Needed: A Security Tune Up

As the nation's health industry embraces electronic health records, one area that certainly will become a hot topic -- even more so than now -- is the security of those records. If history is any indication, the digitized medical files will be just as susceptible to hackers and unauthorized users' prying eyes as most other electronic files stored on every network nationwide.

An article posted on Monday by Atlantic Information Services Inc., a publisher of health care information, paints one security breach scenario in an unflattering piece on EHRs.

. . . typical electronic health records systems are not so finely tuned to demand authentication of, for example, the treating psychiatrist before allowing access to the patient's psychotherapy notes.

"Unfortunately, a lot of EHR systems were developed with general access to the medical records," says [Cheryl Rice, vice president and chief corporate responsibility officer for Catholic Healthcare Partners, a Cincinnati-based nonprofit with 32 hospitals]. If physicians (or other caregivers) are allowed access to the medical record, they can see pretty much anything. That's why firewalls are critical in EHR systems; hospitals must protect the entire medical record and sensitive portions.

"The purchasers of EHR systems should be very diligent in asking about these systems and whether they have these firewalls and in holding vendors accountable," Rice says.