eHVRP Study Finds Healthcare Industry Must Do More to Protect Electronic Health Record Systems - Articles & News About Health

eHVRP Study Finds Healthcare Industry Must Do More to Protect Electronic Health Record Systems - Articles & News About Health

Stop Parking Domain NamesDevelop Your Domain Names

eHVRP Study Finds Healthcare Industry Must Do More to Protect Electronic Health Record Systems

Dallas, TX (PRWEB) September 17, 2007 -- The board of the eHealth Vulnerability Reporting Program ( (, today made public the results of a fifteen-month study assessing the security risks associated with electronic health record (EHR) systems ( The study evaluated current industry information security practices, assessed level of risk related to EHR systems, benchmarked healthcare information security practices against other industries, and produced a set of recommendations relating to activities beneficial to protecting information systems in the healthcare industry.

The increasing adoption of ehealth systems including EHRs is fundamental to the transformation of the healthcare system. The information created, accessed and stored in these systems, and their ability to integrate with health information networks and data exchanges, introduces complex security issues. This, coupled with the rising number of information security breaches, has raised concerns regarding their vulnerability.

?The industry is investing in, and relying heavily on, the promise that these systems offer through improvements in quality and efficiency of care. As such, we must take every measure possible to protect these systems, avoid any disruption in their use, and to ensure consumer confidence is maintained,? said Dr. Robert Mandel, Vice President, Health Care Services, Blue Cross Blue Shield of Massachusetts and eHVRP board member.

Although existing application certifications are an important tool to aid in evaluating applications, including their functionality, interoperability and security capabilities, these certifications do not address application hardening or known vulnerability reporting.

"The utilization of health information networks allows entities both large and small to access enormous amounts of patients? medical information in electronic form. Patients expect their information to be protected, therefore, data sharing is only possible when patients trust that their privacy will be protected," said Dr. John Halamka, Chief Information Officer, CareGroup Health System and Harvard Medical School, chair of the Healthcare Information Technology Standards Panel (HITSP) and eHVRP board member.

?It is important to recognize that information security vulnerabilities are mostly defects in the application or underlying environment and a certain number are a fact of life for all complex information systems,? said Paul Connelly, Vice President and Chief Information Security Officer, Hospital Corporation of America and eHVRP board member. ?However, the key is to ensure organizations are expeditiously made aware of the vulnerabilities and have policies, practices and technology to assess and mitigate these risks. As a large healthcare organization we have resources to address these issues that may not be available to many smaller organizations. As an industry, we need to work with our vendor partners to establish consistent expectations regarding security.?

Synopsis of Study Findings and Results

The study was supported by various working groups, penetration testing resources and demonstration sites, and was overseen by a board of advisors. The study included a survey of over 850 provider organizations, and penetration testing of seven ehealth systems, including five CCHIT certified ambulatory EHR systems. The evaluation and testing was performed on EHR systems targeting small, medium and large practices. It was not intended to be representative of a specific EHR system, but to understand the type and severity of vulnerabilities, and practices and processes implemented by vendors and customers to mitigate security related issues.

The overall finding from the study concludes commercial EHR systems are vulnerable to exploitation given existing industry development and disclosure practices. A summary of the findings is as follows:

? In all cases, evaluated EHR system vulnerabilities could be identified using standard tools and techniques. Subsets of these vulnerabilities were exploited to gain control of the application and access to data to demonstrate the potential consequences.

? EHR vendors are either not disclosing or inadequately disclosing system vulnerabilities to customers, preventing organizations from appropriately managing risk or implementing compensating controls.

? No industry organization could be identified that has established guidelines or practices to appropriately mitigate and manage risks associated with ehealth systems.

? No industry organization could be identified that has the responsibility, charter or mission to address security vulnerabilities in ehealth systems.

Given these findings, a set of recommendations were developed and are summarized as follows:

? To establish better collaboration between customers, EHR vendors and information security vendors to facilitate exchange of vulnerability information.

? To create educational material and support outreach on information security issues relating to ehealth systems.

