Report: Majority of EHR Vendors Score in “D” Range for Security | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Majority of EHR Vendors Score in “D” Range for Security

July 1, 2014
by Rajiv Leventhal
| Reprints

More than half of electronic health record (EHR) vendors—58 percent— scored in the "D" grade range for their culture of security, according to a report from Corl Technologies, an Atlanta-based security risk management solution provider.

The report reveals that the majority of healthcare vendors lack minimum security, and also highlights that healthcare organizations are failing to hold vendors accountable for meeting minimum acceptable standards or otherwise mitigate vendor-related security weaknesses.

The Vendor Intelligence Report is based on the analysis of security related practices for a sample of more than 150 vendors providing services to leading healthcare organizations from June 2013 to June 2014. According to the report, 8 percent of vendors scored in the “F” grade range, meaning there is a lack of confidence based on demonstrated weaknesses with their culture of security. In fact, only 4 percent of vendors scored in the “A” high confidence grade range; 16 percent scored in the “B” moderate confidence grade range; and 14 percent scored in the “C” indeterminate confidence grade range. Additionally, just 32 percent of vendors have security certifications such as FedRAMP, HITRUST, ISO 27001 and SSAE-16, the report found.

These new findings are critical to addressing the growing number of security incidents at companies attributed to partners and vendors—which increased from 20 percent in 2010 to 28 percent in 2012, according to a PricewaterhouseCoopers (PWC) report in November 2013. And a 2014 PWC report found that business partners fly under the security radar: only “44 percent of organizations have a process for evaluating third parties before launch of business operations” and only “31 percent include security provisions in contracts with external vendors and suppliers.”

“The average hospital’s data is accessible by hundreds to thousands of vendors with abysmal security practices providing a wide range of services,” Cliff Baker, CEO, Corl Technologies, said in a statement. “When healthcare and industry organizations don’t hold vendors accountable for minimum levels of security, these vendors establish an unlocked backdoor to sensitive healthcare data.”

Read the source article at Press Release Services

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



KLAS Research: Small Hospitals’ Buying Decisions Impacting EMR Market Share

A new KLAS Research report tracks shifts in electronic medical record (EMR) vendor market share among acute care hospitals, and finds that smaller hospitals are seeking technology solutions that meet their needs and limited budgets, and these contracts are making a mark on the EMR market.

Survey: Majority of Providers Predict Success for New Generic Drug Company, Project Rx

Back in January, four health systems, in consultation with the VA, announced a collaboration to develop a new, not-for-profit generic drug company. A survey has found that 90 percent of providers say they would become customers of the new venture.

Personalized Medicine Awareness Low Among U.S. Adults, Survey Finds

Genetics and personalized medicine are not top of mind for the general public in the U.S., according to a recent survey from GenomeWeb and the Personalized Medicine Coalition.

Industry Organizations Praise Senate Passage of VA Mission Act

The U.S. Senate on Wednesday passed, by a vote of 92-5, a major Veterans Affairs (VA) reform bill that includes health IT-related provisions to improve health data exchange between VA healthcare providers and community care providers.

NIH Issues Funding Announcement for All of Us Genomic Research Program

The National Institutes of Health’s (NIH) “All of Us” Research Program has issued a funding announcement for genome centers to generate genotype and whole genome sequence data from participants’ biosamples.

MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).