Providers and the healthcare industry as a whole need to do more to assess the security risks associated with the use of electronic records systems, a new report from the eHealth Vulnerability Reporting Program suggests.
Commercial electronic health record systems are vulnerable to exploitation given existing industry development and disclosure practices, according to 15-month study conducted by eHVRP, a collaborative of health care industry organizations, technology companies and security professionals.
Some of the findings of the study: System vulnerabilities could be identified using standard tools and techniques; EHR vendors are either not disclosing or inadequately disclosing system vulnerabilities to customers; and no industry organization could be identified that has established guidelines or practices to appropriately manage risks associated with ehealth systems.
The full report will be available at http://www.ehvrp.org/report.html
