Doctors as data security experts? No way.

In Katherine Rourke’s June 15th post “Can Providers Cope With EMR Security Challenges?”, she asks the question of whether doctors are prepared to deal with increased challenges dealing with IT security of electronic medical records.   In my experience, this is mainly a challenge for practices that buy EMR software outright and host patient files on their own computers or server.   This is in contrast to web-based and hosted EMR systems, in which the responsibility for data encryption and security falls to the vendor themselves. The vendor then becomes responsible for software issues, including updates when the security software becomes outdated, which it seems to do at least annually, if not more frequently.  John Lynn seems to agree in his recent post over at EMRthoughts.com.

I can’t imagine any doctors having the time or training — or desire, frankly — to deal with such a rapidly evolving field.   Such personnel should, in my opinion, not be trying to tackle this problem. Go with a web-hosted alternative instead. It’s much, much easier.

Dr. West is an endocrinologist in private practice in Washington, DC.  He completed fellowship training in Endocrinology and Metabolism at the Johns Hopkins University School of Medicine. Dr. West opened The Washington Endocrine Clinic, PLLC, as a solo practice in 2009.  He can be reached at doctorwestindc@gmail.com.

About the author

Dr. Michael West

Dr. West is an endocrinologist in private practice in Washington, DC. He completed fellowship training in Endocrinology and Metabolism at the Johns Hopkins University School of Medicine. Dr. West opened The Washington Endocrine Clinic, PLLC in 2009. He can be contacted at doctorwestindc@gmail.com.

3 Comments

  • EMR security is still important even for doctors that have a SaaS based EHR system. Although, you could say they have less of a burden since they don’t have to worry about all the server security that they’d have to deal with if they have an in house server. However, they do still have requirements to protect their healthcare data.

    A simple example is a report they might export from their SaaS EHR. If they store that report on their hard drive, then they better protect the hard drive.

Click here to post a comment
   

Categories