? To create guidelines and requirements for EHR vendors and customers regarding systems hardening and implementation of compensating controls.

? To encourage and facilitate information security software and services vendors to develop solutions to address the needs of common ehealth systems (such as CCHIT certified EHRs) and solutions targeted at smaller organizations.

? To establish an entity to carry forward recommendations noted in the study.

?We volunteered to be a demonstration site to aid us in gaining a better understanding of the methods used by people trying to gain unauthorized access to our systems and data. We wanted to participate with other EHR users and vendors to share information, define processes to identify vulnerabilities, and mitigate methods attackers could use to exploit them,? said Leo Dittemore, Director, IS Security, HealthCare Partners Medical Group. ?We have since implemented compensating controls such as a host intrusion prevention system, which has addressed issues with no impact on operations or usability. We look forward to continuing this partnership in supporting our patients, providers, and partners.?

"As the healthcare industry strives to rapidly externalize and make health information transparent, it must also take appropriate measures to protect private and confidential information from inappropriate disclosure,? said Catherine Peper, CISSP, CISM and VP of Health Information Technology at Blue Cross and Blue Shield of Florida and eHVRP board member. ?We must work together to prevent external parties, or misinformed or misguided internal ones, from exploiting vulnerabilities in electronic medical record applications. It is the board?s hope that the industry receives this message and responds appropriately.?

"The healthcare industry is taking steps to be more diligent and coordinated in addressing information security issues,? said Daniel Nutkis, Principal, DNI and eHVRP board member. ?To that end, a number of leading organizations representing providers, medical device manufacturers, electronic health record vendors, information security vendors, health plans, pharmacies and pharmaceutical manufacturers have begun the formation of an organization to shepherd and guide information security issues facing the US healthcare industry. The organization will focus on information security process, practice and policy, while coordinating with the existing national and international standards and certification organizations. It will publicly announce its plans shortly.?

"The next-step security effort should produce tangible, practical guidance that maintains the quality and continuity of healthcare delivery," said Dr. Nick Mankovich, Director Product Security & Privacy, Philips Medical Systems. ?As a security and privacy leader working with medical devices, I am pleased to join providers, IT vendors, health plan leaders and others in realizing security that meets the needs of 21st century healthcare and that we and our families can trust. The challenge is to balance the requirements of the diverse players and produce real improvement."

An executive briefing document summarizing the report including findings and recommendations is available at Additionally, the full report will be made available shortly and will also be available at

Founded in May, 2006, the eHealth Vulnerability Reporting Program ( (eHVRP) is a collaborative of health care industry organizations, technology companies and security professionals. eHVRP?s mandate is to establish approaches and procedures that will help ensure eHealth systems are broadly and rapidly deployed with the highest levels of privacy and security. For more information please visit our website at

This press release has been reprinted from PRWEB per the terms and conditions of the copyright notice.

St. George Complimentary Alternative Health Care Offers Free Wellness Scans During Focus on Nutrition Month

The desire to get healthy and stay healthy is the primary reason more and more people are turning to natural health care, or complementary and alternative medicine, according to this St. George Hinkle practices alternative medicine utilizing personalized biofeedback using ZYTO technology, nutraceutical assessments, medical foods, bio-identical hormone evaluation, chelation, lifestyle changes, and body composition analysis.

Health & Dental Care Costs Rising At Epidemic Proportions – Here''s How To Protect Yourself & Family

Health care costs are now approaching 15% of our national economy and the economic repercussions have been felt by most American families as employers are unwilling to absorb the bulk of the health care cost burden.In 2004, employer health insurance premiums increased by 11.

Doctor-led Health Care Organization Offers Free Web site, Membership to Mental Health Counselors

The International Assoc. of Dental and Medical Disciplines has a health care plan that brings together all medical disciplines and calls for them to work together to provide the best possible whole-body care.

Health Care - If You Love Health Care

All about Health Care: Intended For Individuals

A Diet Primer For Health Food And Vitamins

Quite often, we want to eat healthier but don?t know exactly how to start. Sometimes food you think might be good may in fact not be right for you, and vice-versa. This article looks at some simple diet changes you can start to make right away that will improve your overall health.

