Report: Majority of EHR Vendors Score in “D” Range for Security | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Majority of EHR Vendors Score in “D” Range for Security

July 1, 2014
by Rajiv Leventhal
| Reprints

More than half of electronic health record (EHR) vendors—58 percent— scored in the "D" grade range for their culture of security, according to a report from Corl Technologies, an Atlanta-based security risk management solution provider.

The report reveals that the majority of healthcare vendors lack minimum security, and also highlights that healthcare organizations are failing to hold vendors accountable for meeting minimum acceptable standards or otherwise mitigate vendor-related security weaknesses.

The Vendor Intelligence Report is based on the analysis of security related practices for a sample of more than 150 vendors providing services to leading healthcare organizations from June 2013 to June 2014. According to the report, 8 percent of vendors scored in the “F” grade range, meaning there is a lack of confidence based on demonstrated weaknesses with their culture of security. In fact, only 4 percent of vendors scored in the “A” high confidence grade range; 16 percent scored in the “B” moderate confidence grade range; and 14 percent scored in the “C” indeterminate confidence grade range. Additionally, just 32 percent of vendors have security certifications such as FedRAMP, HITRUST, ISO 27001 and SSAE-16, the report found.

These new findings are critical to addressing the growing number of security incidents at companies attributed to partners and vendors—which increased from 20 percent in 2010 to 28 percent in 2012, according to a PricewaterhouseCoopers (PWC) report in November 2013. And a 2014 PWC report found that business partners fly under the security radar: only “44 percent of organizations have a process for evaluating third parties before launch of business operations” and only “31 percent include security provisions in contracts with external vendors and suppliers.”

“The average hospital’s data is accessible by hundreds to thousands of vendors with abysmal security practices providing a wide range of services,” Cliff Baker, CEO, Corl Technologies, said in a statement. “When healthcare and industry organizations don’t hold vendors accountable for minimum levels of security, these vendors establish an unlocked backdoor to sensitive healthcare data.”

Read the source article at Press Release Services



NewYork-Presbyterian, Walgreens Partner on Telemedicine Initiative

NewYork-Presbyterian and Walgreens are collaborating to bring expanded access to NewYork-Presbyterian’s healthcare through new telemedicine services, the two organizations announced this week.

ONC Releases Patient Demographic Data Quality Framework

The Office of the National Coordinator for Health IT (ONC) developed a framework to help health systems, large practices, health information exchanges and payers to improve their patient demographic data quality.

AMIA, Pew Urge Congress to Ensure ONC has Funding to Implement Cures Provisions

The Pew Charitable Trusts and the American Medical Informatics Association (AMIA) have sent a letter to congressional appropriators urging them to ensure that ONC has adequate funding to implement certain 21st Century Cures Act provisions.

Former Michigan Governor to Serve as Chair of DRIVE Health

Former Michigan Governor John Engler will serve as chair of the DRIVE Health Initiative, a campaign aimed at accelerating the U.S. health system's transition to value-based care.

NJ Medical Group Launches Statewide HIE, OneHealth New Jersey

The Medical Society of New Jersey (MSNJ) recently launched OneHealth New Jersey, a statewide health information exchange (HIE) that is now live.

Survey: 70% of Providers Using Off-Premises Computing for Some Applications

A survey conducted by KLAS Research found that 70 percent of healthcare organizations have moved at least some applications or IT infrastructure off-premises.