Electronic health record (EHR) systems are dramatically reshaping the collection and standardization of patient medical information. Thanks to digital recordkeeping it is easier than ever before to collect, store and share patient information amongst providers and practices.
For senior housing operators, the use of EHR makes it possible to be more proactively engaged in the cycle of resident care. However, these systems may come with a price. Security hacks of electronic medical information have more than doubled this year, costing the healthcare system $50 billion.
For senior housing executives looking to effectively use EHR systems, it is critical to understand both the risks and best practices related data management. One way to look at security is through the lens of the three C’s: Make it Comprehensive, Complete, and Current.
Data security in EHR systems does not reside in just one place. Data may rest in physical servers among multiple providers in separate locations, or with third-party cloud services or some combination of the two. Information increasingly resides on mobile devices as well. All this hardware, and all the networking connections that tie it together, are part of the EHR security equation. A comprehensive approach will consider vulnerabilities at each juncture.
Completeness means looking beyond the more obvious components of EHR. Many operators will think to safeguard the databases and software systems directly attached to electronic health records. But not all providers realize that much of today’s medical equipment also is able to access the Internet directly. Wearable devices and diagnostic equipment used in telehealth often are web-enabled, to facilitate remote diagnostics and consultation. In order to completely safeguard EHR, therefore, it is necessary to ensure that any such Internet-aware medical devices are taken into account as part of the overall security strategy.
Digital security does not happen just once. Rather, threats evolve over time. In addition to changes in strategy among outside attackers, one’s own internal networks may grow and change. New software, new hardware new configurations, new users — any or all of these changes can impact the organization’s security profile.
EHR security therefore requires ongoing review and update. This should include an annual top-down assessment of all systems related EHR, as well as monthly strategy sessions and ongoing updates to hardware and software, as well as any needed personnel training. Many will find it helpful to engage the services of a trusted provider who can help to monitor network health and ensure ongoing security across hardware and software platforms.
EHR presents a profound opportunity for senior housing organizations to become more deeply imbedded in the healthcare cycle, to become more effective advocates on behalf of their residents. In order to do so, senior housing executives must ensure that any and all systems feeding into EHR are held to the highest levels of data security. By taking an approach that is comprehensive, complete and current, it is possible to ensure that residents receive the maximum benefit of EHR while exposing the organization to the minimum cyber risk.