A recent announcement of Java 7 security vulnerabilities coupled with broader HIPAA patient security rules have many healthcare professionals asking, “What does Java 7 have to do with healthcare?”  The answer is: More than you think. Numerous cloud-based software products, including practice management and EHR systems, utilize Java 7 to access practice information and patient records.  Java 7 has been under scrutiny the past few weeks since Polish research firm Security Explorations identified three vulnerabilities. These types of vulnerabilities could allow an unauthenticated attacker to execute arbitrary code on a vulnerable system, according to the National Cyber Security Division of the Department of Homeland Security. What many medical professionals don’t know is that there are two different ways that cloud-based [cont...]

The recent earthquake and tsunami in Japan forced the technologically advanced nation to find a way to treat patients remotely since thousands had no access to in-person treatment. While it was a horrific tragedy, it did put the spotlight back on telemedicine as a solution for events like this and getting access to health care for patients in rural or hard-to-reach areas.

I’ve been following with interest the blog dialogue about data backups. Having spent more than a quarter century in the information technology industry and the health care technology business, I’d like to offer our perspective on this very critical issue. John, you’re right.  A very large number of doctors in the market for EMRs today are still considering client server systems, and they should be very concerned about finding a viable backup method. However, the data backups that you’re talking about —  which may be nice for some files such as Excel files or family photos — do not come close to offering the level of protection necessary for mission critical health care applications like electronic health records. Backing up [cont...]

Addresses why off-site backups for providers are no longer part of the discussion and why Internet-based technologies are perfect for EHR and Practice management systems.

As previously discussed on this blog, one of the biggest hurdles to making health IT fully interoperable is that it increases the chance of massive scale privacy breaches due to some systems being less secure than others. In the Health Information Technology for Economic and Clinical Health (HITECH) Act, Congress inserted a clause requiring that in the event of a breach, all persons whose health information was compromised must be notified. Under the regulations, not only would the care provider be required to notify their patients; a breach by the EHR vendor in turn must also be communicated to the care provider. This creates an incentive for the vendor and provider alike to ensure the highest levels of security are [cont...]

Hospitals and practices are concerned about the security of their patients’ information, and rightfully so. The fear of data pirates and hackers prevents many health providers from making the switch from paper records to electronic ones. However, as this Colorado hospital discovered, sticking to paper records won’t prevent the possibility of confidential patient information being compromised or stolen. In fact, providers wanting to maximize the security of their patient information might consider that it is much easier to keep patient information secure if it is housed in digital format with proper access and audit controls. Client-server-based systems that still rely on staff backing up information on tapes are simply relocating the problem, as a rash of news stories recently has [cont...]

Privacy and security concerns are one of the many hurdles that the health care industry needs to overcome before EHR adoption catches on properly. Unfortunately, the sensible goal of making electronic health record systems interoperable (itself a complex task due to the huge variety of software solutions currently on the market) adds to these security headaches, because systems have differing levels and types of security, and security breaches in one system could, in an interoperable world, be even more serious and potentially compromise the whole nation’s records. HIPAA (The Health Insurance Portability and Accountability Act) goes a long way to address many privacy and security concerns, but it leaves some important holes, which the Health IT Standards committee is currently [cont...]

During the past year, data thieves have compromised computer systems at a myriad of universities, including Ohio University, Notre Dame University, Georgetown University, Western Illinois University and University of Alaska-Fairbanks, leaving many questioning the vulnerabilities of campus networks, and challenging college Information Technology (IT) personnel to find new approaches to securing the personal data of students, faculty and alumni. While a slew of hacking incidents in corporate America have gained recent national attention, experts say that academic institutions are in many ways more vulnerable than corporations to security breaches because universities engender a culture that emphasizes openness and information sharing, not firewalls and threat prevention. “Even though most colleges and universities employ a professional IT staff, each campus department or [cont...]