Health Care and Health Insurance Costs Can Be Controlled Through Lifestyle Choices

As you probably know all to well, the cost of healthcare and health insurance premiums continue to increase at levels substantially above the general inflation rate. The reasons given for these extraordinary cost increases are numerous and include: technological advancements in the medical field, increased demand for medical services and prescription drugs, the aging of the population, cost shifting caused by the uninsured and governmental reimbursement rates, state and federal mandates, and costs associated with medical related lawsuits.

New Health Website Provides Health Tips About Alternative Natural Health Care

Summary: In answer to the need for helpful information on alternative natural health care a new site, has been launched. The site provides quality information regarding alternative health issues and is the brainchild of Mike Hepburn.

Senior Health Care Insurance - Sourcing The Right Plan

As people reach their senior years the task of protecting assets and putting in place the appropriate legal, financial and health coverage can be quite confusing and somewhat daunting. As people reach their senior years the task of protecting assets and putting in place the appropriate legal, financial and health insurance coverage can be quite confusing and somewhat daunting. One of the most complicated matters that is required to be addressed is that of putting in place an appropriate senior health care insurance plan. As such it is vitally important to recognize that there are quite a number of options that should be considered when it comes to this specialized type of insurance. However, once the required information is obtained it make...

The PIE Diet - Mental Health Food

"The PIE Diet - Mental Health Food" reveals an award-winning program for individual growth, which has previously been available only to the corporate world. It outlines necessary action-steps to make the "law of attraction" work for, and not against, individuals and corporations. Contained is a easy step-by-step process for conditioning the subconscious mind to both envision and enable control of who we are, what we do, and what we desire to achieve with our lives.

Hormel Health Labs Launches Health Food Website for Seniors

For the seven million elderly Americans receiving home-based medical care, staying healthy just became easier. Hormel Health Labs, one of the nation''s leading providers of nutritional products geared towards seniors, has announced the launch of its new ecommerce website, . The new site makes it easy for caregivers to order essential, healthy products to improve the lives of their loved ones.

Diet for Disease Prevention and Senior Health Care

Maintaining a healthy diet throughout life can do more than just keep you slim and fit. Healthy eating is important to senior health care and can sometimes prevent diseases such as heart disease and cancer, as well as provide relief for diseases such as osteoporosis. Unfortunately, the importance of eating well is often pushed aside by our busy day to day lives. We continue to jeopardize our future health and get caught up in the cycle of fast food, large portions and sodium laden meals. A healthy diet doesnt have to be daunting on our schedules, or mean giving up all the food we love. A simple eating plan can actually make meals and snacks more efficient for both our time and our bodies.

Natural Health Care and Holistic Dog Health

Holistic dog health care has emerged as a natural way for pet owners to ensure that their dogs are healthy, living long, happy lives well into old age. Perhaps the most important aspect for a dog''s health would be a unique blend of vitamins, minerals, and other nutrients to make sure the joints, organs, and digestive systems make work in harmony as well with the skin and coat being healthy. A diet of meat, vegetables, and whole grains without any processed foods or unnecessary fillers is usually recommended when following the holistic approach to dog care.

World Health Care Congress Launches to Encourage and Focus Health Care Reform Discussion

The World Health Care Congress today announced the launch of (, an innovative and comprehensive web site that brings the real issues in health care reform to a broader audience.

Baby Health Care, Child Health Tips, Parenting Guide, Baby Strollers, Massage

Vitamin Diet Patch Now Available for Health Food Stores from NAZCO Wholesale Herbal Supplement Dropshipper

Health food supplement diet patches are a blend of herbal nutrients, offering safe and effective weight loss diet application like a nicotine diet patch. The supplements diet patch allows the herbal formula on the diet patch to enter directly into the bloodstream, suppressing appetite between meals while providing weight loss, diabetes and chronic fatigue relief support and increased energy level on the go.