The security risks associated with EHR systems are vulnerable to exploitation, according to a study published by the eHealth Vulnerability Reporting Program (Dallas), a collaborative of health care industry organizations, technology companies and security professionals.
The study evaluated current industry information security practices, assessed EHR risk levels, benchmarked healthcare information security practices against other industries, and produced a set of recommendations for protecting healthcare information systems.
Key findings of the study include:
· In all cases, evaluated EHR system vulnerabilities could be identified using standard tools and techniques.
· EHR vendors are either not disclosing or inadequately disclosing system vulnerabilities to customers.
· No industry organization could be identified that has established guidelines or practices to appropriately mitigate and manage risks associated with ehealth systems.
· No industry organization could be identified that has the responsibility, charter or mission to address security vulnerabilities in ehealth systems.
Click here for a complete summary of the findings.