5 Proactive Steps to Increase Your EHR Security

Posted by Julia Foster on July 13, 2015 in Blog, General

5 proactive steps to increse your EHR (1) copy

 (Photo by NEC Corporation of America used under CC/Desaturated from original)

5 Proactive Steps That Will Increase Your EHR Security

EHRs are beneficial in many different ways.  EHRs improve patient care, involve patients with their own healthcare information and allow providers to use information more effectively; these are just a few of the many benefits.  With all these benefits, comes an increased risk of data breaches and security threats.  All entities covered under HIPPA are responsible to maintain the privacy and security of patient health information.  The best way to protect EHRs and your system is by taking a proactive approach to HIT security.   Here are 5 proactive steps you can take to help ensure your practice is protected against different security threats.


Protect yourself against viruses and malware

Needless to say, if your system gets a virus, the day-to-day work flow will be greatly interrupted, leading to decreased efficiency and possible unsatisfied patients.  The main elements to protect your system from viruses and malware are technical security, administrative security and environmental security.  To maintain a high level of technical security be sure to encrypt all data at rest, implement security passwords and conduct virus checks often.  To ensure administrative security be sure you have implemented a security policy and it is being enforced.  Installing alarms and screen protection hardware/software will assist in maintaining a high level of environmental security.


Guard against improper and unauthorized system use

Using unique usernames and passwords increases security against unauthorized use.  These usernames and passwords should be required each (and every) time an authorized user uses the system.  Be sure to keep a record of all usernames and passwords in an accessible, but protected file.


Don’t forget about smartphones and tablets

Mobile devices can be little more difficult to protect than desktop computers.  That is why proper security is important.  Be sure all mobile devices are encrypted.  Make sure the EMR software you are using has proper security settings for mobile devices.  Look for an EMR system that is customizable and fully integrated.


Increase your cyber security, both internal and external

The best way to do this is through process documentation, admin IT safeguards, configurable security settings (such as the ability to give different users different levels of access) and full analysis for weak points in your data system.


Invest in your staff

Require your staff to participate in trainings and information sessions regarding your internal security policy.  Build your practice’s culture around security.  Provide staff with situational trainings that happen often and engage attendees. Track responses to the training, whether they be positive or negative, and use that information to improve future trainings.  Provide staff with visual reminders and work place clues.  Give positive reinforcement for successful actions and proactive measures taken.


Taking a proactive approach can help avoid data breaches and increase your practice’s efficiency.  Following the proactive steps provided, your practice will become much less likely to be involved with a data breech.



Leave a Reply