Why Use Electronic Health Records?
Initiated during the Obama era, electronic health records (EHR) were a milestone in the healthcare industry. No more were paper records containing patient information allowed, with some very exceptions, however, but when it comes to public access via any medium, strict security methods were put into place. This was done in order to keep patients’ information as secure as possible.
What is the Downside of EHR?
For one thing, since the data is kept on networked computers, hacking and ransomware attacks have been commonplace.
Ransomware are apps that find their way into a computer system and disable access to the data. The information on the computer will remain inaccessible until the owner pays them, usually in bitcoins. Once payment is made, they will release computer access back to the owner, but not always do they honor their promise.
EHR systems are no exception to these malicious crimes and since healthcare systems are just as vulnerable, it is highly recommended that appropriate strategies are put into place in order to prevent these cyber-attacks from raising havoc on your computer systems, subsequently causing much disarray within your business.
HIPPA Security Rule
When a healthcare provider is hacked by ransomware or other malicious software, it means that someone was able to gain access to your EHR information and that is a severe PHI violation. This is why it is important for covered entities to get familiar with the HIPAA Security Rules.
The Department of Health and Human Services (HHS) states that the presence of ransomware is a “security incident” under HIPAA and this can trigger a response, resulting in reporting procedures to be initiated by HIPAA.
HIPPA Breach
It is also important to become familiar with the HIPAA Breach Rules which requires HIPAA-covered entities to notify patients and other affected parties if a breach of unsecured protected health information has occurred. As stated in abramslaw.com, “HHS guidance also states that any electronic protected health information (“ePHI”) that is encrypted by ransomware is presumed a “breach,” triggering a covered entity’s breach notification obligations.”
HIPAA’s section 164.402 defines a breach of PHI data as “The acquisition, access, use, or disclosure of protected health information in a manner not permitted which compromises the security or privacy of the protected health information.”. The HIPAA Survival Guide can provide you with all the additional information you need to know regarding unauthorized access to a computer or computer system containing PHI data.