Ensuring Security When Migrating to a New EHR Provider

Our post ‘How to Choose the Right Replacement for Your Current EHR’ discussed how transferring electronic health records (EHR) systems to a new vendor software is not to be taken lightly. As EHRs are essential to day-to-day operations and a significant amount of time and money must be devoted to them, it only follows that their protection against various security concerns is essential. In this article, we will be covering the various risks to consider when migrating to a new EHR provider and how to properly prepare for them.

Typically, moving data from one EHR provider to another carries inherent security risks due to the large volumes of sensitive data that will be exposed and moved. Electronic Health Reporter explains how there are ways to avoid a security issue. For example, this risk can be offset if the original vendor is willing to communicate with the new vendor by providing them with crucial information regarding their data structure in order to make the process easier and safer. Upgrading to a newer version of the same product also carries comparatively minimal risks.

Unfortunately, most vendors won’t share more than the legally required amount of information, especially if the move is to a competitor. This is the least secure and most time consuming kind of data migration, as it forces the new provider to possibly manually load, review and reconcile each patient’s data, leaving it exposed for longer.

Medical journalist Eric Seaborg explains that EHRs are vulnerable to security breaches because medical records now fetch a higher price on the black market than credit card numbers. The risks that come from exposing medical data can be anything from releasing your social security details to malicious tampering like changing someone’s blood type, which could end up with the wrong blood being transfused in an operation. He also notes that once the details of a patient are made public it is impossible to withdraw that information.

Because EHRs are now being widely used and shared more than ever, Inside Digital Health anticipates that security threats will only increase. The good news is that healthcare providers can protect themselves by performing a cybersecurity assessment before the migration takes place. Additionally, it is of paramount importance that all information be encrypted as it renders the information unreadable should it be intercepted. These steps, combined with other precautions like stronger user authentication and building a security-centered company culture, will certainly pay off in the long run.

Given all of the above, it is obvious that the healthcare industry is facing a number of challenges when it comes to cybersecurity. Yet the irony is that most hospitals don’t have dedicated cybersecurity personnel. A Verge post entitled ‘Health Care’s Huge Cybersecurity Problem’ notes many hospitals are unprepared especially in small and rural communities where they already don’t have enough staff as it is, let alone cybersecurity experts. To get a sense of the uphill challenge hospitals face, Maryville University reports that information security jobs rank third “among technology jobs hiring managers are struggling to fill” across all industries. Many of the top cybersecurity experts from universities and security companies will seek lucrative careers in finance and business rather than the healthcare industry. This shows how much more needs to be done in order to better protect patients, especially when migrating data to a new EHR provider.

Data Security Editorial penned by Jaci Buchan for the sole use of medez.com