Compliance, Data Loss Prevention

2 Big Steps to Keep Electronic Health Records Secure

By Veriato Team

Many industries have sweepingly digitized their documentation in the name of efficiency – substantial efficiency. The healthcare industry created the electronic health record (EHR) in the name of efficiency as well (among other benefits). But EHRs are far from universal in the medical space. While some hospitals and practices are simply slow to adopt modern practices, the greatest barrier to the universal adoption of electronic health records is privacy and security.

As noted in a Journal of Medical System article, Security Techniques for the Electronic Health Records, “With the advancement of technology, the emergence of advanced cyber threats has escalated, which hinders the privacy and security of health information systems such as EHRs.”

But healthcare organizations can’t run from digitalization forever. Nor can they ensure information security with paper documentation. Stakeholders in this industry must focus on implementing data security measures – like those in any other industry.

3 Staples of Data Security

Not every organization uses the same exact security techniques. Business structures are different. Data needs vary. And of course, budgets are not made equal. Yet, there are three pillars of security that every organization must lean on to keep confidential information confidential.

  1. Administrative Security
    A high-level measure, administrative safeguards revolve most around people – employing a Chief Information Security Officer, conducting risk analyses, and developing contingency, business continuity and disaster recovery plans.
  2. Physical Security
    As its name suggests, physical safeguards include access controls such as RFID badges, workstation security, and assigned security responsibilities to members of your organization.
  3. Technical Security
    Digital records require digital protections, of which there are many techniques – access control, entity authentication, data encryption, firewalls, and audit trails, to name a select few.

Each of these categories deserves your attention, but if there are only specific techniques you can learn about this second, let it be firewalls and cryptography.

2 Essential Measures of EHR Security

Healthcare organizations’ most commonly-implemented data security measure is firewalls. There are many kinds of internal and external firewalls of course, but they’ve categorically helped organizations secure their networks and the data that’s stored within them.

A packet filtering firewall sifts through your internal electronic feeds and prevents externals feeds from penetrating your network. Similarly, a status inspection firewall filters your feeds; but it can also dynamically correlate incoming feeds with previously filtered feeds to verify their security. An application-level gateway firewall grants user access to external network connections only after scanning each IP webpage for threats. Lastly, a Network Address Translator hides your intranet IP address from external users, creating a barrier between your intranet and local area network.

Cryptography has also been instrumental to safeguarding electronic health records and systems. Especially during exchanges of such data, encryption ensures that health information is unrecognizable while in transit. Only users with the decryption key are able to unlock and read the data. In addition, the process of exchanging confidential information should be recorded when the encryptions are being enabled or disabled to track data access.

Though these are just two data security tactics, they are critical steps to take. Start here, assess your current level of security in these areas, and act before it’s too late.


Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Productivity & Insider Risk Resources

Work From Home, Quiet Quitting, and How Insider Risk Has Changed

Work From Home, Quiet Quitting, and How Insider Risk Has Changed

March 2023 marks approximately three years since the world shut down at the beginning of the Covid-19 pandemic. Since then, organizations have seen their workforce change considerably. What was originally a short term plan to work from home has become ingrained in our...

Focusing On Productivity Helps Reduce Insider Risk

Focusing On Productivity Helps Reduce Insider Risk

Many companies are concerned by the uptick in insider risk that’s come with the work-from-home boom. By one estimate,  58% of office workers work from home at least one day a week. This trend creates blind spots for companies. Managers see their employees less often,...

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz, CEO of Veriato, gave an interview to ISMG at this year's RSA Conference in San Francisco. In it, Elizabeth covers the challenges of maintaining data security in the remote or hybrid workforce environment and the rising cost of data breaches. She also...