Your clinical data may be more vulnerable than you think. According to a new study, many healthcare providers aren't meeting the grade when it comes to protecting their EMRs. What's more, they noted, the CCHIT certification that is used to distinguish ambulatory EMRs may not be worth much when it comes to security. To conduct the study, the group surveyed more than 850 provider organizations, and then conducted penetration testing of seven such systems.

Among other problems, the group found that EMR vulnerabilities can often be exploited to gain control of applications or access data, and worse, can be done by attackers of minimal skill. Not only that, it found that vendors may not address known vulnerabilities for significant amounts of time--and that they may not let customers know what the vulnerabilities are in advance. To address such broad-based EMR industry issues, the group recommended that the industry create a trade group focused on security standards, policies and processes specifically for health IT.

To learn more about the study:
- read this Healthcare IT News article
- read the executive summary of the study

Related Articles:
AMA develops EMR security guidelines. Report
GAO reports numerous security breaches. Report