Webmedy Home
Signup
Blog
Webmedy Home
Signup
Blog

Mandatory Security Controls for a Successful Healthcare EHR Application

posted on 3 April, 2015 by Webmedy Team
ehr security controls

Data protection and security is the most critical success factor for an electronic health records (EHR) application. Storing health information in electronic form raises concerns about patient privacy and data security. A secure EHR solution must guarantee adequate protection of the confidentiality and integrity of patient information.

While patient information needs to be shared between different stakeholders for providing satisfying care, the sharing of such information should protect personally identifiable information (PII) as it moves through the healthcare system.

For a secure healthcare EHR application, the following security controls need to be in place:

Deterrent controls

These controls are intended to reduce attacks. These should include warnings and signs informing potential attackers that there will be adverse consequences for them if they proceed - such as legal action etc. These controls reduce security threats.

Preventive controls

These controls prevent security breaches. These include authentication and authorization mechanisms and removing software and system vulnerabilities against known attacks.

Detective controls

These controls detect and react to security incidents. These controls include monitoring system wide events, detecting intrusions by matching events against attack patterns, etc.

Corrective controls

Corrective controls correct the security breaches and aim at limiting the damage. These include restoring data from a backup in the event of data loss or corruption, blocking users from access to the system that are suspicious, changing encryption keys and passwords, etc.

Data Protection Controls

Data, both in transit and at rest, needs to be protected. Critical patient information needs to be stored in encrypted form and transmitted in secure connections such as SSL/TLS. The secure connection needs be end-to-end. Data backups also need to be stored in encrypted form.

Back to Blog Home
© 2019 Ardinia Systems Pvt Ltd. All rights reserved.
Privacy Policy|Terms of Use
Webmedy is a product from Ardinia Systems.
Ardinia Home