Question: What is the biggest issue you’ve seen with HIPAA and the electronic health record (EHR) implementation process?
Answer: “One of the problems that I’ve seen has to do with the security, the implementation that’s been done for the system itself,” Sheldon-Dean says. “I’ve seen that the vendor comes in to do a lot of the implementation.”
After the vendor leaves, make sure you review the security of all the EHR software, Sheldon-Dean advises. And make sure the vendor doesn’t leave the software open, “because I have run into situations where the vendors have left behind a relatively insecure installation.” Also ensure that the vendor configures the EHR correctly.
Another issue is remote access to the EHR. Make sure you have good controls for remote access and think about how you can secure all devices, Sheldon-Dean recommends. “Will there be any health information winding up on those devices or not, and then how can you secure those [devices] if you do wind up with health information on them?”
Although having the EHR available remotely to healthcare providers is often very useful, “just make sure you do that carefully,” Sheldon-Dean warns. “Have some good policies and procedures, and of course training for the individuals.”