EHRs present patient data security risk, says survey

View all blog posts under Articles

A survey that was conducted by Veriphyr, a Los Altos, California-based verification and identity software company, suggests that medical informatics systems can present a significant security risk to the protection of patient health information, according to Veriphyr’s official website.

The organization’s 2011 Survey of Patient Data Breaches polled more than 90 healthcare IT managers, compliance officers and privacy officials at mid- to large-sized hospitals across the country. The report indicates that 35 percent of hospital employees accessed the medical records of their colleagues without authorization, and that 27 percent had accessed medical information on their friends and family.

“With electronic medical records, the employee can call up almost anything with a few keystrokes with no questions asked,” Alan Norquist, chief executive officer of Veriphyr, told Information Week. “What healthcare organizations need in the world of digitized medical records is identity and access intelligence tools that can monitor logs of employee access to patient data and discover the few employees misusing their access to patient data by snooping on VIPs, fellow employees, friends, relatives and neighbors.”

According to the news source, more than 50 percent of respondents in the survey did not have adequate procedures in place to detect and monitor unauthorized access to patient information. The survey further indicated that 79 percent of those polled felt that their existing security measures did not provide them with timely detection of potential security breaches.
Data from the survey suggests that upon detection, 30 percent of security leaks were handled within a period of one to three days, 12 percent were dealt with within a week of detection, and 17 percent of cases involving unauthorized access to patient data were addressed within two to four weeks following initial detection.