The privacy and security risks associated with EHRs include:
- Inappropriate access. Occurs when an unauthorized user gains access to EHR data or an authorized user violates appropriate use conditions. For example, a passerby may accidentally view data on a screen or purposely manipulate it, a hacker may breach network security, or a staff member may access the records of an acquaintance.
- Record tampering. Includes occurrences such as back dating, fraudulent entries, or erasures to EHR data. Those known to tamper with health records often are authorized users of the EHR or do so by having access to a server account.
- Catastrophic record loss. Includes events such as natural disasters, hardware breakage, and software issues.
- Record degradation. Can occur during system failures such as tape breakage or scratching of optical media. In these events, data can be permanently lost.
- Obsolescence. Occurs when upgrades and replacement parts for outdated EHR systems become unavailable as newer ones emerge.
Related terms used in health IT include:
- Vulnerability. A flaw or weakness in systems or controls that is accidentally triggered or intentionally exploited.
- Threat. The potential to trigger or exploit vulnerability.
Source: U.S. Department of Health & Human Services, “Definition of Risks.” http://www.hrsa.gov website. Accessed December 2, 2015. http://www.hrsa.gov/healthit/toolbox/healthitimplementation/implementationtopics/ensureprivacysecurity/ensureprivacysecurity_1.html
© Copyright 2016. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.