Electronic Medical Records (EMR) have been widely adopted by healthcare providers to improve operational efficiency and patient care.
As with the adoption of any new technology that continues to evolve, with benefits come risks. EMRs have given rise to new considerations around cyber risk for healthcare providers and have helped spark a conversation around the potential impact cyber security can have on patients.
When it comes to securing EMRs, the top concern is around protecting patient information, specifically “electronic Protected Health Information” (ePHI).
The Health Insurance Portability and Accountability Act (HIPAA) was established to address this; it set a national set of minimum security standards for protecting all ePHI under the HIPAA Security Rule.
“There’s more to protect, fewer resources with which to do it, and more change alerts than one person can handle. And yet, many providers are still trying to manage security and compliance for their EMRs manually,” said Tim Erlin, vice president of product management and strategy at Tripwire.
“A manual process will not actually be able to answer a good auditors’ questions. Home-grown scripts are concerning to an auditor; they prefer third party effort. On top of all that, cyberattacks can go undetected if not monitored in real time,” added Erlin.
For healthcare security leaders who need to protect EMR systems, Tripwire provides integrity monitoring and secure configuration management to protect against unauthorized changes. Expanding upon its existing support for EPIC systems, Tripwire’s automated EMR security and compliance solution now supports Cerner and Allscripts systems.
As an extension of Tripwire Enterprise, the EMR solution also alerts users to possible insider threats with capabilities for managing administrative privileges.
Finally, the EMR Security & Compliance helps providers achieve and maintain compliance with HIPAA and NIST 800-(53 & 171) across the entire EMR environment including file systems, AD/LDAP, and databases.
With a comprehensive solution for implementing foundational security controls, healthcare providers can meet their security and compliance needs while maintaining operational excellence and enhancing patient care with more confidence.