be_ixf;ym_202405 d_30; ct_50

ChartLogic Team

EMR Security: A Return to the Basics

April 15, 2013

Clinician, EHR 2 Minute Read

All too often I come across headlines along the lines of “Data breach affects millions” or “5 hospital workers fired over inappropriate EMR behavior,” which has caused a lot of people to conclude that EMRs are unsafe.

In reality, though, electronic medical records are actually more secure than paper records, but one can’t simply plug in their fresh-out-of-the-box EMR and expect that records will be kept safe if they continue to follow their old paper standards for security. Different technology calls for different security measures; this cannot be taken lightly when dealing with social security numbers, insurance information, and health conditions that patients don’t want to broadcast to just anyone.

HIPAA recently released new standards that will protect patient privacy in a digital environment, but it’s important to remember basic security protocol as well.

1. Get creative with passwords. As tempting as it is to use simple passwords for multiple uses, don’t do it. Ideally, every application you use should have a different password that is at least eight characters long, contains at least one number, and has at least one case change—the more seemingly random, the better. Use pneumonic devices if necessary to help you remember your passwords. To help combat password overdose, ChartLogic 8 includes a single sign-on feature, which means you’ll only need one secure password to access the two main components of the software—EMR and practice management.

2. Always lock your device. This goes for all devices you use—PC, tablet, smartphone, etc. Most EMRs automatically go into lock mode after being idle for more than a few minutes, but get in the habit of locking things up when you’re not there to monitor it.

3. Make sure your anti-virus software is up to date. Anti-virus vendors update their software regularly, so make sure your software is updating alongside it.

The information in your EMR should be encrypted as well, so even if your device is lost or stolen, prying eyes won’t be able to view any data.

Related Posts