthcare industry have been mobilizing to take advantage of government incentives to implement Electronic Health Records (or EHRs).  These incentives were established by federal law as a part of the HITECH Act of 2009, and are now administered by the Centers of Medicare and Medicaid Services (CMS).

CMS administers that program based on the notion of Meaningful Use, which in a nutshell, is a system of measures designed to ensure that those receiving government funding are actually using their EHRs properly and contributing the intended efficiencies to our healthcare system.

The move from paper records to EHRs is designed to stimulate the healthcare industry economically and to provide a safer, better environment for patients to receive care. Rather than having individual paper records at a number of providers, an EHR allows all caregivers to electronically track health outcomes, monitor prescriptions and interactions and provide the best possible care for patients by having all of their records in central easily accessible database.

Sounds great, right? We agree – particularly, if the EHR is implemented and maintained within the context of a well-managed Information Technology Governance, Risk and Compliance program (IT GRC).  And the CMS agrees with us – that’s why they included Meaningful Use Core Measure #15:

Protect electronic health information: Providers must protect electronic health information that has been created or maintained by the certified EHR technology by implementing the appropriate technical capabilities.

Under HITECH, providers and companies who do not to diligently secure their electronic records and databases will not satisfy Core Measure 15.  Worse, they run the risk of ending up on a very public list of entities that have suffered data breaches.

How should a firm best avoid such a disaster?  Simple: conduct a comprehensive IT Risk Assessment or even better a HIPAA/HITECH compliance audit and, then based on the findings of that report, get busy implementing appropriate security controls.

The bottom line: EHRs are coming, and there are incentives in place to make them a reality.  Someday, meaningful use will be pervasive. Our hope is that those responsible for implementing EHRs will also take the appropriate steps to secure sensitive information and protect their patients and organizations.

<< Go Back

Blog post currently doesn't have any comments.

Post Topics