Spring 2014 issue of Horizons

PROFESSIONAL SERVICES

Safeguarding Electronic Health Records by Debbie Kasten, CPA

O ver the past several years, healthcare providers have been actively engaged in deploying electronic health record (EHR) systems to comply with the mandates of the Affordable Care Act. While there are many benefits to implementing EHR systems, there are risks and responsibilities associated with these systems. The three most common risks are inappropriate access, record tampering and natural catastrophes. ∙ Inappropriate Access: This manifests itself in one of two ways: an unauthorized user gains access to the EHR data or an unauthorized user violates the appropriate use conditions. For example, electronic health records can be accessed inadvertently in a situation when a user account is left open.

∙ Record Tampering: Electronic records can also be subject to breaches of network security that may allow a hacker to gain access to user credentials and thereby bypass the access control procedures. The ability to make changes to an electronic record depends upon the rights assigned to a user. User data modification privileges include adding, deleting or modifying data or entire records. Data can also be tampered with by directly accessing the files stored on the EHR servers using a server account rather than through an EHR user account. ∙ Natural Catastrophes: Finally, destruction by natural disaster (i.e. fires, floods, etc.) can result in the complete destruction of electronic health records.

page 40 | horizons Spring 2014