Tightening the screws on security

In order to keep their electronic health records (EHRs) secure, Travis believes hospitals should regularly audit access rights -- checking to see who's allowed into the system, and who's been there recently.


He also notes that under a "safe harbor" provision in federal law, if hospitals encrypt their data, they don't always have to notify patients of possible breaches.

But Travis believes encryption isn't the answer to everything, and that hospitals should "use their security risk assessment to inform their decisions about where encryption makes the most sense to mitigate risk of theft, loss or intrusion" given what's involved in its use.

He suggests that data going over wireless networks or stored on backup disks away from the hospital are the best candidates for encryption.

Risks vs. benefits

Travis says despite the risks highlighted by the UNC story, EHR systems offer a huge benefit in error reduction.

"There have been real-life examples of nurses administering the wrong dose of a medication because the packaging looked similar, resulting in patient harm and even death," he writes. "If a bar code medication administration system that required the nurse to verify that the medication was the right dose for the patient prior to administration had been in place, these types of errors may have been avoided."

With the recent announcement of a Health and Human Services grant of $20 million for expanding EHR services, there could be a big boost in hospitals going paperless.

"Government incentives will likely spur the adoption of EHR technology," writes Travis, "but more importantly, hospitals are looking to adopt the technology as a way to improve patient safety and satisfaction and provide clinicians with access to critical patient data in near-real time."

Back to HCB News

More Industry Headlines